Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

system dcom shut down + hjt log


  • This topic is locked This topic is locked
18 replies to this topic

#1 tf4ever

tf4ever

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 30 January 2010 - 10:42 AM

hi

My computer started shutting down at some time every time I use it. I get an error tab "System Shutting Down. Shutdown Initiated By NT Authority System" and "DCOM Server Process Launcher Service Terminated Unexpectedly". The computer then shuts down after a 60 second countdown.
I ve been doing some research on bleepingcomputer about what might have cause this problem, apparently it s not malware related.
here s my hjt log can u guys please help me ?

btw Ive just tried the ''start/run/shutdown -a'' and it is working but i don t know if the countdown will come again...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:39, on 2010-01-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAdobePhotoshop Elements 6.0PhotoshopElementsFileAgent.exe
C:WINDOWSehomeehtray.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesHP DigitalMedia ArchiveDMAScheduler.exe
C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe
C:PROGRA~1AVGAVG8avgtray.exe
C:Program FilesAdobePhotoshop Elements 6.0apdproxy.exe
C:WINDOWSarservice.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesCommon FilesPure Networks SharedPlatformnmctxth.exe
C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
C:Program FilesPure NetworksNetwork Magicnmapp.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesSteamSteam.exe
C:Program FilesooVooooVoo.exe
C:Program FilesCommon FilesTeleca SharedCapabilityManager.exe
C:Program FilesVeoh NetworksVeohVeohClient.exe
C:Program FilesMicrosoft ActiveSyncwcescomm.exe
C:Program FilesDNAbtdna.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Program FilesUpdates from HP9972322ProgramUpdates from HP.exe
C:Program FilesWiFiConnectorNintendoWFCReg.exe
C:PROGRA~1MI3AA1~1rapimgr.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:PROGRA~1AVGAVG8avgnsx.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesHPDigital ImagingbinhpqSTE08.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32PnkBstrA.exe
C:WINDOWSsystem32PnkBstrB.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:WINDOWSsystem32PSIService.exe
C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:WINDOWSsystem32Pen_Tablet.exe
C:PROGRA~1AVGAVG8avgemc.exe
C:WINDOWSsystem32WTabletPen_TabletUser.exe
C:WINDOWSsystem32Pen_Tablet.exe
C:Program FilesCommon FilesPure Networks SharedPlatformnmsrvc.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesAVGAVG8avgcsrvx.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:WINDOWSeHomeehmsas.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSsystem32dllhost.exe
C:HPKBDKBD.EXE
C:Program FilesGoogleChromeApplicationchrome.exe
C:Documents and SettingsHP_AdministratorMy DocumentsDownloadsHijackThis.exe
C:Program FilesMozilla Firefoxfirefox.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:Program FilesAVGAVG8ToolbarIEToolbar.dll
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:program filesrealrealplayerrpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:Program FilesWindows LiveFamily Safetyfssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:Program FilesCommon FilesSymantec SharedcoSharedBrowser2.6coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:PROGRA~1COMMON~1SYMANT~1IDSIPSBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:Program FilesMicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:Program FilesAVGAVG8ToolbarIEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:WINDOWSpchealthhelpctrVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USpluginWebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.4.4525.1752swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:Program FilesGoogleGoogle ToolbarComponentfastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:Program FilesWindows LiveToolbarwltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:Program FilesVeoh NetworksVeohPluginsregVeohToolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program FilesCommon FilesSymantec SharedcoSharedBrowser2.6CoIEPlg.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:Program FilesVeoh NetworksVeohWebPlayerVeohIEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:Program FilesAVGAVG8ToolbarIEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:Program FilesWindows LiveToolbarwltcore.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM..Run: [DMAScheduler] "c:Program FilesHP DigitalMedia ArchiveDMAScheduler.exe"
O4 - HKLM..Run: [Recguard] C:WINDOWSSMINSTRECGUARD.EXE
O4 - HKLM..Run: [HPBootOp] "C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe" /run
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [LBTWiz.exe] C:WINDOWSLBTWiz.exe
O4 - HKLM..Run: [Sony Ericsson PC Suite] "C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions
O4 - HKLM..Run: [fssui] "C:Program FilesWindows LiveFamily Safetyfsui.exe" -autorun
O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [TP CfgWiz] "C:Program FilesCommon FilesSymantec SharedOPC{C86EA115-FACD-4aa8-BFA2-398C677D0936}SymCuw.exe" -G:{2D617065-1C52-4240-B5BC-C0AE12157777} -T:Config -REBOOT
O4 - HKLM..Run: [osCheck] "C:Program FilesNorton 360osCheck.exe"
O4 - HKLM..Run: [Adobe Photo Downloader] "C:Program FilesAdobePhotoshop Elements 6.0apdproxy.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [nmctxth] "C:Program FilesCommon FilesPure Networks SharedPlatformnmctxth.exe"
O4 - HKLM..Run: [nmapp] "C:Program FilesPure NetworksNetwork Magicnmapp.exe" -autorun -nosplash
O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 - HKLM..Run: [UserFaultCheck] %systemroot%system32dumprep 0 -u
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKCU..Run: [Steam] "C:Program FilesSteamSteam.exe" -silent
O4 - HKCU..Run: [ooVoo.exe] C:Program FilesooVooooVoo.exe /minimized
O4 - HKCU..Run: [Veoh] "C:Program FilesVeoh NetworksVeohVeohClient.exe" /VeohHide
O4 - HKCU..Run: [H/PC Connection Agent] "C:Program FilesMicrosoft ActiveSyncwcescomm.exe"
O4 - HKCU..Run: [BitTorrent DNA] "C:Program FilesDNAbtdna.exe"
O4 - HKCU..Run: [VeohPlugin] "C:Program FilesVeoh NetworksVeohWebPlayerveohwebplayer.exe"
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [swg] "C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"
O4 - HKUSS-1-5-20..Run: [sogaludefa] Rundll32.exe "C:WINDOWSsystem32rezevime.dll",s (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: Pin.lnk = C:hpbinCLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:hpbincloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:hpbinCLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:hpbincloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:hpbinCLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:hpbincloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O4 - Global Startup: Mises à jour de HP.lnk = C:Program FilesUpdates from HP9972322ProgramUpdates from HP.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:Program FilesWiFiConnectorNintendoWFCReg.exe
O4 - Global Startup: Updates From HP.lnk = C:Program FilesUpdates from HP9972322ProgramUpdates from HP.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:WINDOWSsystem32GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~4OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:Program FilesWindows Live ToolbarComponentsen-camsntabres.dll.mui/229?29b6f84c4d914cac94db8f923f9bb28f
O8 - Extra context menu item: Open in new foreground tab - res://C:Program FilesWindows Live ToolbarComponentsen-camsntabres.dll.mui/230?29b6f84c4d914cac94db8f923f9bb28f
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~4OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:Program FilesYahoo!CommonYinsthelper.dll
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1262015555687
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG8avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll C:WINDOWSsystem32ronihuni.dll c:windowssystem32lojafuyu.dll ozecdm.dll
O20 - Winlogon Notify: avgrsstarter - C:WINDOWSSYSTEM32avgrsstx.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:Program FilesAdobePhotoshop Elements 6.0PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedVAScannercomHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Service Google Update (gupdate1ca2fe3abc1b944) (gupdate1ca2fe3abc1b944) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:Program FilesSymantecLiveUpdateLuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:PROGRA~1MYWEBS~1bar1.binmwssvc.exe (file missing)
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:Program FilesPure NetworksNetwork MagicWebServerbinnmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:Program FilesCommon FilesPure Networks SharedPlatformnmsrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:WINDOWSsystem32GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: OneCare AntiSpyware and AntiVirus (OneCareMP) - Unknown owner - C:Program FilesMicrosoft Windows OneCare LiveAntivirusMsMpEng.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:WINDOWSsystem32PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:WINDOWSsystem32PSIService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:WINDOWSsystem32Pen_Tablet.exe

--
End of file - 21208 bytes

those are the DDS logs

there s the 1st one


DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Administrator at 10:56:40,81 on 2010-01-30
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.953 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
C:WINDOWSsystem32svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
svchost.exe
C:Program FilesAdobePhotoshop Elements 6.0PhotoshopElementsFileAgent.exe
C:WINDOWSehomeehtray.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesHP DigitalMedia ArchiveDMAScheduler.exe
C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe
C:PROGRA~1AVGAVG8avgtray.exe
C:Program FilesAdobePhotoshop Elements 6.0apdproxy.exe
C:WINDOWSarservice.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesCommon FilesPure Networks SharedPlatformnmctxth.exe
C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
C:Program FilesPure NetworksNetwork Magicnmapp.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesSteamSteam.exe
C:Program FilesooVooooVoo.exe
C:Program FilesCommon FilesTeleca SharedCapabilityManager.exe
C:Program FilesVeoh NetworksVeohVeohClient.exe
C:Program FilesMicrosoft ActiveSyncwcescomm.exe
C:Program FilesDNAbtdna.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Program FilesUpdates from HP9972322ProgramUpdates from HP.exe
C:Program FilesWiFiConnectorNintendoWFCReg.exe
C:PROGRA~1MI3AA1~1rapimgr.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:PROGRA~1AVGAVG8avgnsx.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesHPDigital ImagingbinhpqSTE08.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32PnkBstrA.exe
C:WINDOWSsystem32PnkBstrB.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:WINDOWSsystem32PSIService.exe
C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
svchost.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:Program FilesGoogleChromeApplicationchrome.exe
C:WINDOWSsystem32Pen_Tablet.exe
C:PROGRA~1AVGAVG8avgemc.exe
C:WINDOWSsystem32WTabletPen_TabletUser.exe
C:WINDOWSsystem32Pen_Tablet.exe
C:Program FilesCommon FilesPure Networks SharedPlatformnmsrvc.exe
C:Program FilesAVGAVG8avgcsrvx.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:WINDOWSeHomeehmsas.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSsystem32dllhost.exe
C:HPKBDKBD.EXE
C:Program FilesGoogleChromeApplicationchrome.exe
c:windowssystemhpsysdrv.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:Program FilesJavajre1.5.0_06binjusched.exe
C:Documents and SettingsHP_AdministratorMy DocumentsDownloadsdds.scr
C:WINDOWSsystem32notepad.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=64&bd=PAVILION&pf=desktop
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg8toolbarIEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:program filesyahoo!companioninstallscpnyt.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg8toolbarIEToolbar.dll
mWinlogon: SFCDisable=-99 (0xffffff9d)
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:program filesyahoo!companioninstallscpnyt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:program filesskypetoolbarsinternet explorerSkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:program filesrealrealplayerrpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg8avgssie.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:program fileswindows livefamily safetyfssbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:progra~1spybot~1SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:program filescommon filessymantec sharedcosharedbrowser2.6coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:progra~1common~1symant~1idsIPSBHO.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:program filesmicrosoftsearch enhancement packsearch helperSEPsearchhelperie.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg8toolbarIEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:windowspchealthhelpctrvendorscn=hewlett-packard,l=cupertino,s=ca,c=uspluginWebHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:program filesgooglegoogletoolbarnotifier5.4.4525.1752swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:program filesgooglegoogle toolbarcomponentfastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:program fileswindows livetoolbarwltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:program filesyahoo!companioninstallscpnyt.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:program filesveoh networksveohpluginsregVeohToolbar.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:program filescommon filessymantec sharedcosharedbrowser2.6CoIEPlg.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:program filesveoh networksveohwebplayerVeohIEToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:program filesavgavg8toolbarIEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:program fileswindows livetoolbarwltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: SpamBlockerUtility Information Window: {2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} - c:program filesspamblockerutilitybin10.2.203.0HostIE.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:progra~1micros~4office11REFIEBAR.DLL
uRun: [Steam] "c:program filessteamSteam.exe" -silent
uRun: [ooVoo.exe] c:program filesoovooooVoo.exe /minimized
uRun: [Veoh] "c:program filesveoh networksveohVeohClient.exe" /VeohHide
uRun: [<NO NAME>]
uRun: [H/PC Connection Agent] "c:program filesmicrosoft activesyncwcescomm.exe"
uRun: [BitTorrent DNA] "c:program filesdnabtdna.exe"
uRun: [VeohPlugin] "c:program filesveoh networksveohwebplayerveohwebplayer.exe"
uRun: [SpybotSD TeaTimer] c:program filesspybot - search & destroyTeaTimer.exe
uRun: [swg] "c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe"
mRun: [ehTray] c:windowsehomeehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [DMAScheduler] "c:program fileshp digitalmedia archiveDMAScheduler.exe"
mRun: [Recguard] c:windowssminstRECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:program fileshewlett-packardhp boot optimizerHPBootOp.exe" /run
mRun: [NvMediaCenter] RUNDLL32.EXE c:windowssystem32NvMcTray.dll,NvTaskbarInit
mRun: [LBTWiz.exe] c:windowsLBTWiz.exe
mRun: [Sony Ericsson PC Suite] "c:program filessony ericssonmobile2application launcherApplication Launcher.exe" /startoptions
mRun: [fssui] "c:program fileswindows livefamily safetyfsui.exe" -autorun
mRun: [AVG8_TRAY] c:progra~1avgavg8avgtray.exe
mRun: [ccApp] "c:program filescommon filessymantec sharedccApp.exe"
mRun: [TP CfgWiz] "c:program filescommon filessymantec sharedopc{c86ea115-facd-4aa8-bfa2-398c677d0936}SymCuw.exe" -G:{2D617065-1C52-4240-B5BC-C0AE12157777} -T:Config -REBOOT
mRun: [osCheck] "c:program filesnorton 360osCheck.exe"
mRun: [Adobe Photo Downloader] "c:program filesadobephotoshop elements 6.0apdproxy.exe"
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 9.0readerReader_sl.exe"
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [nmctxth] "c:program filescommon filespure networks sharedplatformnmctxth.exe"
mRun: [nmapp] "c:program filespure networksnetwork magicnmapp.exe" -autorun -nosplash
mRun: [ISUSPM Startup] c:progra~1common~1instal~1update~1ISUSPM.exe -startup
mRun: [UserFaultCheck] %systemroot%system32dumprep 0 -u
mRun: [TkBellExe] "c:program filescommon filesrealupdate_obrealsched.exe" -osboot
StartupFolder: c:docume~1alluse~1startm~1programsstartuphpdigi~1.lnk - c:program fileshpdigital imagingbinhpqtra08.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupmisesj~1.lnk - c:program filesupdates from hp9972322programUpdates from HP.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartuprunnin~1.lnk - c:program fileswificonnectorNintendoWFCReg.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupupdate~1.lnk - c:program filesupdates from hp9972322programUpdates from HP.exe
IE: &Search
IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:progra~1micros~4office11EXCEL.EXE/3000
IE: Open in new background tab - c:program fileswindows live toolbarcomponentsen-camsntabres.dll.mui/229?29b6f84c4d914cac94db8f923f9bb28f
IE: Open in new foreground tab - c:program fileswindows live toolbarcomponentsen-camsntabres.dll.mui/230?29b6f84c4d914cac94db8f923f9bb28f
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:windowspchealthhelpctrvendorscn=hewlett-packard,l=cupertino,s=ca,c=usiebuttonsupport.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program fileswindows livewriterWriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:progra~1mi3aa1~1INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:progra~1mi3aa1~1INetRepl.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:program filesskypetoolbarsinternet explorerSkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:program filesskypetoolbarsinternet explorerSkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~4office11REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:progra~1spybot~1SDHelper.dll
Trusted Zone: trymedia.com
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:program filesyahoo!commonYinsthelper.dll
DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262015555687
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg8avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:program filescommon filespure networks sharedplatformpuresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:progra~1common~1skypeSKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: avgrsstx.dll c:windowssystem32ronihuni.dll c:windowssystem32lojafuyu.dll ozecdm.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
LSA: Notification Packages = scecli c:windowssystem32ronihuni.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:docume~1hp_adm~1applic~1mozillafirefoxprofiles5o11c68u.default
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:documents and settingshp_administratorapplication datamozillafirefoxprofiles5o11c68u.defaultextensions{a7c6cf7f-112c-4500-a7ea-39801a327e5f}platformwinnt_x86-msvccomponentsipc.dll
FF - component: c:program filesavgavg8firefoxcomponentsavgssff.dll
FF - component: c:program filesavgavg8toolbarfirefoxavg@igearedcomponentsIGeared_tavgp_xputils2.dll
FF - component: c:program filesavgavg8toolbarfirefoxavg@igearedcomponentsIGeared_tavgp_xputils3.dll
FF - component: c:program filesavgavg8toolbarfirefoxavg@igearedcomponentsIGeared_tavgp_xputils35.dll
FF - component: c:program filesavgavg8toolbarfirefoxavg@igearedcomponentsxpavgtbapi.dll
FF - component: c:program filesrealrealplayerbrowserrecordfirefoxextcomponentsnprpffbrowserrecordext.dll
FF - plugin: c:documents and settingshp_administratorapplication datamozillafirefoxprofiles5o11c68u.defaultextensions{e2883e8f-472f-4fb0-9522-ac9bf37916a7}pluginsnp_gp.dll
FF - plugin: c:program filesgooglepicasa3npPicasa3.dll
FF - plugin: c:program filesgoogleupdate1.2.183.13npGoogleOneClick8.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpbittorrent.dll
FF - plugin: c:program filesveoh networksveohpluginsnoregNPVeohVersion.dll
FF - plugin: c:program filesveoh networksveohwebplayerNPVeohTVPlugin.dll
FF - plugin: c:program filesveoh networksveohwebplayernpWebPlayerVideoPluginATL.dll
FF - plugin: c:program fileswindows livephoto galleryNPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [2008-11-18 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:windowssystem32driversavgmfx86.sys [2008-11-18 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:windowssystem32driversavgtdix.sys [2008-11-18 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:progra~1avgavg8avgemc.exe [2008-11-18 908056]
R2 avg8wd;AVG Free8 WatchDog;c:progra~1avgavg8avgwdsvc.exe [2008-11-18 297752]
R2 ccEvtMgr;Symantec Event Manager;c:program filescommon filessymantec sharedccSvcHst.exe [2008-2-18 149352]
R2 ccSetMgr;Symantec Settings Manager;c:program filescommon filessymantec sharedccSvcHst.exe [2008-2-18 149352]
R2 fssfltr;FssFltr;c:windowssystem32driversfssfltr_tdi.sys [2009-3-31 54752]
R2 LiveUpdate Notice;LiveUpdate Notice;c:program filescommon filessymantec sharedccSvcHst.exe [2008-2-18 149352]
R2 McrdSvc;Media Center Extender Service;c:windowsehomemcrdsvc.exe [2005-8-5 99328]
R2 TabletServicePen;TabletServicePen;c:windowssystem32Pen_Tablet.exe [2009-3-18 1373480]
R3 NAVENG;NAVENG;c:progra~1common~1symant~1virusd~120080213.036NAVENG.SYS [2009-1-28 82256]
R3 NAVEX15;NAVEX15;c:progra~1common~1symant~1virusd~120080213.036NAVEX15.SYS [2009-1-28 895312]
R3 Symantec Core LC;Symantec Core LC;c:program filescommon filessymantec sharedccpd-lcsymlcsvc.exe [2006-11-18 1245064]
S2 gupdate1ca2fe3abc1b944;Service Google Update (gupdate1ca2fe3abc1b944);c:program filesgoogleupdateGoogleUpdate.exe [2009-9-7 133104]
S2 MyWebSearchService;My Web Search Service;c:progra~1mywebs~1bar1.binmwssvc.exe --> c:progra~1mywebs~1bar1.binmwssvc.exe [?]
S3 fsssvc;Service Windows Live Contrôle parental;c:program fileswindows livefamily safetyfsssvc.exe [2009-8-5 704864]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:windowssystem32driversk510bus.sys [2007-12-31 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:windowssystem32driversk510mdfl.sys [2007-12-31 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:windowssystem32driversk510mdm.sys [2007-12-31 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:windowssystem32driversk510mgmt.sys [2007-12-31 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:windowssystem32driversk510obex.sys [2007-12-31 83344]
S3 MBAMSwissArmy;MBAMSwissArmy;c:windowssystem32driversmbamswissarmy.sys [2009-2-4 38224]
S3 MpFilter;Microsoft Malware Protection Driver;c:windowssystem32driversMpFilter.sys [2007-3-30 67784]
S3 npggsvc;nProtect GameGuard Service;c:windowssystem32gamemon.des -service --> c:windowssystem32GameMon.des -service [?]
S3 XDva016;XDva016;??c:windowssystem32xdva016.sys --> c:windowssystem32XDva016.sys [?]

=============== Created Last 30 ================

2010-01-23 03:40:58 0 d-----w- c:program filesCCleaner
2010-01-17 03:05:10 0 d-----w- c:program filesPure Networks
2010-01-17 03:04:17 23992 ----a-w- c:windowssystem32driverspnarp.sys
2010-01-17 03:04:11 25272 ----a-w- c:windowssystem32driverspurendis.sys
2010-01-17 03:04:05 0 d-----w- c:program filescommon filesPure Networks Shared
2010-01-16 13:52:38 0 ----a-w- c:windowssystem329741.exe
2010-01-16 13:32:37 0 ----a-w- c:windowssystem328723.exe
2010-01-16 13:12:37 0 ----a-w- c:windowssystem3212859.exe
2010-01-16 12:52:36 0 ----a-w- c:windowssystem3220037.exe
2010-01-16 12:32:35 0 ----a-w- c:windowssystem3232757.exe
2010-01-16 12:12:35 0 ----a-w- c:windowssystem3232662.exe
2010-01-16 11:52:33 0 ----a-w- c:windowssystem3227644.exe
2010-01-16 11:32:33 0 ----a-w- c:windowssystem3225547.exe
2010-01-16 11:12:32 0 ----a-w- c:windowssystem326868.exe
2010-01-16 10:52:32 0 ----a-w- c:windowssystem3228253.exe
2010-01-16 10:32:31 0 ----a-w- c:windowssystem327711.exe
2010-01-16 10:12:31 0 ----a-w- c:windowssystem3215141.exe
2010-01-16 09:52:30 0 ----a-w- c:windowssystem324664.exe
2010-01-16 09:32:30 0 ----a-w- c:windowssystem3217673.exe
2010-01-16 09:12:29 0 ----a-w- c:windowssystem3230333.exe
2010-01-16 08:52:29 0 ----a-w- c:windowssystem3231322.exe
2010-01-16 08:32:28 0 ----a-w- c:windowssystem3223811.exe
2010-01-16 08:12:28 0 ----a-w- c:windowssystem3228703.exe
2010-01-16 07:52:27 0 ----a-w- c:windowssystem329894.exe
2010-01-16 07:32:27 0 ----a-w- c:windowssystem3217035.exe
2010-01-16 07:12:26 0 ----a-w- c:windowssystem3226299.exe
2010-01-16 06:52:26 0 ----a-w- c:windowssystem3225667.exe
2010-01-16 06:32:25 0 ----a-w- c:windowssystem3219912.exe
2010-01-16 06:12:25 0 ----a-w- c:windowssystem321869.exe
2010-01-16 05:52:24 0 ----a-w- c:windowssystem3211538.exe
2010-01-16 05:32:24 0 ----a-w- c:windowssystem3214771.exe
2010-01-16 05:12:23 0 ----a-w- c:windowssystem3221726.exe
2010-01-16 04:52:22 0 ----a-w- c:windowssystem325447.exe
2010-01-16 04:32:22 0 ----a-w- c:windowssystem3219895.exe
2010-01-16 04:12:21 0 ----a-w- c:windowssystem3219718.exe
2010-01-16 03:52:20 0 ----a-w- c:windowssystem3218716.exe
2010-01-16 03:32:19 0 ----a-w- c:windowssystem3217421.exe
2010-01-16 03:12:18 0 ----a-w- c:windowssystem3212382.exe
2010-01-16 02:52:18 0 ----a-w- c:windowssystem32292.exe
2010-01-16 02:32:17 0 ----a-w- c:windowssystem32153.exe
2010-01-15 23:30:27 0 ----a-w- c:windowssystem329961.exe
2010-01-15 23:10:27 0 ----a-w- c:windowssystem3216827.exe
2010-01-15 22:50:26 0 ----a-w- c:windowssystem3223281.exe
2010-01-15 22:30:26 0 ----a-w- c:windowssystem3228145.exe
2010-01-15 22:10:26 0 ----a-w- c:windowssystem325705.exe
2010-01-15 21:50:25 0 ----a-w- c:windowssystem3224464.exe
2010-01-15 21:30:25 0 ----a-w- c:windowssystem3226962.exe
2010-01-15 21:10:24 0 ----a-w- c:windowssystem3229358.exe
2010-01-15 20:50:24 0 ----a-w- c:windowssystem3211478.exe
2010-01-15 20:30:23 0 ----a-w- c:windowssystem3215724.exe
2010-01-15 20:10:23 0 ----a-w- c:windowssystem3219169.exe
2010-01-15 19:50:22 0 ----a-w- c:windowssystem3226500.exe
2010-01-15 19:30:22 0 ----a-w- c:windowssystem326334.exe
2010-01-15 19:10:21 0 ----a-w- c:windowssystem3218467.exe
2010-01-15 18:53:53 172032 ----a-w- c:windowsocopiriq.dll

2010-01-15 18:50:04 16 ----a-w- c:docume~1hp_adm~1applic~1mvhgkr.dat
2009-12-31 19:09:16 0 d-----w- c:program filesSpybot - Search & Destroy
2009-12-31 19:09:16 0 d-----w- c:docume~1alluse~1applic~1Spybot - Search & Destroy

==================== Find3M ====================

2010-01-25 13:37:26 95360 ----a-w- c:windowssystem32driversatapi.sys
2010-01-25 13:37:26 95360 ----a-w- c:windowssystem32dllcacheatapi.sys
2010-01-07 21:07:14 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:windowssystem32driversmbam.sys
2009-11-21 16:36:13 470528 ----a-w- c:windowssystem32dllcacheaclayers.dll
2009-11-13 00:06:38 0 ----a-w- c:docume~1hp_adm~1applic~1wklnhst.dat
2004-07-22 14:51:34 3432656 ----a-w- c:program filesManagedDX.CAB
2004-07-20 02:58:36 1156363 ----a-w- c:program filesBDANT.cab
2004-07-20 02:53:26 976020 ----a-w- c:program filesBDAXP.cab
2004-07-09 18:17:16 13265040 ----a-w- c:program filesdxnt.cab
2004-07-09 13:13:48 15493481 ----a-w- c:program filesDirectX.cab
2004-07-09 13:13:46 703080 ----a-w- c:program filesBDA.cab
2004-07-09 08:08:36 472576 ----a-w- c:program filesdxsetup.exe
2004-07-09 08:08:34 2242560 ----a-w- c:program filesdsetup32.dll
2004-07-09 07:03:10 62976 ----a-w- c:program filesDSETUP.dll

============= FINISH: 10:58:30,75 ===============


and this is the last one the ''ATTACH''




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: DeviceHarddiskVolume1
Install Date: 2007-01-31 19:48:34
System Uptime: 2010-01-30 10:30:17 (0 hours ago)

Motherboard: ASUSTek Computer INC. | | NODUSM3
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4600+ | Socket AM2 | 2405/200mhz
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4600+ | Socket AM2 | 2405/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 224 GiB total, 130,991 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0,617 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP898: 2009-10-24 20:54:52 - Installed Pure Networks Platform
RP899: 2009-10-24 20:58:06 - Installed Network Magic
RP900: 2009-10-25 21:26:33 - System Checkpoint
RP901: 2009-10-27 01:37:05 - System Checkpoint
RP902: 2009-10-28 07:55:38 - System Checkpoint
RP903: 2009-10-28 13:11:54 - Installed SUPERAntiSpyware Free Edition
RP904: 2009-10-29 16:29:54 - System Checkpoint
RP905: 2009-10-30 19:53:10 - System Checkpoint
RP906: 2009-10-31 20:38:28 - System Checkpoint
RP907: 2009-11-01 20:42:15 - System Checkpoint
RP908: 2009-11-02 21:25:48 - System Checkpoint
RP909: 2009-11-03 09:06:40 - Avg8 Update
RP910: 2009-11-04 09:08:52 - System Checkpoint
RP911: 2009-11-05 04:00:18 - Software Distribution Service 3.0
RP912: 2009-11-06 04:25:45 - System Checkpoint
RP913: 2009-11-06 10:28:31 - Avg8 Update
RP914: 2009-11-07 13:46:13 - System Checkpoint
RP915: 2009-11-08 14:35:13 - System Checkpoint
RP916: 2009-11-09 17:19:23 - System Checkpoint
RP917: 2009-11-10 18:39:47 - System Checkpoint
RP918: 2009-11-11 03:00:24 - Software Distribution Service 3.0
RP919: 2009-11-12 03:45:27 - System Checkpoint
RP920: 2009-11-13 21:50:55 - Installed DirectX
RP921: 2009-11-14 22:28:05 - System Checkpoint
RP922: 2009-11-15 03:00:16 - Software Distribution Service 3.0
RP923: 2009-11-16 11:00:47 - System Checkpoint
RP924: 2009-11-18 22:55:32 - System Checkpoint
RP925: 2009-11-19 23:45:34 - System Checkpoint
RP926: 2009-11-21 00:43:35 - System Checkpoint
RP927: 2009-11-22 20:50:48 - System Checkpoint
RP928: 2009-11-24 07:39:11 - System Checkpoint
RP929: 2009-11-25 11:01:36 - Avg8 Update
RP930: 2009-11-26 04:06:17 - Software Distribution Service 3.0
RP931: 2009-11-27 09:22:33 - System Checkpoint
RP932: 2009-11-29 12:13:49 - System Checkpoint
RP933: 2009-11-30 12:24:33 - System Checkpoint
RP934: 2009-12-01 17:42:08 - System Checkpoint
RP935: 2009-12-02 20:38:05 - System Checkpoint
RP936: 2009-12-04 09:01:40 - System Checkpoint
RP937: 2009-12-05 09:10:51 - System Checkpoint
RP938: 2009-12-07 07:53:58 - Removed WarRock
RP939: 2009-12-08 08:01:20 - System Checkpoint
RP940: 2009-12-09 05:34:01 - Software Distribution Service 3.0
RP941: 2009-12-10 08:00:10 - Avg8 Update
RP942: 2009-12-11 13:54:09 - Avg8 Update
RP943: 2009-12-11 13:54:57 - Avg8 Update
RP944: 2009-12-12 17:01:33 - System Checkpoint
RP945: 2009-12-13 17:06:26 - System Checkpoint
RP946: 2009-12-14 18:36:11 - System Checkpoint
RP947: 2009-12-15 18:45:15 - System Checkpoint
RP948: 2009-12-16 21:25:41 - System Checkpoint
RP949: 2009-12-18 08:13:41 - System Checkpoint
RP950: 2009-12-20 00:30:53 - Software Distribution Service 3.0
RP951: 2009-12-21 08:34:04 - System Checkpoint
RP952: 2009-12-22 10:29:29 - Avg8 Update
RP953: 2009-12-23 22:56:29 - Restore Operation
RP954: 2009-12-24 00:26:46 - Avg8 Update
RP955: 2009-12-24 00:27:56 - Avg8 Update
RP956: 2009-12-25 00:55:50 - System Checkpoint
RP957: 2009-12-26 08:02:00 - System Checkpoint
RP958: 2009-12-27 09:36:12 - System Checkpoint
RP959: 2009-12-27 16:40:27 - Installé Java™ 6 Update 17
RP960: 2009-12-28 09:50:26 - Avg8 Update
RP961: 2009-12-28 11:09:47 - Software Distribution Service 3.0
RP962: 2009-12-28 16:15:56 - Software Distribution Service 3.0
RP963: 2009-12-28 20:46:58 - Software Distribution Service 3.0
RP964: 2009-12-29 19:17:30 - Software Distribution Service 3.0
RP965: 2009-12-30 20:36:32 - System Checkpoint
RP966: 2010-01-04 06:31:48 - Avg8 Update
RP967: 2010-01-04 17:53:50 - Installed DirectX
RP968: 2010-01-06 10:39:55 - System Checkpoint
RP969: 2010-01-07 10:42:18 - System Checkpoint
RP970: 2010-01-08 15:45:53 - System Checkpoint
RP971: 2010-01-09 09:20:18 - Software Distribution Service 3.0
RP972: 2010-01-09 09:26:37 - Software Distribution Service 3.0
RP973: 2010-01-10 10:03:58 - System Checkpoint
RP974: 2010-01-11 10:11:09 - System Checkpoint
RP975: 2010-01-12 17:17:39 - System Checkpoint
RP976: 2010-01-12 23:04:35 - Software Distribution Service 3.0
RP977: 2010-01-14 17:33:05 - System Checkpoint
RP978: 2010-01-16 22:01:14 - Installed Pure Networks Platform
RP979: 2010-01-16 22:05:08 - Installed Network Magic
RP980: 2010-01-16 22:28:48 - Software Distribution Service 3.0
RP981: 2010-01-16 22:33:18 - Software Distribution Service 3.0
RP982: 2010-01-18 08:13:11 - Software Distribution Service 3.0
RP983: 2010-01-21 08:39:42 - System Checkpoint
RP984: 2010-01-22 18:25:20 - System Checkpoint
RP985: 2010-01-23 14:54:19 - Software Distribution Service 3.0
RP986: 2010-01-25 08:40:40 - System Checkpoint

==== Installed Programs ======================

Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 6.0
Adobe Reader 9.1.3 - Français
Adobe Shockwave Player 11
AiO_Scan_CDA
AiOSoftwareNPI
AppCore
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArtRage 2
Assistant de connexion Windows Live
AutoUpdate
AVG Free 8.5
AviSynth 2.5
Backup
Battlefield 2™
BitTorrent
Bonjour
BufferChm
ccCommon
CCleaner
Chinese Simplified Fonts Support For Adobe Reader 9
Collab
Color Efex Pro 3.0 Wacom Edition 3
Compatibility Pack for the 2007 Office system
Corel Painter Essentials 4
Counter-Strike: Source
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
CustomerResearchQFolder
Data Fax SoftModem with SmartCP
Day of Defeat: Source
Destinations
Disc2Phone
DISCover
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DNA
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
eSupportQFolder
F300
F300_Help
Fax_CDA
FullDPAppQFolder
Galerie de photos Windows Live
GamersFirst LIVE!
GearDrvs
GemMaster Mystic
Google Chrome
Google SketchUp 6
Google Toolbar for Internet Explorer
Google Update Helper
Guitar Hero III
Half-Life 2: Lost Coast
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
HP Boot Optimizer
HP Customer Participation Program 7.0
HP DigitalMedia Archive
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Product Assistant
HP Solution Center 7.0
HP Update
HP Web Helper
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
Installation Windows Live
InstantShareDevices
InstantShareDevicesMFC
iTunes
J2SE Runtime Environment 5.0 Update 6
Japanese Fonts Support For Adobe Reader 9
Java™ 6 Update 17
Junk Mail filter update
LightScribe 1.4.113.1
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Magnard Vuibert Multimédia - Je prépare mon Bac
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
MarketResearch
MetaFrame Presentation Server Client
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Away Mode
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator X Demo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003 60 days trial
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Works
Mozilla Firefox (3.5.7)
MSN
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
My HP Games
Network Magic
NewCopy_CDA
Nintendo Wi-Fi USB Connector Registration Tool
Norton 360
Norton Confidential Core
NVIDIA Drivers
OneCare Advisor (Windows Live Toolbar)
ooVoo
openCanvas4.5.17e Plus
OptionalContentQFolder
Otto
PC-Doctor 5 for Windows
Pen Tablet
PhotoGallery
Picasa 3
Popup Blocker (Windows Live Toolbar)
ProductContextNPI
Pure Networks Platform
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RandMap
Readme
RealPlayer
Realtek High Definition Audio Driver
Remove WeatherBug Installer
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung Samples Installer
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Segoe UI
SkinsHP1
Skype web features
Skypeâ„¢ 4.1
SlideShow
SlideShowMusic
Smart Menus (Windows Live Toolbar)
SmartDraw 2009
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Sony Ericsson PC Suite 1.20.173
SopCast 1.1.1
Spybot - Search & Destroy
SSH Secure Shell
Status
Steam™
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
Symantec Technical Support Web Controls
SymNet
Tabbed Browsing (Windows Live Toolbar)
Tap'Touche 5 démo
Toolbox
TrayApp
ubi.com
Unload
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
Utilitaire de configuration iPhone
Ventrilo Client
Veoh Web Player
VeohTV BETA
WarRock
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8 Release Candidate 1
Windows Live Call
Windows Live Communications Platform
Windows Live Contrôle parental
Windows Live Favorites for Windows Live Toolbar
Windows Live FolderShare
Windows Live Mail
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
WinRAR archiver
Xbox 360 Controller for Windows
Yahoo! Install Manager
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer
YouTube Downloader App 1.03

==== Event Viewer Messages From Past Week ========

2010-01-30 00:40:04, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG Free8 E-mail Scanner service to connect.
2010-01-30 00:40:04, error: Service Control Manager [7000] - The AVG Free8 E-mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2010-01-29 20:38:08, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WebClient service to connect.
2010-01-29 20:38:08, error: Service Control Manager [7000] - The WebClient service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2010-01-28 20:33:59, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ARSVC service to connect.
2010-01-28 20:33:59, error: Service Control Manager [7000] - The ARSVC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2010-01-24 23:16:10, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
2010-01-24 23:16:10, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2010-01-23 14:29:46, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2010-01-23 14:29:45, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
2010-01-23 14:29:18, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
2010-01-23 12:09:47, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
2010-01-23 12:09:47, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2010-01-23 12:05:12, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
2010-01-23 12:02:20, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: szkg
2010-01-23 12:02:15, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Adobe Active File Monitor V6 service to connect.
2010-01-23 12:02:15, error: Service Control Manager [7000] - The OneCare AntiSpyware and AntiVirus service failed to start due to the following error: The system cannot find the path specified.
2010-01-23 12:02:15, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the file specified.
2010-01-23 12:02:15, error: Service Control Manager [7000] - The My Web Search Service service failed to start due to the following error: The system cannot find the path specified.
2010-01-23 12:02:15, error: Service Control Manager [7000] - The Adobe Active File Monitor V6 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2010-01-23 11:58:23, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
2010-01-23 11:58:23, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
2010-01-23 11:58:09, error: Dhcp [1002] - The IP address lease 192.168.10.102 for the Network Card with network address 0018F3F13E66 has been denied by the DHCP server 192.168.10.1 (The DHCP Server sent a DHCPNACK message).
2010-01-23 00:43:43, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

==== End Of File ===========================

Merged posts. ~ OB

Edited by Maurice Naggar, 31 January 2010 - 10:54 AM.
Added highlighting for emphasis


BC AdBot (Login to Remove)

 


#2 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:09 PM

Posted 30 January 2010 - 09:41 PM

Hello tf4ever,

Please de-install BitTorrent & any other peer-to-peer fileshare before we get started and confirm that for me.
Then we can get started.

Start HijackThis. Look for these lines and place a checkmark against each of the following, if still present
QUOTE
O4 - HKUS\S-1-5-20\..\Run: [sogaludefa] Rundll32.exe "C:\WINDOWS\system32\rezevime.dll",s (User 'NETWORK SERVICE')

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer (& or any other window) is closed when you click Fix Checked!

I see traces of One Care & Symantec.
As I understand (from your older threads) that Symantec expired, then
Get and run the Norton/Symantec removal tool http://service1.symantec.com/Support/tsgen...005033108162039

Also get and run Microsoft OneCare Uninstall Cleanup Tool
http://download.microsoft.com/download/4/c...CareCleanUp.exe

Confirm the removal of Bittorrent.
and yes, there are several pieces of malware on this system. several !!!

I would suggest you get going right away, as there's lots of work to do.

N.B. I notice you have many other topics open at this forum. Are they all on the same system ??

administrative tools error report --> http://www.bleepingcomputer.com/forums/ind...howtopic=291728

failing pc --> http://www.bleepingcomputer.com/forums/ind...howtopic=285422

slow computer probably not by malware infection --> http://www.bleepingcomputer.com/forums/ind...howtopic=282262

Edited by Maurice Naggar, 30 January 2010 - 10:17 PM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#3 tf4ever

tf4ever
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 01 February 2010 - 10:31 PM

Hello
All of the others forum will be closed by Orange Blossom. Im sorry for the confusion it caused the problem is about a frequent auto-rebooting of the PC. As you said it s also caused by some malware. Ive already uninstalled all peer to peer programs on my PC I will now get started as you said...

Tf4ever

#4 tf4ever

tf4ever
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 01 February 2010 - 10:42 PM

I did the hjt scan but I couldn t find


O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

btw: Ive already uninstalled SpybotSD short after creating this topic ( and Ive checked again for any peer to peer programs and successfully uninstalled bitorrent before performing the hjt scan)






#5 tf4ever

tf4ever
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 01 February 2010 - 11:12 PM

I forgot to tell you this but Ive now been receiving another error tab that says


'' Data Execution Prevention - Microsoft Windows''

'' To help protect your computer, Windows has closed this program.

Name: Generic Host Process for Win32 Services
Publisher: Microsoft corporation

Close Message
-------------------------------------------------------------------------------------------
Data Execution Prevention helps protect against damage from viruses and other
security threats. what should I do? ''


Ive completed the norton removal and now doing the onecare cleanup


#6 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:09 PM

Posted 02 February 2010 - 01:54 AM

If you need to restart the system fresh. If possible, stay in Normal mode. Otherwise, restart in "Safe Mode With Networking".

Please do the following steps. It is best to do all of them in one session. Do as much of them as possible. But it is important to get going.

And until such time as all malwares are removed (if we get to that point), do NOT use this pc for any websurfing, nor any games, nor any online transactions. Only go to this forum and the websites I guide you to for tools.

You will want to print out or copy these instructions to Notepad for offline reference!
If you are a casual viewer, do NOT try this on your system!
If you are not tf4ever and have a similar problem, do NOT post here; start your own topic


Do not run or start any other programs while these utilities and tools are in use!
Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
But it is important that you get going on these following steps.
=
Close any of your open programs while you run these tools.

Step 1
Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
Set Windows to show all files and all folders.
On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

Step 3
Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
    CODE
    Drivers to disable:
    sogaludefa

    Drivers to delete:
    sogaludefa

    Files to delete:
    C:\WINDOWS\system32\ronihuni.dll
    c:\windows\system32\lojafuyu.dll
    c:\windows\system32\ozecdm.dll
    C:\WINDOWS\system32\rezevime.dll
    c:\windows\system32\9741.exe
    c:\windows\system32\8723.exe
    c:\windows\system32\12859.exe
    c:\windows\system32\20037.exe
    c:\windows\system32\32757.exe
    c:\windows\system32\32662.exe
    c:\windows\system32\27644.exe
    c:\windows\system32\25547.exe
    c:\windows\system32\6868.exe
    c:\windows\system32\28253.exe
    c:\windows\system32\7711.exe
    c:\windows\system32\15141.exe
    c:\windows\system32\4664.exe
    c:\windows\system32\17673.exe
    c:\windows\system32\30333.exe
    c:\windows\system32\31322.exe
    c:\windows\system32\23811.exe
    c:\windows\system32\28703.exe
    c:\windows\system32\9894.exe
    c:\windows\system32\17035.exe
    c:\windows\system32\26299.exe
    c:\windows\system32\25667.exe
    c:\windows\system32\19912.exe
    c:\windows\system32\1869.exe
    c:\windows\system32\11538.exe
    c:\windows\system32\14771.exe
    c:\windows\system32\21726.exe
    c:\windows\system32\5447.exe
    c:\windows\system32\19895.exe
    c:\windows\system32\19718.exe
    c:\windows\system32\18716.exe
    c:\windows\system32\17421.exe
    c:\windows\system32\12382.exe
    c:\windows\system32\292.exe
    c:\windows\system32\153.exe
    c:\windows\system32\9961.exe
    c:\windows\system32\16827.exe
    c:\windows\system32\23281.exe
    c:\windows\system32\28145.exe
    c:\windows\system32\5705.exe
    c:\windows\system32\24464.exe
    c:\windows\system32\26962.exe
    c:\windows\system32\29358.exe
    c:\windows\system32\11478.exe
    c:\windows\system32\15724.exe
    c:\windows\system32\19169.exe
    c:\windows\system32\26500.exe
    c:\windows\system32\6334.exe
    c:\windows\system32\18467.exe
    c:\windows\ocopiriq.dll

    Folders to delete:
    C:\recycler
    D:\recycler
    e:\recycler
    f:\recycler
    g:\recycler
    h:\recycler
  • In the avenger window, click the Paste Script from Clipboard icon, button.
  • ! Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
  • After your PC has completed the necessary reboots, a log should automatically open. Please copy/paste the contents of c:\avenger.txt into your next reply.
Not all the items will be found; so do not worry. Hopefully enough of the rootkit will be removed so that we can continue forward with more cleaning.
If you get a blue screen abort when it reboots, please write down all the information, STOP codes and description.
and then reboot the system again.

Step 4
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1
Link 2
Link 3







* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop
If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on Combo-Fix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
-------------------------------------------------------

A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light.
If it is flashing, Combofix is still at work.
=

RE-Enable your AntiVirus and AntiSpyware applications.

Reply with copy of C:\Avenger.txt
C:\Combofix.txt

Edited by Maurice Naggar, 02 February 2010 - 01:59 AM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#7 tf4ever

tf4ever
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 03 February 2010 - 09:29 PM

Ive done everything these are the logs
the avenger.txt


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open driver "sogaludefa"
Disablement of driver "sogaludefa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\sogaludefa" not found!
Deletion of driver "sogaludefa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\ronihuni.dll" not found!
Deletion of file "C:\WINDOWS\system32\ronihuni.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\lojafuyu.dll" not found!
Deletion of file "c:\windows\system32\lojafuyu.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\ozecdm.dll" not found!
Deletion of file "c:\windows\system32\ozecdm.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\rezevime.dll" not found!
Deletion of file "C:\WINDOWS\system32\rezevime.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\windows\system32\9741.exe" deleted successfully.
File "c:\windows\system32\8723.exe" deleted successfully.
File "c:\windows\system32\12859.exe" deleted successfully.
File "c:\windows\system32\20037.exe" deleted successfully.
File "c:\windows\system32\32757.exe" deleted successfully.
File "c:\windows\system32\32662.exe" deleted successfully.
File "c:\windows\system32\27644.exe" deleted successfully.
File "c:\windows\system32\25547.exe" deleted successfully.
File "c:\windows\system32\6868.exe" deleted successfully.
File "c:\windows\system32\28253.exe" deleted successfully.
File "c:\windows\system32\7711.exe" deleted successfully.
File "c:\windows\system32\15141.exe" deleted successfully.
File "c:\windows\system32\4664.exe" deleted successfully.
File "c:\windows\system32\17673.exe" deleted successfully.
File "c:\windows\system32\30333.exe" deleted successfully.
File "c:\windows\system32\31322.exe" deleted successfully.
File "c:\windows\system32\23811.exe" deleted successfully.
File "c:\windows\system32\28703.exe" deleted successfully.
File "c:\windows\system32\9894.exe" deleted successfully.
File "c:\windows\system32\17035.exe" deleted successfully.
File "c:\windows\system32\26299.exe" deleted successfully.
File "c:\windows\system32\25667.exe" deleted successfully.
File "c:\windows\system32\19912.exe" deleted successfully.
File "c:\windows\system32\1869.exe" deleted successfully.
File "c:\windows\system32\11538.exe" deleted successfully.
File "c:\windows\system32\14771.exe" deleted successfully.
File "c:\windows\system32\21726.exe" deleted successfully.
File "c:\windows\system32\5447.exe" deleted successfully.
File "c:\windows\system32\19895.exe" deleted successfully.
File "c:\windows\system32\19718.exe" deleted successfully.
File "c:\windows\system32\18716.exe" deleted successfully.
File "c:\windows\system32\17421.exe" deleted successfully.
File "c:\windows\system32\12382.exe" deleted successfully.
File "c:\windows\system32\292.exe" deleted successfully.
File "c:\windows\system32\153.exe" deleted successfully.
File "c:\windows\system32\9961.exe" deleted successfully.
File "c:\windows\system32\16827.exe" deleted successfully.
File "c:\windows\system32\23281.exe" deleted successfully.
File "c:\windows\system32\28145.exe" deleted successfully.
File "c:\windows\system32\5705.exe" deleted successfully.
File "c:\windows\system32\24464.exe" deleted successfully.
File "c:\windows\system32\26962.exe" deleted successfully.
File "c:\windows\system32\29358.exe" deleted successfully.
File "c:\windows\system32\11478.exe" deleted successfully.
File "c:\windows\system32\15724.exe" deleted successfully.
File "c:\windows\system32\19169.exe" deleted successfully.
File "c:\windows\system32\26500.exe" deleted successfully.
File "c:\windows\system32\6334.exe" deleted successfully.
File "c:\windows\system32\18467.exe" deleted successfully.
File "c:\windows\ocopiriq.dll" deleted successfully.
Folder "C:\recycler" deleted successfully.

Error: could not open folder "e:\recycler"
Deletion of folder "e:\recycler" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open folder "f:\recycler"
Deletion of folder "f:\recycler" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open folder "g:\recycler"
Deletion of folder "g:\recycler" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open folder "h:\recycler"
Deletion of folder "h:\recycler" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: folder "D:\recycler" not found!
Deletion of folder "D:\recycler" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.





----------------------------------------------------------------------------------------------------------------------------------






and the combofix log

ComboFix 10-02-03.04 - HP_Administrator 2010-02-03 20:51:12.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1467 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cleanup.exe
c:\program files\Internet Explorer\SET2A7.tmp
c:\program files\Internet Explorer\SET2A8.tmp
c:\program files\Internet Explorer\SET2A9.tmp
c:\program files\Internet Explorer\SET2B1.tmp
c:\program files\Internet Explorer\SET2B2.tmp
c:\program files\Internet Explorer\SET2B3.tmp
c:\program files\Internet Explorer\SET344.tmp
c:\program files\Internet Explorer\SET345.tmp
c:\program files\Internet Explorer\SET346.tmp
c:\program files\Internet Explorer\SET4.tmp
c:\program files\Internet Explorer\SET439.tmp
c:\program files\Internet Explorer\SET43A.tmp
c:\program files\Internet Explorer\SET43B.tmp
c:\program files\Internet Explorer\SET4F.tmp
c:\program files\Internet Explorer\SET5.tmp
c:\program files\Internet Explorer\SET50.tmp
c:\program files\Internet Explorer\SET51.tmp
c:\program files\Internet Explorer\SET6.tmp
c:\program files\Internet Explorer\SET7.tmp
c:\program files\Internet Explorer\SET8.tmp
c:\program files\Internet Explorer\SET9.tmp
c:\program files\Internet Explorer\SET99.tmp
c:\program files\Internet Explorer\SET9A.tmp
c:\program files\Internet Explorer\SET9B.tmp
c:\program files\Internet Explorer\SET9C.tmp
c:\program files\Internet Explorer\SET9D.tmp
c:\program files\Internet Explorer\SET9E.tmp
c:\program files\Internet Explorer\SETA.tmp
c:\program files\Internet Explorer\SETB.tmp
c:\program files\Internet Explorer\SETC.tmp
c:\program files\Internet Explorer\SETD.tmp
c:\program files\Internet Explorer\SETD3.tmp
c:\program files\Internet Explorer\SETD4.tmp
c:\program files\Internet Explorer\SETD5.tmp
c:\program files\Internet Explorer\SETE.tmp
c:\program files\Internet Explorer\SETF.tmp
c:\windows\kb913800.exe
c:\windows\system32\config\systemprofile\reader_s.exe
c:\windows\system32\dlipibuv.ini
c:\windows\system32\ehfhxuxa.ini
c:\windows\system32\izonatot.ini
c:\windows\system32\lfewxaus.ini
c:\windows\system32\lsaijhxd.ini
c:\windows\system32\nmvisshp.ini
c:\windows\system32\odimakon.ini
c:\windows\system32\qtumbsih.ini
c:\windows\system32\spyljjiw.ini
c:\windows\system32\tqjsfhip.ini
c:\windows\system32\usozoven.ini
D:\Autorun.inf

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
c:\windows\system32\tftp.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2010-01-04 to 2010-02-04 )))))))))))))))))))))))))))))))
.

2010-02-04 01:10 . 2010-02-04 01:10 574 ----a-w- C:\cleanup.bat
2010-02-04 01:10 . 2010-02-04 01:10 135168 ----a-w- C:\zip.exe
2010-02-04 00:56 . 2010-02-04 00:57 -------- d-----w- c:\program files\ERUNT
2010-02-02 04:20 . 2010-02-02 04:22 -------- d-----w- C:\WINSSLog
2010-01-23 03:40 . 2010-01-23 03:41 -------- d-----w- c:\program files\CCleaner
2010-01-17 03:05 . 2010-01-17 03:05 -------- d-----w- c:\program files\Pure Networks
2010-01-17 03:04 . 2008-05-16 11:10 23992 ----a-w- c:\windows\system32\drivers\pnarp.sys
2010-01-17 03:04 . 2008-05-16 11:10 25272 ----a-w- c:\windows\system32\drivers\purendis.sys
2010-01-17 03:04 . 2010-01-17 03:04 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2010-01-16 14:05 . 2010-01-16 14:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 02:09 . 2007-02-01 23:32 -------- d-----w- c:\program files\Steam
2010-02-04 02:08 . 2009-03-19 19:08 -------- d-----w- c:\program files\DNA
2010-02-04 02:08 . 2009-03-19 19:08 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DNA
2010-02-04 02:07 . 2009-03-18 19:06 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\WTablet
2010-02-02 03:59 . 2006-11-18 22:50 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-02 03:58 . 2006-11-18 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-02-02 03:52 . 2007-11-10 22:50 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Symantec
2010-02-02 02:28 . 2004-08-09 21:00 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-30 22:37 . 2009-12-24 04:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-30 22:03 . 2007-11-21 02:35 -------- d-----w- c:\program files\Veoh Networks
2010-01-30 21:58 . 2009-12-31 19:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-30 21:58 . 2009-12-31 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-26 06:57 . 2007-02-01 02:29 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Skype
2010-01-26 06:44 . 2009-06-02 12:33 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\skypePM
2010-01-19 02:10 . 2007-09-06 11:58 -------- d-----w- c:\program files\LimeWire
2010-01-17 03:00 . 2009-10-24 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2010-01-17 02:51 . 2009-08-28 15:30 -------- d-----w- c:\program files\DIFX
2010-01-16 14:41 . 2009-11-29 18:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(2)
2010-01-07 21:07 . 2009-02-04 22:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-02-04 22:15 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 22:55 . 2008-03-01 17:14 -------- d-----w- c:\program files\Windows Live
2009-12-31 18:30 . 2007-02-23 03:31 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2009-12-31 02:56 . 2008-01-06 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-29 14:32 . 2009-07-12 06:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-29 01:19 . 2009-07-12 06:13 -------- d-----w- c:\program files\NOS
2009-12-29 01:02 . 2009-02-03 08:24 -------- d-----w- c:\program files\Angle Interactive
2009-12-29 00:19 . 2007-02-08 01:43 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-28 22:23 . 2009-09-10 09:39 -------- d-----w- c:\program files\iTunes
2009-12-28 22:20 . 2009-12-28 22:20 -------- d-----w- c:\program files\iPod
2009-12-28 22:20 . 2008-01-06 00:09 -------- d-----w- c:\program files\Common Files\Apple
2009-12-28 21:58 . 2007-02-23 03:30 -------- d-----w- c:\program files\QuickTime
2009-12-27 21:41 . 2006-11-18 21:59 -------- d-----w- c:\program files\Java
2009-12-27 19:54 . 2006-11-18 22:28 81848 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-24 12:47 . 2009-12-24 12:47 -------- d-----w- c:\program files\Common Files\Skype
2009-12-24 12:47 . 2007-02-01 02:29 -------- d-----r- c:\program files\Skype
2009-12-24 12:47 . 2007-02-01 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-24 04:28 . 2009-10-28 17:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-24 04:28 . 2009-10-01 23:53 -------- d-----w- c:\program files\Microsoft LifeCam
2009-12-24 04:13 . 2009-10-25 00:58 -------- d-----w- c:\program files\Pure Networks(2)
2009-12-24 04:05 . 2009-11-14 03:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-24 04:04 . 2009-12-24 04:04 -------- d-----w- c:\program files\Regensoft
2009-12-24 04:01 . 2007-02-01 22:59 -------- d-----w- c:\program files\WarRock
2009-12-24 04:01 . 2006-11-18 22:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-24 04:01 . 2009-12-24 04:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\InstallShield
2009-12-21 19:28 . 2007-10-08 12:54 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Image Zone Express
2009-12-08 11:11 . 2009-09-07 01:45 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HpUpdate
2009-11-21 16:36 . 2004-08-09 21:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-13 00:06 . 2009-11-13 00:06 0 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2004-07-22 14:51 . 2004-07-22 14:51 3432656 ----a-w- c:\program files\ManagedDX.CAB
2004-07-20 02:58 . 2004-07-20 02:58 1156363 ----a-w- c:\program files\BDANT.cab
2004-07-20 02:53 . 2004-07-20 02:53 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-09 18:17 . 2004-07-09 18:17 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 13:13 . 2004-07-09 13:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 13:13 . 2004-07-09 13:13 703080 ----a-w- c:\program files\BDA.cab
2004-07-09 08:08 . 2004-07-09 08:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 08:08 . 2004-07-09 08:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 07:03 . 2004-07-09 07:03 62976 ----a-w- c:\program files\DSETUP.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2009-12-24 1217808]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 3587120]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-12-24 323392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-29 81920]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-06 647520]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-24 2043160]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-07 198160]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-11-18 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-11-18 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Mises … jour de HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-11-18 36903]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2008-7-23 1073152]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-11-18 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-29 12:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\avgrsstx.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\tf997\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\mrquebec\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\mrquebec\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Steam\\SteamApps\\tf997\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\WINDOWS\\system32\\HPZipm12.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgrsx.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 6.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\WarRock\\WRLauncher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\real\\realplayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-18 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-18 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-18 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-18 297752]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-03-31 54752]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-03-18 1373480]
S2 gupdate1ca2fe3abc1b944;Service Google Update (gupdate1ca2fe3abc1b944);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 133104]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2007-12-31 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2007-12-31 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2007-12-31 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [2007-12-31 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2007-12-31 83344]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva016;XDva016;\??\c:\windows\system32\XDva016.sys --> c:\windows\system32\XDva016.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 17:49]

2010-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 17:49]

2010-02-04 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-10-22 11:29]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=64&bd=PAVILION&pf=desktop
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?29b6f84c4d914cac94db8f923f9bb28f
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?29b6f84c4d914cac94db8f923f9bb28f
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5o11c68u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5o11c68u.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5o11c68u.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCDrProfiler - (no file)
AddRemove-DISCover - c:\program files\DISC\uninstall.exe
AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742}



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 21:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5028)
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\PSIService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\eHome\ehmsas.exe
c:\windows\ARPWRMSG.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2010-02-03 21:18:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-04 02:18

Pre-Run: 140 322 959 360 bytes free
Post-Run: 142 220 472 320 bytes free

- - End Of File - - B3BB5A9C5C536AC474D819FCF955CE00

Edited by tf4ever, 03 February 2010 - 09:35 PM.


#8 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:09 PM

Posted 04 February 2010 - 07:07 AM

Your logs showed some peer-to-peer filesharing apps, specifically Limewire and BitTorrent DNA.
I do not recommend their use since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.
"File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is imperative that you de-install Limewire and BitTorrent DNA before we go further in looking for malwares.
I need your confirmation that both are removed.

Step 2
Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

When done, click the Scanner tab.
Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Step 3
Using Internet Explorer browser only, go to ESET Online Scanner website:
Vista users should start IE by Start (Vista Orb) >> Internet Explorer >> Right-Click and select Run As Administrator.
  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.
    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here
    http://www.eset.com/onlinescan/cac4.php?page=faq
    • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
      Otherwise the scan will take twice as long to do:
      everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.

Reply with copy of the MBAM scan log
and ESET scan log
and tell me, How is your system now ?
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#9 tf4ever

tf4ever
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 04 February 2010 - 10:05 PM

Ive lookeed for the dna and uninstalled it sucessfully before doing anything
this is the malwarebytes log



Malwarebytes' Anti-Malware 1.44
Database version: 3691
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18372

2010-02-04 21:55:52
mbam-log-2010-02-04 (21-55-52).txt

Scan type: Quick Scan
Objects scanned: 134389
Time elapsed: 10 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#10 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:09 PM

Posted 05 February 2010 - 05:54 AM

The MBAM scan is very encouraging. Kindly do the ESET online scan, paste that log, and tell me, How is the system now ?
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#11 tf4ever

tf4ever
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 05 February 2010 - 05:52 PM

this is the ESET log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18372 (longhorn_ie8_rc1(wmbla).090115-0053)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=4f33e4094c7f5847992ad4b4e663b4aa
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-05 05:53:34
# local_time=2010-02-05 12:53:34 (-0500, Eastern Standard Time)
# country="Canada"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 89158990 89158990 0 0
# compatibility_mode=1024 16777175 100 0 37435847 37435847 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=243115
# found=15
# cleaned=15
# scan_time=9418
C:\Program Files\WarRock\System\WarRock.exe a variant of Win32/Packed.Themida application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\dlipibuv.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\ehfhxuxa.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\izonatot.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\lfewxaus.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\lsaijhxd.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\nmvisshp.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\odimakon.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\qtumbsih.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\spyljjiw.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\tqjsfhip.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\usozoven.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\reader_s.exe.vir a variant of Win32/Kryptik.BID trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.SJ virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt Win32/TrojanDownloader.FakeAlert.AED virus (deleted - quarantined) 00000000000000000000000000000000 C


#12 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:09 PM

Posted 05 February 2010 - 06:53 PM

Kindly tell me explicitly if the DCOM shutdown issue is gone. I assume so. I think we can wrap this up on the next go-round.
The bulk of the items removed by the ESET scan were already in quarantine.
ESET didn't care for the WarRock which it removed.

tell me, How is the system now ?

Edited by Maurice Naggar, 05 February 2010 - 06:54 PM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#13 tf4ever

tf4ever
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 05 February 2010 - 07:05 PM

I would like to thank you and everyone else for helping me with my PC laugh.gif
The DCOM shutdown issue seems gone all I now need to know is what do you think ? Are all Malwares gone ? everything looks fine from my eyes but I don t know if thoses problems will come again or if any malwares are hidden...


Thanks again
I hope the situation is really as good as I think

Tf4ever

#14 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:09 PM

Posted 05 February 2010 - 09:02 PM

Yes, we have removed the malwares that had been onboard. Their sheer numbers were what was bring Windows' service control manager to it's knees and leading to the shutdown. I urge you highly to study the 2 articles noted below and to studiously observe the advice. Be extremely warry of anything you download and even then, first scan it with your antivirus; well before installing or running or using.

The list below may seem like a lot; but overall, will not take a whole lot of time.

Get latest Adobe Reader
Older versions of Adobe Reader pose a potential security risk.
De-install your Adobe Reader: Use Control Panel's Add-Remove programs, Remove Adobe Reader.
Get latest Adobe Reader version 9.3
http://get.adobe.com/reader/
Be sure to un-check the box for Free McAfee Security Scan

Java runtime version security maintenance

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 (the button is marked Download JRE) and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) - JRE 6 Update 18 -"
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "Java SE Runtime Environment 6u18 with JavaFX 1 License Agreement . ". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Remove J2SE Runtime Environment 5.0 Update 6
  • Remove Javaâ„¢ 6 Update 17
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:
Click Advanced Tab. Expand the Miscellaneous item.
UN-check the line Java quick starter

If you want to also un-check the "Check for updates automatically" you may:
Click the Update tab. un-check the line if it is checked.
Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml
When all is well, you should see Java Version: 1.6.0_18 from Sun Microsystems Inc.

Cleanups after the tools we used
Go to Control Panel and Add-or-Remove programs.
Also de-install Eset Online scan
Select Change/Remove to de-install it.
OK & Exit out of Control Panel

I see that you are clear of your original issues.
If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used; followed by advice on staying safer.

We have to remove Combofix and all its associated folders.
The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.
Note the space after exe and before the slash mark.
The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.
  • Click Start, then click Run.

    In the command box that opens, Copy the whole line verbatim and then paste into Run-Open box
    c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe /uninstall
    and then click OK.
  • Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe
  • Please double-click OTL.exe to run it.
  • Click on the CleanUp! button at upper Right corner. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTL attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
  • This step removes the files, folders, and shortcuts created by the tools I had you download and run.
pc secuity adviceWe are finished here. Best regards.

Edited by Maurice Naggar, 05 February 2010 - 09:05 PM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#15 tf4ever

tf4ever
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 06 February 2010 - 11:21 AM

ok i did the java update and removed all old versions of it.
I think Ive already have the newest version of adobe so I didn t downloaded it again. I did the OTL cleanup, the windows defender, the javacoolsoftware and updated windows, and I will read all others tutorials.
Howether there s one last thing: the booting is unusually slower ( the bleu screen stays for a long time ) . Even slower than when the PC was rebooting by itself... do you know what may cause this ?







0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users