Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trenderdia


  • This topic is locked This topic is locked
33 replies to this topic

#1 Cheesy142

Cheesy142

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wa
  • Local time:07:43 AM

Posted 23 October 2008 - 11:13 AM

I first posted a topic about this [post="http://www.bleepingcomputer.com/forums/t/175674/trenderdia/"]right here[/post] and after being able to clear up the popup Attached File  popup.jpg   5.4KB   1 downloads
I was told to go here to fix this: I go to google, youtube, photobucket, ect. and the page always says:

"Microsoft Security Center
Alert : Your computer have been attacked by spyware or viruses!
Please download AntiSpyware to fix.

Download AntiSpyware Now"


Here is the hijack this thing:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:16 AM, on 10/23/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Fraps\fraps.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Napster\napster.exe
C:\Windows\ModPS2Key.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\zHotkey.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\InetCntrl\InetCntrl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://travian.us/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5468
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 125.67.67.197 www.yahoo.com
O1 - Hosts: 125.67.67.197 www.google.com
O1 - Hosts: 125.67.67.197 www.myspace.com
O1 - Hosts: 125.67.67.197 www.youtube.com
O1 - Hosts: 125.67.67.197 www.facebook.com
O1 - Hosts: 125.67.67.197 www.live.com
O1 - Hosts: 125.67.67.197 www.msn.com
O1 - Hosts: 125.67.67.197 www.wikipedia.org
O1 - Hosts: 125.67.67.197 www.ebay.com
O1 - Hosts: 125.67.67.197 www.aol.com
O1 - Hosts: 125.67.67.197 www.craigslist.org
O1 - Hosts: 125.67.67.197 www.blogger.com
O1 - Hosts: 125.67.67.197 www.go.com
O1 - Hosts: 125.67.67.197 www.amazon.com
O1 - Hosts: 125.67.67.197 www.cnn.com
O1 - Hosts: 125.67.67.197 espn.go.com
O1 - Hosts: 125.67.67.197 www.espn.com
O1 - Hosts: 125.67.67.197 www.photobucket.com
O1 - Hosts: 125.67.67.197 www.comcast.net
O1 - Hosts: 125.67.67.197 www.imdb.com
O1 - Hosts: 125.67.67.197 www.wordpress.com
O1 - Hosts: 125.67.67.197 www.nytimes.com
O1 - Hosts: 125.67.67.197 www.weather.com
O1 - Hosts: 125.67.67.197 www.ask.com
O1 - Hosts: 125.67.67.197 www.aim.com
O1 - Hosts: 125.67.67.197 www.apple.com
O1 - Hosts: 125.67.67.197 www.mapquest.com
O1 - Hosts: 125.67.67.197 www.youporn.com
O1 - Hosts: 125.67.67.197 www.fastclick.com
O1 - Hosts: 125.67.67.197 www.pornhub.com
O1 - Hosts: 125.67.67.197 www.rapidshare.com
O1 - Hosts: 125.67.67.197 www.pogo.com
O1 - Hosts: 125.67.67.197 www.redtube.com
O1 - Hosts: 125.67.67.197 www.doubleclick.com
O1 - Hosts: 125.67.67.197 www.att.com
O1 - Hosts: 125.67.67.197 www.adobe.com
O1 - Hosts: 125.67.67.197 www.vnn.com
O1 - Hosts: 125.67.67.197 www.sportsline.com
O1 - Hosts: 125.67.67.197 www.netflix.com
O1 - Hosts: 125.67.67.197 www.dell.com
O1 - Hosts: 125.67.67.197 www.google.co.uk
O1 - Hosts: 125.67.67.197 www.bbc.co.uk
O1 - Hosts: 125.67.67.197 www.ebay.co.uk
O1 - Hosts: 125.67.67.197 www.bebo.com
O1 - Hosts: 125.67.67.197 www.amazon.co.uk
O1 - Hosts: 125.67.67.197 www.sky.com
O1 - Hosts: 125.67.67.197 www.virginmedia.com
O1 - Hosts: 125.67.67.197 www.aol.co.uk
O1 - Hosts: 125.67.67.197 www.hsbc.co.uk
O1 - Hosts: 125.67.67.197 www.antispyware.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\Windows\system32\InetCntrl\PopupKil\BsafeBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\Windows\system32\InetCntrl\PopupKil\BsafeBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InetCntrl] C:\Windows\system32\InetCntrl\StartInet.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.facebook.com
O15 - Trusted Zone: http://www.yoyogames.com
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12918 bytes


Thanks for the help, :thumbsup:
~Cheesy142

Edited by PropagandaPanda, 23 October 2008 - 03:03 PM.
Removed codebox.


BC AdBot (Login to Remove)

 


#2 Cheesy142

Cheesy142
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wa
  • Local time:07:43 AM

Posted 23 October 2008 - 01:56 PM

Somebody, please help me! :thumbsup:

#3 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 AM

Posted 23 October 2008 - 03:06 PM

Hello Cheesy142.

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.

How to Restore from the ERUNT Backup
Only restore from the backups if instructed to, or you need to do so. You need it if after doing something, your computer will only boot in Safe Mode and you are unable to contact us (or anyone else) for help by other means, or if your computer will not boot into Windows at all.

To restore when booted, navigate to C:\WINDOWS\erdnt (possibly WINNT), choose the folder with the most recent date, and double click ERDNT.EXE. Check all boxes in the restoration options.

To restore from the Recovery Console using the Windows CD:
  • Turn on your machine with the disk in the drive.
  • Type in the number of the Windows installation you want to repair (usually 1), then press Enter.
  • Type in the Administrator password (leave blank if you are unsure what it is or if you do not have one) and press Enter.
  • Type without quotes "cd erdnt" followed by Enter.
  • Type without quotes "dir" followed by Enter. This will list out the available folders, whose names are the date on which the backup was taken in (M)M-DD-YYYY format. Try the most recent dates first.
  • Type without quotes "cd **name of the folder**" followed by Enter.
  • Type without quotes "batch erdnt.con" followed by Enter.
  • Type without quotes "exit" followed by Enter.
  • Remove your CD from the drive and reboot your computer into the restored registry. If you still cannot boot, try again with an earlier restore date.
Reset Hosts File
Some infections will put malicious lines into your hosts files. We will reset your hosts file with HostsXpert.
  • Please down load HostsXpert.zip to your desktop and unzip the contents.
  • A folder named HostsXpert will be created. Open it and run HostsXpert.exe by double clicking it.
  • Click on the botton Make Writeable? .
  • Click Restore Microsoft's Hosts File.
  • Close out of the window.
If you have added modifications to your hosts file, they will need to be re-added

Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click it and select "Run as Administrator". ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
    Posted Image
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Please post back with:
-the ComboFix log
-a new HijackThis log

With Regards,
The Panda

Edited by PropagandaPanda, 23 October 2008 - 04:19 PM.


#4 Cheesy142

Cheesy142
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wa
  • Local time:07:43 AM

Posted 23 October 2008 - 03:52 PM

While ERUNT was creating the folders: It had 2 erors, and it couldnt install 2 of the folders...
Did I do something wrong?

#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 AM

Posted 23 October 2008 - 04:20 PM

Hello.

No, I don't think you did anything wrong. Might be because it's not running with administrative previledges since you are using Vista. You may get those errors after every reboot until it is uninstalled though.

Please ignore the errors and continue.

With Regards,
The Panda

Edited by PropagandaPanda, 23 October 2008 - 04:20 PM.


#6 Cheesy142

Cheesy142
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wa
  • Local time:07:43 AM

Posted 23 October 2008 - 04:47 PM

So, I need to put the cd into my computer and reinstall vista?

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 AM

Posted 23 October 2008 - 04:49 PM

Hello.

No, not yet anyhow. I meant that you may get more error messages from ERUNT. They are safe to ignore. We will uninstall ERUNT when we are done.

The restoration instructions are only if something unexpected happens. In all likelihood, we will not be needing the recovery console.

Please continue with running ComboFix.

With Regards,
The Panda

Edited by PropagandaPanda, 23 October 2008 - 04:50 PM.


#8 Cheesy142

Cheesy142
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wa
  • Local time:07:43 AM

Posted 23 October 2008 - 05:16 PM

Just making sure this was suposed to happen:
downloaded it, double clicked it, a little progress bar poped up and once it filled, a blue screen poped up, it said a few things, than this poped up: Posted Image Do I accept it? if I am suposed to and do, what will it do?

#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 AM

Posted 23 October 2008 - 05:54 PM

Hello.

Yes, you should answer Yes to the prompt.

Since you are using Vista, please right click ComboFix and select run as Administrator instead of double clicking it.

ComboFix is a tool used for removing malware. If you accept the prompt, ComboFix will attempt to install the Windows Recovery Console. It will then proceed to scanning your computer for malware, and if it finds any, attempt to remove it.

The log it creates will help us in the next steps we take.

With Regards,
The Panda

#10 Cheesy142

Cheesy142
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wa
  • Local time:07:43 AM

Posted 23 October 2008 - 06:14 PM

I right click it and this emediately pops up:Posted Image

#11 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 AM

Posted 23 October 2008 - 06:30 PM

Hello.

I right click it and this emediately pops up

Do you mean when you right click ComboFix, or when you select "Run as Administrator"?

ComboFix may stop other processes while it is running.

Does ComboFix still run?

If it won't work, we will try in Safe Mode.

With Regards,
The Panda

#12 Cheesy142

Cheesy142
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wa
  • Local time:07:43 AM

Posted 23 October 2008 - 06:54 PM

When I right click anything on the desktop (other than the desktop itself).
Should I just restart my computer?

Edited by Cheesy142, 23 October 2008 - 06:54 PM.


#13 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 AM

Posted 24 October 2008 - 07:13 AM

Hello.

Yes please do and try to run ComboFix again. Though, by this time, I suspect that your computer is already off.

With Regards,
The Panda

#14 Cheesy142

Cheesy142
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wa
  • Local time:07:43 AM

Posted 24 October 2008 - 12:20 PM

I restarted my computerand I now CAN right click and it works perfectly.
When I restarted it these poped up:Posted Image

Edited by Cheesy142, 24 October 2008 - 12:22 PM.


#15 Cheesy142

Cheesy142
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wa
  • Local time:07:43 AM

Posted 24 October 2008 - 12:33 PM

Combo fix:

ComboFix 08-10-23.08 - boys room 2008-10-24 10:24:10.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1044 [GMT -7:00]
Running from: C:\Users\boys room\Desktop\ComboFix.exe
.
Error: Cfiles.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Windows\system32\x64
D:\Autorun.inf
D:\RECYCLER\autorun.inf
D:\RECYCLER\desktop.ini
D:\RECYCLER\Folder.htt
D:\RECYCLER\info.exe
D:\RECYCLER\protect.ed
D:\RECYCLER\warning.bmp

.
((((((((((((((((((((((((( Files Created from 2008-09-24 to 2008-10-24 )))))))))))))))))))))))))))))))
.

2008-10-23 13:24 . 2008-10-23 13:46 <DIR> d-------- C:\Program Files\ERUNT
2008-10-22 09:26 . 2008-01-29 10:39 184,320 --a------ C:\Windows\System32\InetCntrl0011.dll
2008-10-22 09:26 . 2007-06-04 10:56 67,968 --a------ C:\Windows\System32\drivers\BSafFltr.sys
2008-10-22 09:26 . 2007-06-04 10:56 29,024 --a------ C:\Windows\System32\drivers\bsofrwl.sys
2008-10-21 18:37 . 2008-10-21 18:37 <DIR> d-------- C:\Users\boys room\AppData\Roaming\SUPERAntiSpyware.com
2008-10-21 18:37 . 2008-10-21 18:37 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-10-21 18:37 . 2008-10-21 18:37 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-10-21 18:37 . 2008-10-21 18:37 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-10-21 18:36 . 2008-10-21 18:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-21 13:22 . 2008-10-21 13:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-21 11:03 . 2008-10-21 11:03 <DIR> d-------- C:\Users\boys room\AppData\Roaming\Malwarebytes
2008-10-21 11:03 . 2008-10-21 11:03 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-10-21 11:03 . 2008-10-21 11:03 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-10-21 11:03 . 2008-10-21 13:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-21 11:03 . 2008-10-16 20:25 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-21 11:03 . 2008-10-16 20:25 15,504 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-21 09:07 . 2008-10-21 21:07 <DIR> d-------- C:\Users\boys room\AppData\Roaming\uTorrent
2008-10-21 09:07 . 2008-10-21 09:07 <DIR> d-------- C:\Program Files\uTorrent
2008-10-16 08:54 . 2008-10-16 08:54 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-16 08:54 . 2008-10-16 08:54 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-16 08:54 . 2008-10-16 08:54 <DIR> d-------- C:\Program Files\iTunes
2008-10-16 08:54 . 2008-10-16 08:54 <DIR> d-------- C:\Program Files\iPod
2008-10-14 16:19 . 2008-10-01 18:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-10-14 16:19 . 2008-10-01 20:49 827,392 --a------ C:\Windows\System32\wininet.dll
2008-10-14 16:18 . 2008-09-17 22:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-14 16:18 . 2008-09-17 22:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-14 16:18 . 2008-09-17 19:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-14 16:18 . 2008-08-26 18:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-09 09:14 . 2008-10-09 09:14 <DIR> d-------- C:\Users\boys room\AppData\Roaming\Microsoft Games
2008-10-07 15:32 . 2008-10-24 10:15 <DIR> d-------- C:\Fraps
2008-10-05 15:36 . 2008-10-05 15:36 324 --a------ C:\Windows\game.ini
2008-10-02 16:46 . 2008-10-02 16:46 81,920 --a------ C:\Windows\System32\frapsvid.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 17:23 --------- d---a-w C:\ProgramData\TEMP
2008-10-24 16:46 --------- d-----w C:\Program Files\Digsby
2008-10-23 01:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-10-22 16:05 --------- d-----w C:\Program Files\Java
2008-10-22 04:09 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-21 17:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-15 10:12 --------- d-----w C:\Program Files\Windows Mail
2008-10-15 10:03 --------- d-----w C:\ProgramData\Microsoft Help
2008-10-07 18:20 --------- d-----w C:\Program Files\DVDVideoSoft
2008-10-07 18:20 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-10-05 22:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-04 15:51 --------- d-----w C:\Users\boys room\AppData\Roaming\Digsby
2008-10-01 22:46 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-10-01 22:45 --------- d-----w C:\Program Files\Trials 2 Second Edition
2008-10-01 22:44 --------- d-----w C:\Program Files\Microsoft Games
2008-09-21 06:59 413,696 ----a-w C:\Windows\System32\wrap_oal.dll
2008-09-21 06:59 110,592 ----a-w C:\Windows\System32\OpenAL32.dll
2008-09-17 21:42 --------- d-----w C:\Program Files\QuickTime
2008-09-17 00:30 --------- d-----w C:\Program Files\Safari
2008-09-11 16:03 --------- d-----w C:\Program Files\Bonjour
2008-09-11 16:01 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-10 10:01 --------- d-----w C:\Program Files\Microsoft Works
2008-09-06 05:16 36,864 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2008-09-06 05:16 1,900,544 ----a-w C:\Windows\System32\usbaaplrc.dll
2008-09-05 01:01 --------- d-----w C:\Program Files\Paint.NET
2008-09-03 23:21 --------- d-----w C:\ProgramData\Microsoft Games
2008-09-03 23:16 --------- d-----w C:\Users\boys room\AppData\Roaming\Microsoft Game Studios
2008-09-03 04:01 --------- d-----w C:\ProgramData\HP
2008-09-03 04:01 --------- d-----w C:\Program Files\HP
2008-09-03 03:54 --------- d-----w C:\Program Files\7-Zip
2008-08-29 17:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe
2008-08-29 16:53 61,440 ----a-w C:\Windows\System32\dnssd.dll
2008-08-27 01:43 --------- d-----w C:\Users\boys room\AppData\Roaming\NewSoft
2008-08-26 21:11 --------- d--h--w C:\Program Files\CanonBJ
2008-08-26 20:31 --------- d--h--w C:\ProgramData\CanonBJ
2008-08-25 07:06 --------- d-----w C:\Program Files\Windows Live
2008-08-25 06:03 --------- d-----w C:\Program Files\LEGO Company
2008-08-25 05:59 --------- d-----w C:\Program Files\GameSpy Arcade
2008-08-25 05:53 --------- d-----w C:\Program Files\Canon
2008-08-25 05:40 --------- d-----w C:\Users\boys room\AppData\Roaming\Canon
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-04-04 23:02 174 --sha-w C:\Program Files\desktop.ini
2008-01-11 16:02 32 ----a-r C:\Users\All Users\hash.dat
2008-01-11 16:02 32 ----a-r C:\ProgramData\hash.dat
2008-01-04 19:50 1,420 ----a-w C:\Users\boys room\AppData\Roaming\wklnhst.dat
2008-05-15 22:57 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-05-15 22:57 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-05-15 22:57 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-01-19 07:33 397,312 --sha-w C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe
.

((((((((((((((((((((((((((((( snapshot@2008-10-24_10.13.05.86 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-24 15:46:47 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-24 17:15:04 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-10-24 15:46:47 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-24 17:15:04 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-24 15:57:42 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-24 17:16:42 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-24 17:16:42 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-10-24 15:57:37 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-24 17:16:37 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-10-24 15:58:17 67,142 ----a-w C:\Windows\System32\InetCntrl\Data\userpolicy.bin
+ 2008-10-24 17:18:23 67,142 ----a-w C:\Windows\System32\InetCntrl\Data\userpolicy.bin
- 2008-10-24 15:51:03 101,988 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-24 17:22:10 101,988 ----a-w C:\Windows\System32\perfc009.dat
- 2008-10-24 15:51:03 598,350 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-24 17:22:10 598,350 ----a-w C:\Windows\System32\perfh009.dat
- 2008-10-24 15:58:43 8,410 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2586906720-2871239593-3476299853-1000_UserData.bin
+ 2008-10-24 17:16:52 8,426 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2586906720-2871239593-3476299853-1000_UserData.bin
- 2008-10-24 15:58:42 67,988 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-24 17:16:52 68,154 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-10-24 15:58:41 50,704 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-24 17:16:51 50,736 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"CollaborationHost"="C:\Windows\system32\p2phost.exe" [2008-01-19 192000]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-18 185632]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-03-25 133656]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2006-09-06 323216]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-03-25 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-03-25 166424]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 2348584]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"InetCntrl"="C:\Windows\system32\InetCntrl\StartInet.exe" [2008-01-29 54576]
"ShowWnd"="ShowWnd.exe" [2005-01-27 C:\Windows\ShowWnd.exe]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-28 C:\Windows\RtHDVCpl.exe]
"ModPS2"="ModPS2Key.exe" [2006-11-07 C:\Windows\ModPS2Key.exe]
"CHotkey"="zHotkey.exe" [2006-11-07 C:\Windows\zHotkey.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2007-04-17 40072]

C:\Users\boys room\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Digsby.lnk - C:\Program Files\Digsby\digsby.exe [2008-10-10 137728]
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-03-14 2756608]
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe [2007-09-24 884838]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"VIDC.IV41"= IR41_32.DLL
"midi"= gmidi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AB118704-C114-4797-98B7-1A1B60D606E0}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CCD84490-06C8-47E9-969B-DC853B427210}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{8339E7B2-1811-4D49-AC3F-A624714B8B43}C:\\windows\\system32\\inetcntrl\\inetcntrl.exe"= UDP:C:\windows\system32\inetcntrl\inetcntrl.exe:Bsecure Internet Protection Services - Application
"UDP Query User{61E21E7E-0FE4-41D3-981A-360662A09E48}C:\\windows\\system32\\inetcntrl\\inetcntrl.exe"= TCP:C:\windows\system32\inetcntrl\inetcntrl.exe:Bsecure Internet Protection Services - Application
"TCP Query User{3D36B393-D5C3-4A93-8AEA-7478CF4C8551}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{831C337A-7019-4393-9939-3E6D3B10F838}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{D7962373-E25E-41A0-A145-E537B016BB28}C:\\windows\\system32\\inetcntrl\\inetcntrl.exe"= UDP:C:\windows\system32\inetcntrl\inetcntrl.exe:Bsecure Internet Protection Services - Application
"UDP Query User{C937031D-95B1-4C33-991D-BCFE2F63ED9B}C:\\windows\\system32\\inetcntrl\\inetcntrl.exe"= TCP:C:\windows\system32\inetcntrl\inetcntrl.exe:Bsecure Internet Protection Services - Application
"{1FBCF0B2-2941-4F8D-9B09-1171AE1682EF}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{028F7F2E-D048-4C6F-80EB-6FC0573A91C0}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{EB856A4F-C59D-435C-BEBF-3D2F7D862237}"= UDP:C:\Program Files\Orb Networks\Orb\bin\Orb.exe:Orb
"{03886593-14C8-41E8-BF60-659EE492A1A2}"= TCP:C:\Program Files\Orb Networks\Orb\bin\Orb.exe:Orb
"{84A99438-3E76-45DF-BDCD-2852F479D4A0}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{DF9C0096-3026-4DF4-BB77-6B0AC9AA869B}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{A37EB140-B2D9-4E57-8692-502CAE37A104}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{B35D8A32-7DC0-447F-8442-B4CD59E5BCBE}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{66815DF4-0741-4A59-BB70-C1B49A481D6E}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{41C1BB26-B9CF-469C-AB87-5BC770AB4306}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{37BB880C-D3EE-423D-9F85-120F145CB274}C:\\program files\\orb networks\\orb\\bin\\orb.exe"= UDP:C:\program files\orb networks\orb\bin\orb.exe:Orb Application
"UDP Query User{9DF46657-F97C-40B4-861E-5C7824D20D91}C:\\program files\\orb networks\\orb\\bin\\orb.exe"= TCP:C:\program files\orb networks\orb\bin\orb.exe:Orb Application
"TCP Query User{27D4530A-CDD0-49D2-9388-4E027C6EE441}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{CAD0E175-97E4-493D-8E33-A029EDAF2A97}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"{73AA75FA-56BF-4CB3-BC77-8A56CBE96DD8}"= Disabled:UDP:C:\Users\boys room\AppData\Local\Temp\7zSE92B.tmp\setup\HPZnui01.exe:hpznui01.exe
"{C6D6EEB1-F1DB-45C6-95C0-46C8D6F00A51}"= Disabled:TCP:C:\Users\boys room\AppData\Local\Temp\7zSE92B.tmp\setup\HPZnui01.exe:hpznui01.exe
"{AE9F8DAF-221F-46C2-87DA-3754FAA3C59E}"= Disabled:UDP:C:\Users\boys room\AppData\Local\Temp\7zSE92B.tmp\setup\hponicifs01.exe:hponicifs01.exe
"{D5F9A994-4A25-49A6-ABCE-465CFACFF731}"= Disabled:TCP:C:\Users\boys room\AppData\Local\Temp\7zSE92B.tmp\setup\hponicifs01.exe:hponicifs01.exe
"{1116A541-410E-4571-8623-F60153C2BF8A}"= Disabled:UDP:C:\Users\boys room\AppData\Local\Temp\7zS6270.tmp\setup\HPZnui01.exe:hpznui01.exe
"{D442EB3E-A517-41B6-B596-DE796E0B1AAA}"= Disabled:TCP:C:\Users\boys room\AppData\Local\Temp\7zS6270.tmp\setup\HPZnui01.exe:hpznui01.exe
"{235C435E-6479-427B-A633-54E40561F8A0}"= Disabled:UDP:C:\Users\boys room\AppData\Local\Temp\7zS6270.tmp\setup\hponicifs01.exe:hponicifs01.exe
"{9017D3A3-BF22-41FE-B10F-6959D82E7975}"= Disabled:TCP:C:\Users\boys room\AppData\Local\Temp\7zS6270.tmp\setup\hponicifs01.exe:hponicifs01.exe
"{C45ADF8B-8476-4EBF-8FC7-31BABE1E2171}"= Disabled:UDP:C:\Users\boys room\AppData\Local\Temp\7zS354E.tmp\setup\HPZnui01.exe:hpznui01.exe
"{151DD1EE-B1EE-492F-9790-5B8E500562E1}"= Disabled:TCP:C:\Users\boys room\AppData\Local\Temp\7zS354E.tmp\setup\HPZnui01.exe:hpznui01.exe
"{E71C32DD-2329-45A7-97C2-67BBAEB01DA3}"= Disabled:UDP:C:\Users\boys room\AppData\Local\Temp\7zS354E.tmp\setup\hponicifs01.exe:hponicifs01.exe
"{72E6DCBB-A9FB-4DB5-9CB5-9CE0E7445E0D}"= Disabled:TCP:C:\Users\boys room\AppData\Local\Temp\7zS354E.tmp\setup\hponicifs01.exe:hponicifs01.exe
"{395E0932-414B-48F5-9CC6-E7E1497AB89E}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{A5CA2725-4B0A-4981-B157-E74D52CE9DDD}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{7AE7CE97-9273-40D8-8DF5-D54252EC9452}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{5AE86084-6293-400E-A6CF-A4C50A54D00F}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{6CE4A8FB-7C69-4A2E-8812-7D363FCA8622}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{28762797-A87F-483E-84DA-954B11F8614F}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{7F232E45-8EEF-4C82-AEB9-ACB3F7792A65}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{692E837F-52AA-4C6E-96E4-63DEDE9BFE90}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{E8226242-B1A7-465F-8752-2DB710BEC23B}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{7BED85EC-0F12-4D08-909F-D68DA394A9F5}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{BC830D47-BB25-48CB-A82F-364857B29316}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{19FBE935-6127-467E-90E0-86A7B3C048B6}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{048DAA10-C0C0-4F9E-B259-38C90BDD7A78}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{245173A6-1AE5-43DF-B05A-92459876FA6E}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{828C7FA2-0280-4042-96ED-09691BE50537}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{7556A09B-3943-45B4-B968-C2A98A01DBD7}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{613DEEB4-091E-44F6-9A06-73503B71C7AB}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{F45139BA-100E-44A0-AAFD-EDEF113C2E2E}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{462395F8-CC65-414C-8860-A6AE4E5F8920}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B55FCDFC-6101-4ABF-A8B7-0D6BB401C883}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{7F62F732-589C-421E-B26A-C39486E487D9}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{DA29CB72-156B-4555-A4E2-1532B4098B00}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{710CA6D1-BC72-4680-B667-A976F56D9800}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6B910D4F-B8F8-4913-A002-F7B69657D2E1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{2967EC1E-E63D-4148-BA79-8EA31A41D1CC}C:\\program files\\microsoft games\\halo trial\\halo.exe"= UDP:C:\program files\microsoft games\halo trial\halo.exe:Halo
"UDP Query User{6EA2C177-802F-4211-95AE-DD37B89FE2D6}C:\\program files\\microsoft games\\halo trial\\halo.exe"= TCP:C:\program files\microsoft games\halo trial\halo.exe:Halo
"{B6CC074D-52DC-4A55-9D38-5CB4162B5B1C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D609C52C-01FE-4C8E-B019-C67364B844FD}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{2A3D6A22-90D9-41C6-AE21-296F2186B902}"= TCP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"TCP Query User{0DD6BC7D-69C6-446A-91F8-502EFC205D86}C:\\program files\\digsby\\digsby.exe"= UDP:C:\program files\digsby\digsby.exe:Digsby IM
"UDP Query User{FCC00B60-2A82-43BB-80A5-BA75923326A3}C:\\program files\\digsby\\digsby.exe"= TCP:C:\program files\digsby\digsby.exe:Digsby IM
"TCP Query User{BD51A009-486B-4D78-9872-8D4FF785C515}C:\\program files\\microsoft games\\halo trial\\halo.exe"= UDP:C:\program files\microsoft games\halo trial\halo.exe:Halo
"UDP Query User{3F49EF72-A6B8-47A8-8C33-21301652F4AF}C:\\program files\\microsoft games\\halo trial\\halo.exe"= TCP:C:\program files\microsoft games\halo trial\halo.exe:Halo
"{14B59AC8-C3F8-40FE-B9F4-D3780548EB91}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{7026ADF4-A52D-45D7-BFC3-98A4DCF56FC9}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{DC22C6F9-61AC-412C-A58D-F7FB78B3CBFD}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{37979C82-104B-47C1-B125-61DB1ABE7C13}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"TCP Query User{B88FAAC9-B9BD-42D1-8E79-80207799E41D}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{01668D85-0F3D-4A1F-993C-9DF37039E5A9}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{9E10F03C-C5F8-470A-B786-CE67BFFBBB69}"= UDP:C:\Program Files\Microsoft Games\halo2.exe:Halo 2
"{F3F21462-1257-45D8-9656-3045512F33C7}"= TCP:C:\Program Files\Microsoft Games\halo2.exe:Halo 2
"{4932B121-F7AD-4DFD-834E-E84C152F10BE}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{4A638ACD-625A-4092-8F6B-0876E9965672}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{202CE7F4-664D-4249-8838-5DB4026B4FEE}C:\\program files\\safari\\safari.exe"= UDP:C:\program files\safari\safari.exe:Safari Web Browser
"UDP Query User{DEC20814-1815-4486-8D49-205F14E2D32C}C:\\program files\\safari\\safari.exe"= TCP:C:\program files\safari\safari.exe:Safari Web Browser
"{18F3EE5E-4CD5-4F04-B2B6-5069B48DA8EF}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E22F4D97-28FF-44A2-8BCB-2061AE716687}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{FD1D1B28-3C5E-47BD-8458-0883B55B17DC}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{81047C8E-1EDD-4DAC-AE8B-28B22FBFA399}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{F96C5E45-1D48-4692-B0B3-03FAC20F1BF7}C:\\program files\\digsby\\lib\\digsby-app.exe"= UDP:C:\program files\digsby\lib\digsby-app.exe:Digsby IM
"UDP Query User{4E14CFB7-A730-4909-96E4-A2D5C2AB6AE6}C:\\program files\\digsby\\lib\\digsby-app.exe"= TCP:C:\program files\digsby\lib\digsby-app.exe:Digsby IM

R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\Windows\system32\DRIVERS\WPN111.sys [2005-09-26 362944]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;C:\Windows\system32\DRIVERS\fantom.sys [2006-03-10 39424]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18bf6b10-f82c-11dc-b085-001bb95cc1ed}]
\shell\Setup\command - setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-10-23 C:\Windows\Tasks\Norton Security Scan for boys room.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\boys room\AppData\Roaming\Mozilla\Firefox\Profiles\w7cxne0h.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-24 10:26:53
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

[0] 0x6E006500

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-24 10:28:23
ComboFix-quarantined-files.txt 2008-10-24 17:28:19

Pre-Run: 215,581,757,440 bytes free
Post-Run: 215,545,495,552 bytes free

309 --- E O F --- 2008-10-24 09:22:43


_____________________________________________________________________________________________________________________________



Hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:16 AM, on 10/23/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Fraps\fraps.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Napster\napster.exe
C:\Windows\ModPS2Key.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\zHotkey.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\InetCntrl\InetCntrl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://travian.us/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5468
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 125.67.67.197 www.yahoo.com
O1 - Hosts: 125.67.67.197 www.google.com
O1 - Hosts: 125.67.67.197 www.myspace.com
O1 - Hosts: 125.67.67.197 www.youtube.com
O1 - Hosts: 125.67.67.197 www.facebook.com
O1 - Hosts: 125.67.67.197 www.live.com
O1 - Hosts: 125.67.67.197 www.msn.com
O1 - Hosts: 125.67.67.197 www.wikipedia.org
O1 - Hosts: 125.67.67.197 www.ebay.com
O1 - Hosts: 125.67.67.197 www.aol.com
O1 - Hosts: 125.67.67.197 www.craigslist.org
O1 - Hosts: 125.67.67.197 www.blogger.com
O1 - Hosts: 125.67.67.197 www.go.com
O1 - Hosts: 125.67.67.197 www.amazon.com
O1 - Hosts: 125.67.67.197 www.cnn.com
O1 - Hosts: 125.67.67.197 espn.go.com
O1 - Hosts: 125.67.67.197 www.espn.com
O1 - Hosts: 125.67.67.197 www.photobucket.com
O1 - Hosts: 125.67.67.197 www.comcast.net
O1 - Hosts: 125.67.67.197 www.imdb.com
O1 - Hosts: 125.67.67.197 www.wordpress.com
O1 - Hosts: 125.67.67.197 www.nytimes.com
O1 - Hosts: 125.67.67.197 www.weather.com
O1 - Hosts: 125.67.67.197 www.ask.com
O1 - Hosts: 125.67.67.197 www.aim.com
O1 - Hosts: 125.67.67.197 www.apple.com
O1 - Hosts: 125.67.67.197 www.mapquest.com
O1 - Hosts: 125.67.67.197 www.youporn.com
O1 - Hosts: 125.67.67.197 www.fastclick.com
O1 - Hosts: 125.67.67.197 www.pornhub.com
O1 - Hosts: 125.67.67.197 www.rapidshare.com
O1 - Hosts: 125.67.67.197 www.pogo.com
O1 - Hosts: 125.67.67.197 www.redtube.com
O1 - Hosts: 125.67.67.197 www.doubleclick.com
O1 - Hosts: 125.67.67.197 www.att.com
O1 - Hosts: 125.67.67.197 www.adobe.com
O1 - Hosts: 125.67.67.197 www.vnn.com
O1 - Hosts: 125.67.67.197 www.sportsline.com
O1 - Hosts: 125.67.67.197 www.netflix.com
O1 - Hosts: 125.67.67.197 www.dell.com
O1 - Hosts: 125.67.67.197 www.google.co.uk
O1 - Hosts: 125.67.67.197 www.bbc.co.uk
O1 - Hosts: 125.67.67.197 www.ebay.co.uk
O1 - Hosts: 125.67.67.197 www.bebo.com
O1 - Hosts: 125.67.67.197 www.amazon.co.uk
O1 - Hosts: 125.67.67.197 www.sky.com
O1 - Hosts: 125.67.67.197 www.virginmedia.com
O1 - Hosts: 125.67.67.197 www.aol.co.uk
O1 - Hosts: 125.67.67.197 www.hsbc.co.uk
O1 - Hosts: 125.67.67.197 www.antispyware.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\Windows\system32\InetCntrl\PopupKil\BsafeBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\Windows\system32\InetCntrl\PopupKil\BsafeBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InetCntrl] C:\Windows\system32\InetCntrl\StartInet.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.facebook.com
O15 - Trusted Zone: http://www.yoyogames.com
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12918 bytes

______________________________________________________

There you go!
Thank you for all the quick replies!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users