Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

IE crashes computer/win update blocked/malwarebytes blocked

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

IE crashes computer/win update blocked/malwarebytes blocked

Unread postby Apollo » June 3rd, 2009, 11:20 pm

i'm having trouble getting to any malware removal websites, let alone installing or having them run. i'm also seeing tonnes of redirects and random system crashes. any help would be awesome.

Logfile of HijackThis v1.99.1
Scan saved at 6:01:13 PM, on 6/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\Sierra\Planner\PLNRnote.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Safari\Safari.exe
C:\Documents and Settings\Kaitlin\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{67F35166-FB4B-4749-A1C5-06AA1DF4C8F1}: NameServer = 85.255.112.21,85.255.112.89
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C9BF986-973A-429F-84C4-126106F50860}: NameServer = 85.255.112.21,85.255.112.89
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.21,85.255.112.89
O17 - HKLM\System\CS1\Services\Tcpip\..\{67F35166-FB4B-4749-A1C5-06AA1DF4C8F1}: NameServer = 85.255.112.21,85.255.112.89
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.21,85.255.112.89
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe" /service /P DellSupportCenter (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
Apollo
Regular Member
 
Posts: 17
Joined: June 3rd, 2009, 11:13 pm
Advertisement
Register to Remove

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby MWR 3 day Mod » June 6th, 2009, 11:36 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby muppy03 » June 7th, 2009, 4:36 am

Hello and welcome to the Malware Removal Forums

I will be assisting you with your Malware issues.

IMPORTANT

  • Continue to respond to this thread until I give you the All Clean!
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
  • Please follow all instructions in the order posted.
  • If you have any questions or do not understand instructions, please ask before continuing.
  • Please reply to this thread. Do not start a new topic.
  • As I am still in training, everything that I post to you, must be checked by one of the teachers. Therefore, there may be a delay between posts.


Your Hijack This is out of date.

Please download the latest version from here
  • Save HJTInstall.exe to your desktop.
  • Do Not install yet.

Uninstall your Old version of HJT
  • Remove HJT from add/remove programs.
  • Using Windows Explorer, locate the HJT file and delete it.
  • Remove Desktop Shortcutfor HJT

Install your New version by following the below instructions.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply along with a NEW HJT log.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby Apollo » June 7th, 2009, 2:25 pm

thanks for the quick reply :D especially for having to wait on an expert.

heres the uninstall list 32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.1
AMD Processor Driver
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
BitComet 1.11
Bonjour
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
Choice Guard
Combined Community Codec Pack 2008-09-21 16:18
Conexant HDA D330 MDC V.92 Modem
Dell Automated PC TuneUp
Dell Support Center (Support Software)
Dell Touchpad
Dell Wireless WLAN Card Utility
Digital Line Detect
Event Planner
GIMP 2.6.6
Hallmark Card Studio 2003
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HP Deskjet All-In-One Driver Software 9.0.A Corporate Edition
Java(TM) 6 Update 13
LibUSB-Win32-0.1.10.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Visual C++ 2005 Redistributable
mIRC
MSVCRT
MSXML 4.0 SP2 (KB954430)
PhaseRO
Project64 1.6
QuickSet
Ragnarok Online
Ragnarok Sakray
Safari
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
SigmaTel Audio
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Ventrilo Client
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver

And the HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:50 PM, on 6/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\Sierra\Planner\PLNRnote.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{67F35166-FB4B-4749-A1C5-06AA1DF4C8F1}: NameServer = 85.255.112.21,85.255.112.89
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C9BF986-973A-429F-84C4-126106F50860}: NameServer = 85.255.112.21,85.255.112.89
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.21,85.255.112.89
O17 - HKLM\System\CS1\Services\Tcpip\..\{67F35166-FB4B-4749-A1C5-06AA1DF4C8F1}: NameServer = 85.255.112.21,85.255.112.89
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.21,85.255.112.89
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6283 bytes
Apollo
Regular Member
 
Posts: 17
Joined: June 3rd, 2009, 11:13 pm

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby muppy03 » June 7th, 2009, 6:49 pm

Hi Apollo,

I see signs of AVG8 on your system but it is not running. Is there a particular reason for this or is it because of the trouble you have been having?

MRU P2P Policy
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitComet

I'd like you to read the MRU policy for P2P Programs.
Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Run a new HJT scan when finished and post the log back here.


Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

P2P programs also open up access to the computer on which the program is installed. The computer's settings are more often than not changed in a manner that renders them insecure, and access to the computer is left open even when the program is not in use. Therefore, the system's security is compromised.

So be aware that it's not just what's downloaded with P2P programs that creates problems, just having the program installed is like leaving all the doors to your house unlocked.

Please reply when the above is done and answer to AVG8 question
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby Apollo » June 8th, 2009, 12:18 am

hi muppy sorry about the p2p problem, i assumed uninstalling was only necessary for the "unsafe programs"

I've removed it from add/remove programs menu... however looking at the hijack this log it appears to still be running.
and you assumed right about the my AV8 not running. i haven't been able to open it successfully since around when IE stopped working.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:52 PM, on 6/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\Sierra\Planner\PLNRnote.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{67F35166-FB4B-4749-A1C5-06AA1DF4C8F1}: NameServer = 85.255.112.21,85.255.112.89
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C9BF986-973A-429F-84C4-126106F50860}: NameServer = 85.255.112.21,85.255.112.89
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.21,85.255.112.89
O17 - HKLM\System\CS1\Services\Tcpip\..\{67F35166-FB4B-4749-A1C5-06AA1DF4C8F1}: NameServer = 85.255.112.21,85.255.112.89
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.21,85.255.112.89
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6097 bytes


Thanks for your help,

Apollo
Apollo
Regular Member
 
Posts: 17
Joined: June 3rd, 2009, 11:13 pm

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby muppy03 » June 8th, 2009, 5:42 am

Hi Apollo,

You have Malwarebytes' Anti-Malware already installed. I would like you to update it and run a scan. If it does not update at this stage that is ok, still run it.
As it is probably not working please re-name it, that should get it working for you.

To Re-Name it:-
    1. Right click Start - Click Explore
    2. Navigate to: c:\program files\malwarebytes' Anti-Malware Right click on mbam.exe - click Rename
    3. Type into the name box: apollo.exe

NEXT Download and Run: RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please reply with:-
  • MBAM log
  • RSIT logs ( info.txt and log.txt)
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby Apollo » June 8th, 2009, 8:10 pm

hi again, i've been messing with MBAM for a while now and cannot for the life of me get it to run. same goes for my AVG.

here are the log files you asked for though

info.txt logfile of random's system information tool 1.06 2009-06-08 18:01:48

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
AMD Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{EF40BAC3-372B-46F4-A32D-B37CF4217CE7}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}
Broadcom Management Programs-->MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\UIU32m.exe -U -Idel000f5.INF
Dell Automated PC TuneUp-->MsiExec.exe /X{FE34691C-4298-4667-9758-D7F534DD0B94}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Dell Wireless WLAN Card Utility-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\Setup.exe -runfromtemp -l0x0009 -removeonly
Event Planner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1182355-1464-4B43-8986-031A86808495}\Setup.exe"
GIMP 2.6.6-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Hallmark Card Studio 2003-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Sierra\Hallmark Card Studio 2003\VuUninst.isu" -c"C:\Program Files\Sierra\Hallmark Card Studio 2003\Uninstpa.DLL"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet All-In-One Driver Software 9.0.A Corporate Edition-->C:\Program Files\HP\Digital Imaging\{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}\setup\hpzscr01.exe -datfile hposcr14.dat
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
LibUSB-Win32-0.1.10.1-->"C:\Program Files\LibUSB-Win32-0.1.10.1\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
PhaseRO-->"C:\WINDOWS\PhaseRO\uninstall.exe" "/U:C:\Program Files\MicRo\Uninstall\uninstall.xml"
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
Ragnarok Online-->"C:\WINDOWS\IFinst27.exe" -UC:\Program Files\Gravity\RO\IFU41.inf
Ragnarok Sakray-->"C:\WINDOWS\IFinst27.exe" -UC:\Program Files\Gravity\RO\IFU47.inf
Safari-->MsiExec.exe /X{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\dpinst.exe /us C:\PROGRA~1\DIFX\UninstallScripts\4569969E1360D2854474C661EF9B4D54F143EB16
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======System event log======

Computer Name: KATES-COMPUTER
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 6907
Source Name: Tcpip
Time Written: 20090524143402.000000-360
Event Type: warning
User:

Computer Name: KATES-COMPUTER
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 6889
Source Name: Tcpip
Time Written: 20090524002512.000000-360
Event Type: warning
User:

Computer Name: KATES-COMPUTER
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 6543
Source Name: Tcpip
Time Written: 20090523084226.000000-360
Event Type: warning
User:

Computer Name: KATES-COMPUTER
Event Code: 4307
Message: Initialization failed because the transport refused to open initial Addresses.

Record Number: 6538
Source Name: NetBT
Time Written: 20090523084028.000000-360
Event Type: error
User:

Computer Name: KATES-COMPUTER
Event Code: 31008
Message: The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.

Record Number: 6485
Source Name: ipnathlp
Time Written: 20090522234543.000000-360
Event Type: error
User:

=====Application event log=====

Computer Name: KATES-COMPUTER
Event Code: 1000
Message: Faulting application wpa kill.exe, version 2.0.0.0, faulting module kernel32.dll, version 5.1.2600.5512, fault address 0x00009e22.

Record Number: 235
Source Name: Application Error
Time Written: 20090223225100.000000-420
Event Type: error
User:

Computer Name: KATES-COMPUTER
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 206
Source Name: ASP.NET 2.0.50727.0
Time Written: 20090223221305.000000-420
Event Type: warning
User:

Computer Name: KATES-COMPUTER
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 180
Source Name: ASP.NET 2.0.50727.0
Time Written: 20090223212403.000000-420
Event Type: warning
User:

Computer Name: KATES-COMPUTER
Event Code: 1517
Message: Windows saved user KATES-COMPUTER\Kaitlin registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 166
Source Name: Userenv
Time Written: 20090223211856.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: KATES-COMPUTER
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 155
Source Name: ASP.NET 2.0.50727.0
Time Written: 20090223211516.000000-420
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6801
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------






Logfile of random's system information tool 1.06 (written by random/random)
Run by Kaitlin at 2009-06-08 18:03:27
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 57 GB (75%) free of 76 GB
Total RAM: 894 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:03:28 PM, on 6/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\Sierra\Planner\PLNRnote.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Safari\Safari.exe
C:\Documents and Settings\Kaitlin\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Kaitlin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{67F35166-FB4B-4749-A1C5-06AA1DF4C8F1}: NameServer = 85.255.112.21,85.255.112.89
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C9BF986-973A-429F-84C4-126106F50860}: NameServer = 85.255.112.21,85.255.112.89
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.21,85.255.112.89
O17 - HKLM\System\CS1\Services\Tcpip\..\{67F35166-FB4B-4749-A1C5-06AA1DF4C8F1}: NameServer = 85.255.112.21,85.255.112.89
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.21,85.255.112.89
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6112 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-30 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2008-11-26 2289664]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-10-24 206064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-30 148888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-10-26 1024000]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-20 1228800]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"BitComet"=C:\Program Files\BitComet\BitComet.exe [2009-04-28 2591544]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"DellAutomatedPCTuneUp"=C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe [2007-10-11 465136]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-05-13 4608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Event Planner Reminders Tray Icon.lnk - C:\Program Files\Sierra\Planner\PLNRnote.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-10-11 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98bcbd39-fe1a-11dd-9cde-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-5-9-64-100016508-100026744-100031823-9370.com c:\
shell\Open\command - C:\RECYCLER\S-5-9-64-100016508-100026744-100031823-9370.com c:\


======List of files/folders created in the last 1 months======

2009-06-08 18:01:43 ----D---- C:\rsit
2009-06-07 12:20:30 ----D---- C:\Program Files\Trend Micro
2009-05-24 20:49:25 ----D---- C:\Documents and Settings\Kaitlin\Application Data\Help
2009-05-24 20:38:46 ----D---- C:\Documents and Settings\Kaitlin\Application Data\Sierra
2009-05-24 20:37:58 ----N---- C:\WINDOWS\system32\ROBOEX32.DLL
2009-05-24 20:37:58 ----N---- C:\WINDOWS\system32\PCDLIB32.DLL
2009-05-24 20:37:58 ----N---- C:\WINDOWS\system32\LTKRN70N.DLL
2009-05-24 20:37:58 ----N---- C:\WINDOWS\system32\LTFIL70N.DLL
2009-05-24 20:37:58 ----N---- C:\WINDOWS\system32\LFTIF70N.DLL
2009-05-24 20:37:58 ----N---- C:\WINDOWS\system32\LFTGA70N.DLL
2009-05-24 20:37:58 ----N---- C:\WINDOWS\system32\LFPSD70N.DLL
2009-05-24 20:37:58 ----N---- C:\WINDOWS\system32\LFPNG70N.DLL
2009-05-24 20:37:58 ----N---- C:\WINDOWS\system32\LFPCX70N.DLL
2009-05-24 20:37:58 ----N---- C:\WINDOWS\system32\LFPCD70N.DLL
2009-05-24 20:37:58 ----N---- C:\WINDOWS\system32\LFKODAK.DLL
2009-05-24 20:37:58 ----N---- C:\WINDOWS\system32\LFFPX70N.DLL
2009-05-24 20:37:58 ----N---- C:\WINDOWS\system32\LFFPX7.DLL
2009-05-24 20:37:58 ----N---- C:\WINDOWS\system32\LFFAX70N.DLL
2009-05-24 20:37:58 ----N---- C:\WINDOWS\system32\LFCMP70N.DLL
2009-05-24 20:37:58 ----N---- C:\WINDOWS\system32\LFBMP70N.DLL
2009-05-24 20:37:58 ----N---- C:\WINDOWS\system32\Inetwh32.dll
2009-05-24 20:37:58 ----A---- C:\WINDOWS\SIERRA.INI
2009-05-24 20:37:57 ----D---- C:\Program Files\Common Files\Sierra On-Line
2009-05-24 20:24:58 ----D---- C:\Program Files\Sierra
2009-05-24 20:23:20 ----A---- C:\WINDOWS\IsUninst.exe
2009-05-23 21:49:54 ----D---- C:\Documents and Settings\Kaitlin\Application Data\AVGTOOLBAR
2009-05-23 21:49:47 ----D---- C:\Program Files\AVG
2009-05-23 21:49:47 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-05-13 20:08:37 ----A---- C:\WINDOWS\system32\_AxShlEx.dll
2009-05-13 18:58:36 ----D---- C:\Program Files\Alcohol Soft
2009-05-13 18:58:00 ----A---- C:\WINDOWS\system32\wpa.bak
2009-05-13 18:24:18 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2009-05-12 19:43:03 ----A---- C:\asdlkjfasdf.txt
2009-05-11 23:35:34 ----D---- C:\Documents and Settings\Kaitlin\Application Data\Dell
2009-05-11 08:08:18 ----D---- C:\Program Files\MSXML 4.0
2009-05-09 20:49:58 ----D---- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2009-05-09 20:49:46 ----A---- C:\WINDOWS\system32\hpzll5ha.dll
2009-05-09 20:47:58 ----D---- C:\Program Files\Hewlett-Packard
2009-05-09 20:47:51 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2009-05-09 20:47:31 ----A---- C:\WINDOWS\system32\hpzids01.dll
2009-05-09 20:47:28 ----A---- C:\WINDOWS\system32\hppldcoi.dll
2009-05-09 20:47:28 ----A---- C:\WINDOWS\system32\hpowiax3.dll
2009-05-09 20:47:28 ----A---- C:\WINDOWS\system32\hpovst10.dll
2009-05-09 20:47:28 ----A---- C:\WINDOWS\system32\hpotscl3.dll
2009-05-09 20:47:28 ----A---- C:\WINDOWS\system32\difxapi.dll
2009-05-09 20:47:22 ----D---- C:\Program Files\HP
2009-05-09 08:34:20 ----D---- C:\Program Files\LibUSB-Win32-0.1.10.1
2009-05-09 08:34:20 ----A---- C:\WINDOWS\system32\libusbd-nt.exe
2009-05-09 08:34:20 ----A---- C:\WINDOWS\system32\libusbd-9x.exe

======List of files/folders modified in the last 1 months======

2009-06-08 18:03:06 ----D---- C:\Program Files\BitComet
2009-06-08 18:00:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-08 13:18:06 ----D---- C:\WINDOWS\Prefetch
2009-06-08 10:51:20 ----D---- C:\WINDOWS\system32
2009-06-08 10:51:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-08 10:48:03 ----D---- C:\WINDOWS\Temp
2009-06-08 10:47:17 ----D---- C:\WINDOWS
2009-06-07 22:01:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-07 12:20:30 ----RD---- C:\Program Files
2009-06-06 21:19:22 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-05 19:19:59 ----D---- C:\Downloads
2009-05-26 18:56:52 ----SHD---- C:\WINDOWS\Installer
2009-05-24 20:49:33 ----D---- C:\WINDOWS\Help
2009-05-24 20:37:57 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-24 20:37:57 ----D---- C:\Program Files\Common Files
2009-05-24 20:28:39 ----RSD---- C:\WINDOWS\Fonts
2009-05-23 21:52:30 ----D---- C:\WINDOWS\system32\drivers
2009-05-22 23:45:38 ----SHD---- C:\RECYCLER
2009-05-22 23:39:29 ----D---- C:\Documents and Settings\Kaitlin\Application Data\gtk-2.0
2009-05-21 17:55:25 ----A---- C:\WINDOWS\WORDPAD.INI
2009-05-13 18:58:06 ----A---- C:\WINDOWS\setuplog.txt
2009-05-13 18:22:12 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-11 23:35:27 ----D---- C:\Program Files\Dell
2009-05-11 08:08:18 ----D---- C:\WINDOWS\WinSxS
2009-05-09 21:01:19 ----D---- C:\Documents and Settings\Kaitlin\Application Data\mIRC
2009-05-09 20:59:21 ----D---- C:\Program Files\mIRC
2009-05-09 20:49:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-09 20:48:54 ----HD---- C:\WINDOWS\inf
2009-05-09 20:48:02 ----D---- C:\WINDOWS\twain_32
2009-05-09 20:47:34 ----DC---- C:\WINDOWS\system32\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-02 36864]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 datunidr;DellAutomatedPCTuneUp UniDriver; C:\WINDOWS\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-10-11 1777152]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-11-26 1391104]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-08-02 989952]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-08-02 211200]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 33792]
R3 PTproct;PTproct; \??\C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-10-26 216800]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-08-02 731136]
S3 asf40s5f;asf40s5f; C:\WINDOWS\system32\drivers\asf40s5f.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-10-11 430080]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-30 152984]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1; C:\WINDOWS\system32\libusbd-nt.exe [2005-03-09 18944]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-10-24 201968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2008-11-26 24576]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 DellAMBrokerService;DellAMBrokerService; C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe [2007-10-11 76016]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]

-----------------EOF-----------------
Apollo
Regular Member
 
Posts: 17
Joined: June 3rd, 2009, 11:13 pm

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby muppy03 » June 9th, 2009, 7:28 am

Download and Run OTM.exe

Download OTM.exe by Old Timer and save it to your Desktop.
  • Double-click OTM.exe. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the lines in the codebox below.
Code: Select all
:Files
C:\Program Files\BitComet

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitComet"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitComet"=-

:Commands
[EmptyTemp]



  • Return to OTM.exe, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTM.exe

Please reply with:-
  • OTM report
  • New HJT log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby Apollo » June 9th, 2009, 7:49 pm

hello again. here is the OTM log

========== FILES ==========
File/Folder C:\Program Files\BitComet not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BitComet deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\BitComet not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Kaitlin\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_748.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTM by OldTimer - Version 2.1.0.1 log created on 06092009_173740

Files moved on Reboot...
File C:\WINDOWS\temp\Perflib_Perfdata_748.dat not found!

Registry entries deleted on Reboot...



And the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:49:09 PM, on 6/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\Sierra\Planner\PLNRnote.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{67F35166-FB4B-4749-A1C5-06AA1DF4C8F1}: NameServer = 85.255.112.131,85.255.112.74
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C9BF986-973A-429F-84C4-126106F50860}: NameServer = 85.255.112.131,85.255.112.74
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.131,85.255.112.74
O17 - HKLM\System\CS1\Services\Tcpip\..\{67F35166-FB4B-4749-A1C5-06AA1DF4C8F1}: NameServer = 85.255.112.131,85.255.112.74
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.131,85.255.112.74
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 5989 bytes
Apollo
Regular Member
 
Posts: 17
Joined: June 3rd, 2009, 11:13 pm

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby muppy03 » June 10th, 2009, 7:46 am

Hi Apollo,

Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present

    O8 - Extra context menu item: &D&ownload &with BitComet - <res://C>:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - <res://C>:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - <res://C>:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{67F35166-FB4B-4749-A1C5-06AA1DF4C8F1}: NameServer = 85.255.112.131,85.255.112.74
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7C9BF986-973A-429F-84C4-126106F50860}: NameServer = 85.255.112.131,85.255.112.74
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.131,85.255.112.74
    O17 - HKLM\System\CS1\Services\Tcpip\..\{67F35166-FB4B-4749-A1C5-06AA1DF4C8F1}: NameServer = 85.255.112.131,85.255.112.74
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.131,85.255.112.74


Once selected close all windows except HJT an click on Fix Checked

REBOOT COMPUTER

NEXT Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • If you need help to disable your protection programs see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image
Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Once Combofix has finished see if you can update and run MBAM and if successful post the log generated.

Please reply with:-
  • Combofix log
  • MBAM log
  • New HJT log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby Apollo » June 10th, 2009, 9:08 pm

hello again. great news malware bytes is executable again. first off the combofix log

ComboFix 09-06-09.06 - Kaitlin 06/10/2009 18:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.616 [GMT -6:00]
Running from: c:\documents and settings\Kaitlin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\windows\Fonts\MicRO Legacy Client.exe
c:\windows\Fonts\MicRO.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\gxvxcexuxdkmpbnrjemudpulnossfthqqvxfy.sys
c:\windows\system32\drivers\gxvxcmwmhabaiwyehdpxtjwkxfynloctikjkl.sys
c:\windows\system32\drivers\gxvxcvdymyqxmenkborgkcimblrsvxewdlrqh.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcmowqwklyxeohffkiblkbfagxwfgymfsk.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-05-11 to 2009-06-11 )))))))))))))))))))))))))))))))
.

2009-06-11 00:03 . 2009-06-11 00:03 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-09 23:53 . 2009-06-09 23:53 152576 ----a-w- c:\documents and settings\Kaitlin\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-09 23:37 . 2009-06-09 23:37 -------- d-----w- C:\_OTM
2009-06-07 18:20 . 2009-06-07 18:20 -------- d-----w- c:\program files\Trend Micro
2009-05-25 02:49 . 2009-05-25 02:49 -------- d-----w- c:\documents and settings\Kaitlin\Local Settings\Application Data\Help
2009-05-25 02:38 . 2009-05-25 02:38 -------- d-----w- c:\documents and settings\Kaitlin\Application Data\Sierra
2009-05-25 02:23 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-05-24 03:49 . 2009-05-24 03:49 -------- d-----w- c:\documents and settings\Kaitlin\Application Data\AVGTOOLBAR
2009-05-24 03:49 . 2009-05-24 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-24 03:49 . 2009-05-24 03:49 -------- d-----w- c:\program files\AVG
2009-05-15 15:57 . 2009-05-15 23:56 -------- d-----w- c:\documents and settings\Kaitlin\Local Settings\Application Data\BingoCabin
2009-05-14 02:08 . 2008-02-22 11:30 334792 ----a-w- c:\windows\system32\_AxShlEx.dll
2009-05-14 00:58 . 2009-05-14 00:58 -------- d-----w- c:\program files\Alcohol Soft
2009-05-14 00:49 . 2009-05-14 00:49 716272 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-14 00:24 . 2009-05-19 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-05-12 05:35 . 2009-05-12 05:35 -------- d-----w- c:\documents and settings\Kaitlin\Application Data\Dell
2009-05-12 05:35 . 2005-08-12 23:50 16128 ----a-w- c:\windows\system32\drivers\APPDRV.SYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-11 00:03 . 2009-02-24 06:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-09 23:53 . 2009-03-30 08:02 -------- d-----w- c:\program files\Java
2009-05-26 19:20 . 2009-02-24 06:43 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 19:19 . 2009-02-24 06:43 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-25 15:04 . 2009-02-20 02:37 45384 ----a-w- c:\documents and settings\Kaitlin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-25 04:39 . 2009-04-18 23:32 29080 ---ha-w- c:\windows\system32\mlfcache.dat
2009-05-25 02:37 . 2009-05-25 02:37 -------- d-----w- c:\program files\Common Files\Sierra On-Line
2009-05-25 02:37 . 2009-05-25 02:24 -------- d-----w- c:\program files\Sierra
2009-05-25 02:37 . 2009-02-24 03:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-23 05:39 . 2009-04-19 01:31 -------- d-----w- c:\documents and settings\Kaitlin\Application Data\gtk-2.0
2009-05-21 17:33 . 2009-03-30 08:03 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-12 05:35 . 2009-02-23 06:28 -------- d-----w- c:\program files\Dell
2009-05-11 14:08 . 2009-05-11 14:08 -------- d-----w- c:\program files\MSXML 4.0
2009-05-10 03:01 . 2009-04-23 05:28 -------- d-----w- c:\documents and settings\Kaitlin\Application Data\mIRC
2009-05-10 02:59 . 2009-04-23 05:28 -------- d-----w- c:\program files\mIRC
2009-05-10 02:49 . 2009-05-10 02:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-05-10 02:48 . 2009-05-10 02:46 124404 ----a-w- c:\windows\hpoins14.dat
2009-05-10 02:47 . 2009-05-10 02:47 -------- d-----w- c:\program files\Hewlett-Packard
2009-05-10 02:47 . 2009-05-10 02:47 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-05-10 02:47 . 2009-05-10 02:47 -------- d-----w- c:\program files\HP
2009-05-09 14:34 . 2009-05-09 14:34 -------- d-----w- c:\program files\LibUSB-Win32-0.1.10.1
2009-05-09 02:15 . 2009-05-09 02:15 -------- d-----w- c:\program files\Synaptics
2009-05-07 03:26 . 2009-05-07 03:09 -------- d-----w- c:\program files\Project64 1.6
2009-05-07 03:09 . 2009-05-07 03:09 8854 ----a-r- c:\documents and settings\Kaitlin\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-05-07 03:09 . 2009-05-07 03:09 40960 ----a-r- c:\documents and settings\Kaitlin\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-05-07 03:09 . 2009-05-07 03:09 40960 ----a-r- c:\documents and settings\Kaitlin\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-04-24 02:03 . 2009-04-24 02:03 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-04-19 07:38 . 2009-04-19 06:23 684 ----a-w- c:\windows\Fonts\mpatch.txt
2009-04-19 07:38 . 2009-04-19 06:23 5 ----a-w- c:\windows\Fonts\mpatch_allow.txt
2009-04-19 06:28 . 2009-04-19 06:24 139264 ----a-w- c:\windows\Fonts\sakray.exe
2009-04-19 06:28 . 2009-04-19 06:24 135168 ----a-w- c:\windows\Fonts\Ragnarok.exe
2009-04-19 06:28 . 2009-04-19 06:24 32 ----a-w- c:\windows\Fonts\micd.ini
2009-04-19 06:26 . 2009-04-19 06:24 -------- d-----w- c:\windows\Fonts\BGM
2009-04-19 06:24 . 2009-04-19 06:24 -------- d-----w- c:\windows\Fonts\data
2009-04-19 06:24 . 2009-04-19 06:24 -------- d-----w- c:\windows\Fonts\PatchClient
2009-04-19 01:29 . 2009-04-19 01:29 -------- d-----w- c:\program files\GIMP-2.0
2009-04-18 20:46 . 2009-04-18 20:46 -------- d-----w- c:\documents and settings\Kaitlin\Application Data\Apple Computer
2009-04-18 20:46 . 2009-04-18 20:46 -------- d-----w- c:\program files\Safari
2009-04-18 20:45 . 2009-04-18 20:45 -------- d-----w- c:\program files\Bonjour
2009-04-18 20:45 . 2009-04-18 20:45 -------- d-----w- c:\program files\Apple Software Update
2009-04-18 20:45 . 2009-04-18 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-04-12 02:20 . 2009-04-09 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-03-30 08:02 . 2009-03-30 08:02 152576 ----a-w- c:\documents and settings\Kaitlin\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-05-14 4608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-24 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1024000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminders Tray Icon.lnk - c:\program files\Sierra\Planner\PLNRnote.exe [2009-5-24 184320]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8007:TCP"= 8007:TCP:BitComet 8007 TCP
"8007:UDP"= 8007:UDP:BitComet 8007 UDP
"26585:TCP"= 26585:TCP:BitComet 26585 TCP
"26585:UDP"= 26585:UDP:BitComet 26585 UDP

R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [8/23/2007 8:29 PM 5376]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [5/7/2009 6:33 PM 33792]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WMIAPSRV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder

2009-06-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 23:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Connection Wizard,ShellNext = iexplore
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-10 18:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf104.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf104.tmp\[isoHunt] Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail.torrent 40582 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf10F.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf10F.tmp\[isoHunt] f5436481d0041374311be582bdd190b3705ee1a6.torrent 1861 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf113.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf113.tmp\[isoHunt] f5436481d0041374311be582bdd190b3705ee1a6.torrent 1861 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf116.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf116.tmp\[isoHunt] f5436481d0041374311be582bdd190b3705ee1a6.torrent 1861 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf127.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf127.tmp\R165094.EXE 10204800 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf13.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf13.tmp\install_flash_player.exe 1878888 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf139.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf139.tmp\zsnesw151.zip 867785 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf13F.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf13F.tmp\Kaitlin's Order.doc 314880 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf14C.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf14C.tmp\BingoCabin_Downloader.Exe 343168 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf156.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf156.tmp\Shadowrun.zip 697678 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf159.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf159.tmp\Illusion of Gaia.zip 1657120 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf15C.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf15C.tmp\Mystic Quest Legend.zip 362164 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf17.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf17.tmp\b216.torrent 13794 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf173.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf173.tmp\b222.torrent 13814 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf18.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf18.tmp\RyoROskin_08.rar 1105180 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf186.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf186.tmp\Wolverine - Adamantium Rage.zip 1216500 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf19.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf19.tmp\wmp11-windowsxp-x86-enu.exe 25752376 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\VGX1E8.tmp 26121 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\VGX1EA.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\VGX1EB.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\VGX1EC.tmp 6475 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\VGX1ED.tmp 15005 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\VideoTools.exe 87040 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP10C.tmp 28551 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP11B.tmp 249543 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP124.tmp 249543 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP127.tmp 249543 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP12D.tmp 707179 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1C9.tmp 653762 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1D6.tmp 28551 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1E0.tmp 85171 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1E3.tmp 707179 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1E7.tmp 1388048 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1EC.tmp 85171 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4B35.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4C2E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4E19.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4E9F.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4EE.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4F57.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4F68.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF504A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF509D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF51D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF5550.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF566D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF577.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF5897.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF596B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF59E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF5BE8.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF5D60.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF5DF.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF63A3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF6BAE.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF6DD5.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF6F70.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF71EA.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF747F.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB6.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB6.tmp\gmer.zip 278221 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafBD.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafBD.tmp\install_flash_player.exe 1878888 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC0.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC0.tmp\b217.torrent 13814 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC1.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC1.tmp\b221.torrent 13814 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC2.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC2.tmp\SafC3.tmp.download 594411260 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC3.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC3.tmp\VisualBoyAdvance-1.7.2.zip 611913 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC7.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafC7.tmp\[isoHunt] SNES ROMSET COMPLETE.torrent 218806 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafCA.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafCA.tmp\Visual_Boy_Advance___13_Roms_.3969898.TPB.torrent 11473 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafD.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafD.tmp\nero_8_ultra_edition_crack_zip-Fenopy.com.torrent 1043 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafD2.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafD2.tmp\b220.torrent 13814 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafD3.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafD3.tmp\gimp-2.6.6-i686-setup.exe 16070968 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafF3.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafF3.tmp\[isoHunt] NDS USA Roms 0000-2496.torrent 140905 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafF8.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafF8.tmp\[isoHunt] GAMEBOY ADVANCE COMPLETE (U) [!] ROMSET.torrent 82175 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafFD.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafFD.tmp\[isoHunt] download.torrent 270189 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\screenMicRO003-1.jpg 216950 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\screenMicRO013-1.jpg 99976 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\seneka000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb0.tmp 299520 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb1.tmp 408064 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb2.tmp 230912 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb3.tmp 151552 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb4.tmp 2174976 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\setb5.tmp 102400 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Setup0000.log 1912 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\setup_wm.exe 774144 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\SKYNET000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\spacer-1.gif 67 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\sta74.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\STOPzilla!
c:\docume~1\Kaitlin\LOCALS~1\Temp\STOPzilla!\SZPro5.msi 13225984 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\s734070972_2788788_7883627-1.jpg 5492 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1AD.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1AD.tmp\Terranigma.zip 2986637 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB2.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB2.tmp\mirc635.exe 1751280 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\sx6CE.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\VGX1E7.tmp 7633 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1F1.tmp 653762 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF10B0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF2C3D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4815.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF7557.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFACD.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE9DA.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE9E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEAAA.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEAE8.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEB95.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEC52.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFECA4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFED8A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEF41.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFEFAB.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF2A0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF354.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF513.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF5EC.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF60.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF674.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF6AD.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF6E3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF6FD.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF738.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF7B8.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF839.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF893.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFF9EA.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFA84.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFAC7.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFB99.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFC49.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFD63.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFE51.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFE6.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFE6A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFF44.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFF66.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFFFE4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~nsu.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\~nsu.tmp\Au_.exe 355862 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\tdss000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\tmp162.tmp 42496 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\tmp163.tmp 343040 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\tmp2D.tmp 42496 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\tmp2E.tmp 343040 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\tmp38.tmp 42496 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\tmp39.tmp 343040 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\tmp4B.tmp 42496 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\tmp4C.tmp 343040 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\UAC000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\UIRoundedImage-1.png 1652 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\UIRoundedImage-2.png 1652 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\UIRoundedImage-3.png 1652 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\UIRoundedImage-4.png 1652 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF122C.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1282.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1471.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF156B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF164F.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF18B3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1A30.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1A65.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1BD5.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1C78.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1C99.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1CC.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1CF2.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1D2.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1D74.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1D8C.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF1ED1.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF203.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF207D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF21BD.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF21D0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF24BE.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF25E7.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF27.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF2898.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF28E5.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\catchme.dll 53248 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\hsperfdata_Kaitlin
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1B.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1B.tmp\Nero 8+crack.torrent 14821 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1DD.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1DD.tmp\legitcheck.hta 4812 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1E3.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1E3.tmp\legitcheck.hta 4812 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1E5.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1E5.tmp\SetupMusicnotesPluginNS.exe 204080 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1E9.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1E9.tmp\legitcheck.hta 4812 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1F6.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf1F6.tmp\31870_Kaitlin_Grundy.doc 3866 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf2.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf2.tmp\bitcomet_setup.exe 5797624 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf20.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf20.tmp\fatfingers_0002.wmv 3360249 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf20A.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf20A.tmp\TGB_Dual_7.zip 198524 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf20C.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf20C.tmp\AHT FT Apr.doc 111104 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf21.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf21.tmp\legitcheck.hta 4821 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf239.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf239.tmp\vbalink172.zip 545610 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf28.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf28.tmp\Saf29.tmp.download 499973592 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf306.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf306.tmp\[isoHunt] Microsoft Office 2007 Premium Edition.torrent 11751 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf33.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf33.tmp\Saf34.tmp.download 570769408 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf37.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf37.tmp\FW New Sony Gadget.eml.mht 7286666 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf3B5.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf3B5.tmp\R175658.exe 14056879 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf44.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf44.tmp\BingoCabin_Downloader.Exe 343168 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf47.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf47.tmp\kellyanngothic.zip 45305 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf4D.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf4D.tmp\Aura Collection 3.rar 898177 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf52.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf52.tmp\[isoHunt] Final Fantasy collection by ga8i.torrent 421607 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf59.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf59.tmp\mbam-setup.exe 2967800 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf63.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf63.tmp\[isoHunt] Zoom Player Home MAX 6.00.torrent 3273 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf65.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf65.tmp\b219.torrent 13814 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf69.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf69.tmp\vlc-0.9.9-win32.exe 16742799 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf79.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf79.tmp\avg_free_stf_en_85_339a1525.exe 65103168 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf795.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf795.tmp\project64_1.6.exe 2080797 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf7B.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf7B.tmp\DJ_AIO_Corporate_NonNetwork_DVD.exe 53061336 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf80.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf80.tmp\STOPzilla_Setup.exe 349696 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf89.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf89.tmp\wmp10.exe 12754672 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf9A.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\Saf9A.tmp\lspfix.zip 183158 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafAC.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafAC.tmp\Mouse Freedom.rar 67859 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafAD.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafAD.tmp\[isoHunt] SUPER NINTENDO-COMPLETE COLLECTION_700 ROMS.torrent 71749 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB.tmp\Combined-Community-Codec-Pack-2008-09-21.exe 6833525 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB0.tmp
c:\docume~1\Kaitlin\LOCALS~1\Temp\SafB0.tmp\[isoHunt] 1fab6c04cf9e7518308939a13bad40908020ad06.torrent 2469 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFAD6C.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFB101.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFB17.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBDD0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBEA0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBEAB.tmp 512 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFBFF4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFC10.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFC359.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFC53A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFC6A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFCDE.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD0DA.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD184.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD3E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD488.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD548.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD58.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD5D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD5F6.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD72E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD744.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD8F.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFD9AD.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFDC61.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFDE52.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE0D6.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE1B3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE1B4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE279.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE304.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE3A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE40E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE41.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE5.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE57D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFE5B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Perflib_Perfdata_810.dat 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Perflib_Perfdata_818.dat 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Perflib_Perfdata_8e8.dat 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Perflib_Perfdata_a44.dat 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\Perflib_Perfdata__755.dat 60416 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\photolayout-1.gif 119568 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\quadra000 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\RarSFX0
c:\docume~1\Kaitlin\LOCALS~1\Temp\s1191210417_8272-1.jpg 3855 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\MessengerCache
c:\docume~1\Kaitlin\LOCALS~1\Temp\MessengerCache\00arTvUDze9J6VWZ93RsGhtm2+k= 2321 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\MessengerCache\5oFrGo1Atfk4oN37w9a+smVuIUI= 4993 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\MessengerCache\6PXYc0MQ5iOxGO+HXUhfISGFJv4= 29929 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\MessengerCache\ErrorResponse.xml 1739 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\MessengerCache\G1nHGo3iEJj1e1kwo0hqZe4sT7A= 2788 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\MessengerCache\IT4riofb+YXxQxYyx0BpxEgQKCE= 2883 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\MessengerCache\K2FvGe2FGFmf627gaOpK4phIP9WNo= 2747 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\MessengerCache\QZ3KMCHEVtrqnEh39TywH7LlR2k= 2466 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\MessengerCache\Sounds
c:\docume~1\Kaitlin\LOCALS~1\Temp\MessengerCache\yhv657XcfaQTw2FjWhLY0fPNzOiQ= 19278 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP1F5.tmp 28551 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP27.tmp 928714 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP2DF.tmp 653762 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP305.tmp 3369046 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP5F.tmp 653762 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP63.tmp 113561 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP65.tmp 104964 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP67.tmp 121035 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP74.tmp 50866 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKP81.tmp 337277 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKPAC.tmp 37891 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKPC2.tmp 191724 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\WKPC3.tmp 8295 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\wp00e2a32b-1.png 136892 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\xpz1B8.tmp 0 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\_add_ds.log 272 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\{E19E99D8-8C7F-4B54-926D-920550CBB20C}
c:\docume~1\Kaitlin\LOCALS~1\Temp\{E19E99D8-8C7F-4B54-926D-920550CBB20C}\{C5074CC4-0E26-4716-A307-960272A90040}
c:\docume~1\Kaitlin\LOCALS~1\Temp\{E19E99D8-8C7F-4B54-926D-920550CBB20C}\{C5074CC4-0E26-4716-A307-960272A90040}\difxapi.dll 337320 bytes executable
c:\docume~1\Kaitlin\LOCALS~1\Temp\{E19E99D8-8C7F-4B54-926D-920550CBB20C}\{C5074CC4-0E26-4716-A307-960272A90040}\setup.log 441 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF2E6D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF2E7C.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF3091.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF310B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF314D.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF31EE.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF327E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF342F.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF34C2.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF34D2.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF34E3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF350A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF35C9.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF3627.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF36C2.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF38E0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF3A63.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF3F63.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4111.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF4247.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF426B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF43E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF43F4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF45C0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF46C0.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF77A.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF77F9.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF787E.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF78D8.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF7BB4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF7C16.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF7DE1.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF7DF4.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF820.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF831.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF84D3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF861.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF88B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF8CF9.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF8D11.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF96C1.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF98B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF9E2.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DF9F1B.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFA186.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFA3.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFA79B.tmp 114688 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFA8E7.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFA989.tmp 16384 bytes
c:\docume~1\Kaitlin\LOCALS~1\Temp\~DFAA16.tmp 16384 bytes

scan completed successfully
hidden files: 409

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-06-11 18:26
ComboFix-quarantined-files.txt 2009-06-11 00:25

Pre-Run: 60,116,615,168 bytes free
Post-Run: 60,105,465,856 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

576 --- E O F --- 2009-05-14 01:40

now the MBAM log.

Malwarebytes' Anti-Malware 1.37
Database version: 2259
Windows 5.1.2600 Service Pack 3

6/10/2009 6:50:43 PM
mbam-log-2009-06-10 (18-50-43).txt

Scan type: Full Scan (C:\|)
Objects scanned: 117079
Time elapsed: 19 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Not selected for removal.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Kaitlin\local settings\Temp\tmp162.tmp (Trojan.Alureon) -> Not selected for removal.
c:\documents and settings\Kaitlin\local settings\Temp\tmp2D.tmp (Trojan.Alureon) -> Not selected for removal.
c:\documents and settings\Kaitlin\local settings\Temp\tmp38.tmp (Trojan.Alureon) -> Not selected for removal.
c:\documents and settings\Kaitlin\local settings\Temp\tmp4B.tmp (Trojan.Alureon) -> Not selected for removal.
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Quarantined and deleted successfully.
c:\documents and settings\Kaitlin\Local Settings\Temp\VideoTools.exe (Trojan.FakeAlert) -> Not selected for removal.
c:\WINDOWS\Fonts\Ragnarok.exe (Worm.Archive) -> Not selected for removal.
c:\WINDOWS\Fonts\sakray.exe (Worm.Archive) -> Not selected for removal.

i did not remove any of the selected and instead only quarantined them. should i have?
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Quarantined and deleted successfully.
^^^^^^^^^^^^^^ this however i was unable to uncheck...

lastly here is a new HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:50 PM, on 6/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\Sierra\Planner\PLNRnote.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 4912 bytes


Thanks again for your time this must be awfully painstaking. KEEP UP THE GOOD WORK :mrgreen:
Apollo
Regular Member
 
Posts: 17
Joined: June 3rd, 2009, 11:13 pm

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby Apollo » June 10th, 2009, 9:37 pm

IE is now working now so i went ahead and updated as much as possible. I've also done a little research and found that much of the trojans that MBAM found were from having a pirated version of windows? is there any way to know for sure if my copy is illegal? (this computer is second hand BTW) although i'm not sure why this notebook would not be truly from microsoft... dell puts the proof of authenticity on a sticker right at the bottom :lol: with activation code and all.

Now that windows is updated some, i'll try to stop fiddling with things. i just finished reading the post regarding that. sorry!

Apollo
Apollo
Regular Member
 
Posts: 17
Joined: June 3rd, 2009, 11:13 pm

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby muppy03 » June 11th, 2009, 7:07 am

Hi Apollo,

That cleaned up a fair bit! ;)

is there any way to know for sure if my copy is illegal? (this computer is second hand BTW)

Lets find out.
WGA Diagnostic Tool

Please follow this WGA troubleshooting procedure:

Please post (reply) with the results.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: IE crashes computer/win update blocked/malwarebytes blocked

Unread postby Apollo » June 11th, 2009, 3:21 pm

wow congratulations on finishing your program! Im actually hoping to apply to the acadamy once i get this thread finished up. I will run this program as soon as i get home tonight.

Apollo
Apollo
Regular Member
 
Posts: 17
Joined: June 3rd, 2009, 11:13 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware