Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please Answer this time, Last time had 15 views no Answers.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please Answer this time, Last time had 15 views no Answers.

Unread postby Keaton » November 28th, 2008, 10:50 pm

Hello, I am Keaton.

I am a big Gamer, But sadly, I have a family, and little kids that like to Download stuff therefor I have bought them their own Pc.

I am aware of many trojan etc on my P.c. and would Love to fix them. I try to play games.. but pop-ups love to minimize/ or take them out of full-screen.

I would love help, And I downloaded Hijack. Will put report.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:13 AM, on 11/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Linksys\WMP110\gtwpssrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys\WMP110\WLSngS.exe
C:\Program Files\Linksys\WUSB54GSC\WLService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys\WMP110\WMP110.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {DFB837FD-39C2-3295-0BD5-0965866EA3AD} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [WMP110] C:\Program Files\Linksys\WMP110\WMP110.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8052945185
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/i ... downls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O20 - AppInit_DLLs: betbtl.dll
O20 - Winlogon Notify: geBUOfef - geBUOfef.dll (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GTWPSSRV (GTWPSService) - Unknown owner - C:\Program Files\Linksys\WMP110\gtwpssrv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Linksys\WMP110\jswpsapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: WLSng Service - TODO: <Company name> - C:\Program Files\Linksys\WMP110\WLSngS.exe
O23 - Service: WUSB54GSC - GEMTEKS - C:\Program Files\Linksys\WUSB54GSC\WLService.exe

--
End of file - 7397 bytes


I imagine this is what you need? If not I will gladly get what you need. Please Assist. I really dont want my Credit card Info. Stolen. I am actually sort of in a pinch with money so this would increase my worries. Please Assist ^^.


Oh. Also before this I tryed deleting Ie7 off Pc. I dont believe it went well. And Idk. But for the most parts Ie popups stopped. Firefox.. not so much. I dont wanna use Ie. so its ok If I must remove.

Also, On some Scans Ive done. Ive had 1k-50k + Trojan traces in a File called C:\WINDOWS\Fonts\'\ Which i cant access.. Atm Im terrified of my info. Being released. And Im worried. Because Really money is an issue :P

Also I have no Anti - spyware protection only Windows Firewall.

Heres is Uninstall list:

Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Shockwave Player
AIM 6
Apple Software Update
Bonjour
CCleaner (remove only)
Compact Wireless-G USB Network Adapter with SpeedBooster
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Java(TM) 6 Update 3
Java(TM) 6 Update 7
LimeWire 4.18.8
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.4)
MPlugin
NVIDIA Drivers
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Smart Menus (Windows Live Toolbar)
SPORE™ Creature Creator
Station Launcher
Ventrilo Client
WarRock
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Install Manager

1:27am - I just updated Windows, It also updated some things for Ie7.

here is another Hijack this log. just incase it changed

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:11 AM, on 11/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Linksys\WMP110\gtwpssrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys\WMP110\WLSngS.exe
C:\Program Files\Linksys\WUSB54GSC\WLService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys\WMP110\WMP110.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {DFB837FD-39C2-3295-0BD5-0965866EA3AD} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [WMP110] C:\Program Files\Linksys\WMP110\WMP110.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8052945185
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/i ... downls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O20 - AppInit_DLLs: betbtl.dll
O20 - Winlogon Notify: geBUOfef - geBUOfef.dll (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GTWPSSRV (GTWPSService) - Unknown owner - C:\Program Files\Linksys\WMP110\gtwpssrv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Linksys\WMP110\jswpsapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: WLSng Service - TODO: <Company name> - C:\Program Files\Linksys\WMP110\WLSngS.exe
O23 - Service: WUSB54GSC - GEMTEKS - C:\Program Files\Linksys\WUSB54GSC\WLService.exe

--
End of file - 7430 bytes

For the most part, Pop ups stopped.
Keaton
Active Member
 
Posts: 4
Joined: November 28th, 2008, 1:49 am
Advertisement
Register to Remove

Re: Please Answer this time, Last time had 15 views no Answers.

Unread postby Axephilic » November 29th, 2008, 2:18 pm

Hello ,

Welcome to the Malware Removal Forums! My name is Adam and I will be assisting you with getting the malware off of your computer. Please observe the following points before we start:
  1. If at any point you don't understand something, please let me know and I will be glad to expain or go more into depth for you. :)
  2. I am still in training, so my responses may take more time than usual because all of my posts must be checked by an expert or teacher.
    Also, please remember, I am a volunteer and I have a personal life. I go to school full time, have a part time job, and I do sports. A lot of this takes a lot of time.
  3. Please keep all of your replys in this topic/thread and do not make a new topic/thread, thanks!
  4. Please stick with this, don't stop responding because the symptoms are gone, the infection could still be there. Keep replying to my posts until I give you the All Clean message. ;)
  5. If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me so the topic will not be closed.

I am looking over your log now and will have to wait for a teacher or expert to give me the OK to post back to you before I can do so. I will post back as soon as possible. In the future, please do not double post. We have a lot of logs waiting and not a lot of helpers. We do our best to get the answered as soon as possible. I have asked that your other topic be closed.

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Please Answer this time, Last time had 15 views no Answers.

Unread postby Axephilic » December 1st, 2008, 4:16 pm

Hello,

P2P Warning!

With reference to Malware Removal's P2P Programs Policy, please uninstall the following programs before we continue:

  1. Click on Start > Control Panel and double click on Add/Remove Programs.
  2. Locate LimeWire 4.18.8 and click on the Change/Remove button to uninstall it.
  3. Close Add/Remove Programs and Control Panel when done.


Fix HijackThis lines

  • Run HijackThis!
  • Click on Do a System Scan only
  • Place a tick next to the following lines:

    R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
    O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O2 - BHO: (no name) - {DFB837FD-39C2-3295-0BD5-0965866EA3AD} - (no file)
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
    O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
    O20 - AppInit_DLLs: betbtl.dll
    O20 - Winlogon Notify: geBUOfef - geBUOfef.dll (file missing)
Close all open windows and click on Fix checked and when you get a popup window click on Yes.


Now, please restart your computer.


RSIT
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


In your next reply, please include:
  1. Both RSIT logs
  2. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Please Answer this time, Last time had 15 views no Answers.

Unread postby Keaton » December 2nd, 2008, 9:04 pm

Hijack this ^.^

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:40 PM, on 12/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Linksys\WMP110\gtwpssrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys\WMP110\WLSngS.exe
C:\Program Files\Linksys\WUSB54GSC\WLService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys\WMP110\WMP110.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe
C:\Program Files\MediaMonkey\MediaMonkey.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [WMP110] C:\Program Files\Linksys\WMP110\WMP110.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8052945185
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/i ... downls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GTWPSSRV (GTWPSService) - Unknown owner - C:\Program Files\Linksys\WMP110\gtwpssrv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Linksys\WMP110\jswpsapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: WLSng Service - TODO: <Company name> - C:\Program Files\Linksys\WMP110\WLSngS.exe
O23 - Service: WUSB54GSC - GEMTEKS - C:\Program Files\Linksys\WUSB54GSC\WLService.exe

--
End of file - 6775 bytes





info.txt logfile of random's system information tool 1.04 2008-12-02 20:02:33

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Compact Wireless-G USB Network Adapter with SpeedBooster-->C:\Program Files\InstallShield Installation Information\{65563451-00B6-458C-9F9A-03A7757355A6}\setup.exe -runfromtemp -l0x0009 -removeonly
EQ2MAP Updater 1.1.2-->C:\Program Files\EQ2MAP Updater\uninst.exe
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
MediaMonkey 3.0-->"C:\Program Files\MediaMonkey\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPlugin-->"C:\Program Files\InstallShield Installation Information\{6102D63A-9387-4FC8-98E4-181121F8C0BA}\setup.exe" -runfromtemp -l0x0009 -removeonly
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PlayOnline Viewer & Tetra Master-->C:\Program Files\InstallShield Installation Information\{47004155-7376-403E-89E9-4C9F44AAF0D0}\setup.exe -runfromtemp -l0x0409
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SPORE™ Creature Creator-->"C:\Program Files\InstallShield Installation Information\{8CC42289-E228-4A35-B8A9-015242283BB2}\setup.exe" -runfromtemp -l0x0009 -removeonly
Station Launcher-->C:\Program Files\Sony\Station\Station Launcher\uninstall.exe
SugarRush-->"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33587458 -locale:US
UltraMon-->MsiExec.exe /I{CC15A5FC-B6D3-4A2D-8A26-D8F2702A3C00}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
WarRock-->C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

=====HijackThis Backups=====

O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)
O20 - AppInit_DLLs: betbtl.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O2 - BHO: (no name) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
O20 - Winlogon Notify: geBUOfef - geBUOfef.dll (file missing)
O2 - BHO: (no name) - {DFB837FD-39C2-3295-0BD5-0965866EA3AD} - (no file)
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------


next is log

Logfile of random's system information tool 1.04 (written by random/random)
Run by Keaton at 2008-12-02 20:01:58
Microsoft Windows XP Professional Service Pack 3
System drive C: has 93 GB (71%) free of 131 GB
Total RAM: 2046 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:00 PM, on 12/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Linksys\WMP110\gtwpssrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys\WMP110\WLSngS.exe
C:\Program Files\Linksys\WUSB54GSC\WLService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys\WMP110\WMP110.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Keaton\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Keaton.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [WMP110] C:\Program Files\Linksys\WMP110\WMP110.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8052945185
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/i ... downls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GTWPSSRV (GTWPSService) - Unknown owner - C:\Program Files\Linksys\WMP110\gtwpssrv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Linksys\WMP110\jswpsapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: WLSng Service - TODO: <Company name> - C:\Program Files\Linksys\WMP110\WLSngS.exe
O23 - Service: WUSB54GSC - GEMTEKS - C:\Program Files\Linksys\WUSB54GSC\WLService.exe

--
End of file - 6790 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WMP110"=C:\Program Files\Linksys\WMP110\WMP110.exe [2008-02-27 962560]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"SBAMTray"=C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe [2008-10-28 681256]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-10-30 16269312]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"= []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
UltraMon.lnk - C:\WINDOWS\Installer\{CC15A5FC-B6D3-4A2D-8A26-D8F2702A3C00}\IcoUltraMon.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe"="C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:CurseClient"
"C:\Program Files\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Documents and Settings\Keaton\Desktop\20080826EudemonsV1130_BC.exe"="C:\Documents and Settings\Keaton\Desktop\20080826EudemonsV1130_BC.exe:*:Enabled:BitCometLite"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\MAIET\Gunz\GunzLauncher.exe"="C:\Program Files\MAIET\Gunz\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\ijji\ENGLISH\u_gunz.exe"="C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader>"
"C:\ijji\ENGLISH\Gunz\Gunz.exe"="C:\ijji\ENGLISH\Gunz\Gunz.exe:*:Enabled:Gunz"
"C:\Documents and Settings\All Users\Application Data\IJJIGame\PLauncher.exe"="C:\Documents and Settings\All Users\Application Data\IJJIGame\PLauncher.exe:*:Enabled:PLauncher Application"
"C:\WINDOWS\Downloaded Program Files\PurpleBean.exe"="C:\WINDOWS\Downloaded Program Files\PurpleBean.exe:*:Enabled:PurpleBean.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Wyzo\wyzo.exe"="C:\Program Files\Wyzo\wyzo.exe:*:Disabled:Wyzo"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Nexon\SugarRush\Bin\SugarRush.exe"="C:\Nexon\SugarRush\Bin\SugarRush.exe:*:Enabled:SugarRush"
"C:\Program Files\Sony\EverQuest II\EverQuest2.exe"="C:\Program Files\Sony\EverQuest II\EverQuest2.exe:*:Enabled:EQ2 Client Application"
"Game.exe"="Game.exe:*:Enabled:GostSoul"
"C:\Program Files\Netgame\Ghost\Game.exe"="C:\Program Files\Netgame\Ghost\Game.exe:*:Enabled:Game"
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe"="C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-12-02 20:01:58 ----D---- C:\rsit
2008-12-02 19:45:31 ----D---- C:\Program Files\PlayOnline
2008-11-30 10:14:11 ----D---- C:\Program Files\EQ2MAP Updater
2008-11-29 09:38:26 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-11-29 09:34:17 ----D---- C:\Documents and Settings\Keaton\Application Data\Realtime Soft
2008-11-29 09:34:13 ----D---- C:\Program Files\UltraMon
2008-11-29 09:34:13 ----D---- C:\Program Files\Common Files\Realtime Soft
2008-11-29 09:34:13 ----D---- C:\Documents and Settings\All Users\Application Data\Realtime Soft
2008-11-28 21:58:47 ----D---- C:\Program Files\MediaMonkey
2008-11-28 08:30:01 ----D---- C:\Program Files\iPod
2008-11-28 08:29:58 ----D---- C:\Program Files\iTunes
2008-11-28 08:29:58 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-28 01:20:50 ----D---- C:\WINDOWS\ie7updates
2008-11-28 01:19:12 ----D---- C:\Program Files\MSXML 4.0
2008-11-28 00:14:55 ----D---- C:\Documents and Settings\Keaton\Application Data\Malwarebytes
2008-11-28 00:14:46 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-28 00:09:37 ----D---- C:\Program Files\Trend Micro
2008-11-27 23:53:27 ----D---- C:\WINDOWS\pss
2008-11-27 23:40:38 ----A---- C:\Documents and Settings\Keaton\Application Data\netstat.bat
2008-11-27 23:02:43 ----D---- C:\Documents and Settings\Keaton\Application Data\InstallShield
2008-11-27 21:35:10 ----SH---- C:\WINDOWS\system32\wtwonxrg.ini
2008-11-27 11:46:52 ----D---- C:\Documents and Settings\Keaton\Application Data\Sunbelt
2008-11-27 11:46:48 ----D---- C:\Documents and Settings\All Users\Application Data\Sunbelt
2008-11-27 11:46:21 ----D---- C:\Program Files\Sunbelt Software
2008-11-27 11:41:38 ----D---- C:\WINDOWS\WBEM
2008-11-27 11:40:36 ----HDC---- C:\WINDOWS\ie7
2008-11-27 11:40:20 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-11-27 11:39:58 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-11-27 10:38:59 ----A---- C:\WINDOWS\system32\hgGaxUOf.dll
2008-11-27 09:13:03 ----SH---- C:\desktop.ini
2008-11-27 01:32:40 ----A---- C:\WINDOWS\system32\khfEWPIB.dll
2008-11-26 19:41:04 ----A---- C:\WINDOWS\system32\wvUljHYQ.dll
2008-11-26 17:54:00 ----D---- C:\Program Files\Common Files\AOL
2008-11-26 17:53:43 ----D---- C:\Program Files\AIM6
2008-11-26 17:41:59 ----A---- C:\WINDOWS\system32\xczxon.dll
2008-11-26 17:41:58 ----A---- C:\WINDOWS\system32\uoljdwpg.dll
2008-11-26 16:27:22 ----SH---- C:\WINDOWS\system32\maaqslaa.ini
2008-11-26 16:26:36 ----D---- C:\Documents and Settings\Keaton\Application Data\Sun
2008-11-26 16:21:19 ----A---- C:\WINDOWS\system32\rvmnox.dll
2008-11-26 16:21:18 ----A---- C:\WINDOWS\system32\askbkafq.dll
2008-11-25 20:43:39 ----A---- C:\WINDOWS\system32\cbXOGwvv.dll
2008-11-25 20:04:56 ----A---- C:\WINDOWS\system32\awtrSjJD.dll
2008-11-25 17:11:59 ----SH---- C:\WINDOWS\system32\egdsojtq.ini
2008-11-25 15:21:58 ----A---- C:\WINDOWS\system32\yayaBTno.dll
2008-11-25 00:05:07 ----A---- C:\WINDOWS\system32\cbXpmkHX.dll
2008-11-24 17:53:45 ----A---- C:\WINDOWS\system32\ddcBUkig.dll
2008-11-24 17:05:47 ----SH---- C:\WINDOWS\system32\enegwbhp.ini
2008-11-24 17:02:54 ----A---- C:\WINDOWS\system32\exbzol.dll
2008-11-24 17:02:44 ----A---- C:\WINDOWS\system32\vdefijga.dll
2008-11-24 16:40:08 ----A---- C:\WINDOWS\system32\awttQjjh.dll
2008-11-24 12:55:52 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-11-24 11:56:06 ----A---- C:\WINDOWS\system32\ljJAQHbb.dll
2008-11-23 22:35:27 ----A---- C:\WINDOWS\system32\xxyaARjH.dll
2008-11-23 20:33:24 ----A---- C:\WINDOWS\system32\hgGVlJaA.dll
2008-11-23 17:02:48 ----A---- C:\WINDOWS\system32\qxmklx.dll
2008-11-23 17:02:47 ----A---- C:\WINDOWS\system32\ytkjgcme.dll
2008-11-22 17:07:49 ----A---- C:\WINDOWS\system32\sgirox.dll
2008-11-22 17:07:48 ----A---- C:\WINDOWS\system32\tmpqrult.dll
2008-11-22 17:04:51 ----SH---- C:\WINDOWS\system32\dpiulvfu.ini
2008-11-22 11:04:46 ----D---- C:\Documents and Settings\Keaton\Application Data\SPORE Creature Creator
2008-11-22 11:03:03 ----RHD---- C:\Documents and Settings\Keaton\Application Data\SecuROM
2008-11-22 08:52:44 ----A---- C:\WINDOWS\system32\frseaiff.dll
2008-11-22 08:52:44 ----A---- C:\WINDOWS\system32\fpoggg.dll
2008-11-21 08:49:47 ----A---- C:\WINDOWS\system32\zodmcw.dll
2008-11-21 08:49:47 ----A---- C:\WINDOWS\system32\hhjoheta.dll
2008-11-21 08:47:33 ----SH---- C:\WINDOWS\system32\vtuhmrcg.ini
2008-11-20 20:22:49 ----A---- C:\WINDOWS\system32\xxyXRhfe.dll
2008-11-20 18:15:55 ----A---- C:\WINDOWS\system32\mlJArQGy.dll
2008-11-20 15:24:10 ----A---- C:\WINDOWS\system32\smtxzm.dll
2008-11-20 15:24:09 ----A---- C:\WINDOWS\system32\legtxkpg.dll
2008-11-18 19:23:23 ----A---- C:\WINDOWS\system32\rcnttsdm.exe
2008-11-18 19:14:50 ----A---- C:\WINDOWS\system32\qoMFwuRJ.dll
2008-11-18 19:14:50 ----A---- C:\WINDOWS\system32\pmnllKEt.dll
2008-11-18 16:30:17 ----D---- C:\Documents and Settings\Keaton\Application Data\Twain
2008-11-18 16:18:14 ----A---- C:\WINDOWS\system32\jkkHbabA.dll
2008-11-18 16:18:14 ----A---- C:\WINDOWS\system32\hgGXnOhf.dll
2008-11-18 15:12:28 ----A---- C:\WINDOWS\system32\urqOFyVL.dll
2008-11-18 15:12:28 ----A---- C:\WINDOWS\system32\opnnlMDV.dll
2008-11-18 14:33:46 ----A---- C:\WINDOWS\system32\yaywtRiH.dll
2008-11-18 14:33:45 ----A---- C:\WINDOWS\system32\iifFxvwT.dll
2008-11-18 08:02:23 ----A---- C:\WINDOWS\system32\tuvSKCst.dll
2008-11-18 08:02:23 ----A---- C:\WINDOWS\system32\efcATNEX.dll
2008-11-18 07:28:33 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
2008-11-18 07:28:29 ----D---- C:\Documents and Settings\Keaton\Application Data\Azureus
2008-11-18 06:49:48 ----A---- C:\WINDOWS\system32\vtULfFXp.dll
2008-11-18 06:49:48 ----A---- C:\WINDOWS\system32\efcaaWpN.dll
2008-11-17 22:42:27 ----A---- C:\WINDOWS\system32\qoMeEUKE.dll
2008-11-17 22:42:27 ----A---- C:\WINDOWS\system32\mlJCRhGY.dll
2008-11-17 16:57:53 ----A---- C:\WINDOWS\system32\pmnnNfCV.dll
2008-11-17 16:57:53 ----A---- C:\WINDOWS\system32\opnnoppN.dll
2008-11-17 13:59:43 ----A---- C:\WINDOWS\system32\nnnkKeBq.dll
2008-11-17 13:59:43 ----A---- C:\WINDOWS\system32\efcCssrs.dll
2008-11-17 10:43:39 ----A---- C:\WINDOWS\system32\jkkLFxUn.dll
2008-11-17 10:43:39 ----A---- C:\WINDOWS\system32\byXRkhij.dll
2008-11-17 09:01:18 ----SHD---- C:\WINDOWS\RGpvdW1lIE5hYmU
2008-11-17 09:01:18 ----A---- C:\WINDOWS\system32\g61.exe
2008-11-17 09:01:14 ----D---- C:\WINDOWS\system32\wpd
2008-11-17 09:01:14 ----D---- C:\WINDOWS\system32\spc
2008-11-17 09:01:14 ----D---- C:\WINDOWS\system32\ocx
2008-11-17 09:01:14 ----D---- C:\WINDOWS\system32\dom
2008-11-17 09:01:12 ----D---- C:\WINDOWS\system32\dPI02
2008-11-17 09:01:10 ----A---- C:\WINDOWS\system32\ddcDuUol.dll
2008-11-17 09:01:10 ----A---- C:\WINDOWS\system32\cbXPhhgg.dll
2008-11-16 15:27:14 ----A---- C:\WINDOWS\system32\jswscsup.dll
2008-11-16 07:21:04 ----SH---- C:\WINDOWS\system32\jxcnxtyb.ini
2008-11-16 06:21:07 ----SH---- C:\WINDOWS\system32\ftjtrfcm.ini
2008-11-16 06:18:31 ----A---- C:\WINDOWS\system32\035133ad-.txt
2008-11-16 06:16:15 ----A---- C:\WINDOWS\system32\vbzip10.dll
2008-11-16 06:12:23 ----D---- C:\WINDOWS\system32\QI02
2008-11-14 21:38:44 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-11-14 21:38:34 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-11-14 08:31:07 ----D---- C:\WINDOWS\Prefetch
2008-11-14 08:18:58 ----D---- C:\WINDOWS\system32\en-us
2008-11-14 08:18:57 ----D---- C:\WINDOWS\system32\scripting
2008-11-14 08:18:57 ----D---- C:\WINDOWS\system32\en
2008-11-14 08:18:57 ----D---- C:\WINDOWS\l2schemas
2008-11-14 08:15:39 ----D---- C:\WINDOWS\network diagnostic
2008-11-13 21:34:13 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-11-13 21:34:13 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-11-13 21:34:13 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-11-13 21:34:13 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-11-13 21:34:13 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2008-11-13 21:34:13 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-11-13 21:34:13 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-11-13 21:34:13 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-11-13 21:34:13 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2008-11-13 21:34:13 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-11-13 21:34:13 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-11-13 21:34:13 ----N---- C:\WINDOWS\system32\px.dll

======List of files/folders modified in the last 1 months======

2008-12-02 20:00:40 ----D---- C:\Program Files\Mozilla Firefox
2008-12-02 19:58:39 ----D---- C:\WINDOWS\Temp
2008-12-02 19:58:32 ----D---- C:\WINDOWS
2008-12-02 19:58:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-02 19:58:16 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-02 19:58:08 ----D---- C:\WINDOWS\system32
2008-12-02 19:57:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-02 19:53:57 ----D---- C:\Program Files\LimeWire
2008-12-02 19:45:54 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-02 19:45:50 ----SHD---- C:\WINDOWS\Installer
2008-12-02 19:45:31 ----RD---- C:\Program Files
2008-12-02 12:58:38 ----D---- C:\Nexon
2008-12-01 23:19:17 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-01 23:17:38 ----HD---- C:\WINDOWS\inf
2008-12-01 23:17:31 ----D---- C:\WINDOWS\Help
2008-12-01 08:24:38 ----D---- C:\Documents and Settings\Keaton\Application Data\Macromedia
2008-12-01 08:24:38 ----D---- C:\Documents and Settings\Keaton\Application Data\Adobe
2008-11-28 22:50:24 ----D---- C:\Documents and Settings\Keaton\Application Data\LimeWire
2008-11-28 22:12:05 ----D---- C:\WINDOWS\system32\drivers
2008-11-28 08:29:43 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-28 08:29:29 ----D---- C:\Program Files\Common Files\Apple
2008-11-28 01:21:02 ----D---- C:\Program Files\Internet Explorer
2008-11-28 01:20:35 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-28 01:19:12 ----D---- C:\WINDOWS\WinSxS
2008-11-28 00:39:29 ----RSD---- C:\WINDOWS\Fonts
2008-11-28 00:38:41 ----D---- C:\WINDOWS\system32\xin
2008-11-28 00:38:41 ----D---- C:\WINDOWS\system32\AI
2008-11-28 00:07:58 ----RASH---- C:\boot.ini
2008-11-28 00:07:58 ----A---- C:\WINDOWS\win.ini
2008-11-28 00:07:58 ----A---- C:\WINDOWS\system.ini
2008-11-27 23:58:18 ----D---- C:\Program Files\WinRAR
2008-11-27 23:44:07 ----D---- C:\Program Files\Bonjour
2008-11-27 23:37:03 ----D---- C:\WINDOWS\system32\jec
2008-11-27 23:26:39 ----SD---- C:\Documents and Settings\Keaton\Application Data\Microsoft
2008-11-27 23:15:32 ----D---- C:\Program Files\NetMeeting
2008-11-27 23:10:55 ----SD---- C:\WINDOWS\Tasks
2008-11-27 23:02:24 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-11-27 22:56:42 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-27 22:53:52 ----D---- C:\WINDOWS\Debug
2008-11-27 13:04:24 ----D---- C:\WINDOWS\system32\DEC
2008-11-27 13:04:15 ----D---- C:\Program Files\Common Files\rwzz
2008-11-27 13:04:12 ----D---- C:\WINDOWS\system32\oca
2008-11-27 11:42:51 ----D---- C:\WINDOWS\system32\config
2008-11-27 11:41:34 ----D---- C:\WINDOWS\Media
2008-11-27 11:29:00 ----D---- C:\Documents and Settings\Keaton\Application Data\FrostWire
2008-11-27 11:26:14 ----D---- C:\WINDOWS\system32\appmgmt
2008-11-27 11:26:14 ----D---- C:\Documents and Settings
2008-11-26 17:54:00 ----D---- C:\Program Files\Common Files
2008-11-26 17:40:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-26 16:26:27 ----D---- C:\WINDOWS\Registration
2008-11-24 12:55:39 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-24 12:55:30 ----D---- C:\Program Files\Common Files\InstallShield
2008-11-22 15:40:45 ----D---- C:\Program Files\Sony
2008-11-18 07:49:59 ----D---- C:\WINDOWS\system32\LogFiles
2008-11-16 23:35:08 ----D---- C:\WINDOWS\system32\zk_sc dir
2008-11-16 15:26:39 ----D---- C:\Program Files\Linksys
2008-11-15 11:02:23 ----A---- C:\WINDOWS\GunzLauncher.INI
2008-11-14 21:38:37 ----RSD---- C:\WINDOWS\assembly
2008-11-14 21:38:37 ----D---- C:\WINDOWS\system32\DirectX
2008-11-14 21:38:35 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-14 21:37:40 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-14 08:30:17 ----D---- C:\WINDOWS\system32\wbem
2008-11-14 08:30:17 ----D---- C:\WINDOWS\system32\Setup
2008-11-14 08:30:17 ----D---- C:\WINDOWS\AppPatch
2008-11-14 08:19:09 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-14 08:19:04 ----D---- C:\WINDOWS\ime
2008-11-14 08:18:58 ----D---- C:\WINDOWS\system32\usmt
2008-11-14 08:18:57 ----D---- C:\WINDOWS\system32\bits
2008-11-14 08:18:57 ----D---- C:\WINDOWS\peernet
2008-11-14 08:18:57 ----D---- C:\Program Files\Movie Maker
2008-11-14 08:17:08 ----D---- C:\WINDOWS\system32\Restore
2008-11-14 08:17:08 ----D---- C:\WINDOWS\system32\npp
2008-11-14 08:17:07 ----D---- C:\WINDOWS\msagent
2008-11-14 08:17:06 ----D---- C:\WINDOWS\srchasst
2008-11-14 08:17:04 ----D---- C:\WINDOWS\system32\Com
2008-11-14 08:17:02 ----D---- C:\Program Files\Windows NT
2008-11-14 08:17:02 ----D---- C:\Program Files\Windows Media Player
2008-11-14 08:17:02 ----D---- C:\Program Files\Outlook Express
2008-11-14 08:16:59 ----D---- C:\Program Files\Common Files\System
2008-11-14 08:16:46 ----D---- C:\WINDOWS\system32\oobe
2008-11-14 08:16:45 ----D---- C:\WINDOWS\system
2008-11-14 08:14:54 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-14 08:14:48 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-14 08:12:34 ----D---- C:\WINDOWS\EHome
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 sbaphd;sbaphd; C:\WINDOWS\system32\drivers\sbaphd.sys [2008-09-12 13360]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.7.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-11-16 21035]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 sbapifs;sbapifs; C:\WINDOWS\system32\drivers\sbapifs.sys [2008-09-12 69168]
R2 UltraMonUtility;UltraMon Utility Driver; \??\C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\Linksys\WMP110\GTNDIS5.SYS []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 JSWSCIMD;jswscimd Service; C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2007-08-28 57344]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2006-08-14 83200]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WMP110;Linksys WMP110 RangePlus Wireless PCI Adapter Service; C:\WINDOWS\system32\DRIVERS\WMP110.sys [2007-10-17 1299520]
S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\DNINDIS5.SYS []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 npkcusb;npkcusb; \??\C:\Nexon\Mabinogi\npkcusb.sys []
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 PRISM_USB;Linksys Wireless-B USB Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\LSPMUSB.sys []
S3 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 USB_RNDIS;Compact Wireless-G USB Network Adapter with SpeedBooster; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service; C:\WINDOWS\system32\DRIVERS\WPN111.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva004;XDva004; \??\C:\WINDOWS\system32\XDva004.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 GTWPSService;GTWPSSRV; C:\Program Files\Linksys\WMP110\gtwpssrv.exe [2008-01-30 34816]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 SBAMSvc;CounterSpy Antispyware; C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe [2008-10-28 886056]
R2 WLSng Service;WLSng Service; C:\Program Files\Linksys\WMP110\WLSngS.exe [2007-07-30 233472]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 WUSB54GSC;WUSB54GSC; C:\Program Files\Linksys\WUSB54GSC\WLService.exe [2005-07-04 53307]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files\Linksys\WMP110\jswpsapi.exe [2007-10-29 352338]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe []
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe []
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------


Sorry for delay, And I am willing to uninstall anything nessaccary.
Keaton
Active Member
 
Posts: 4
Joined: November 28th, 2008, 1:49 am

Re: Please Answer this time, Last time had 15 views no Answers.

Unread postby Axephilic » December 3rd, 2008, 12:38 pm

Hello,


Fix HijackThis lines

Close all open windows and click on Fix checked and when you get a popup window click on Yes.


  1. Please download OTMoveIt3.exe from Geeks to Go and save it to your desktop.
  2. Double click on OTMoveIt3.exe to run it.
  3. Please copy and paste the following in the Code box into OTMoveIt3 (1).

    Warning: Do not type it out to prevent any typo errors and damaging your machine.

    Code: Select all
    :Files
    C:\WINDOWS\system32\wtwonxrg.ini
    C:\WINDOWS\system32\hgGaxUOf.dll
    C:\WINDOWS\system32\khfEWPIB.dll
    C:\WINDOWS\system32\wvUljHYQ.dll
    C:\WINDOWS\system32\xczxon.dll
    C:\WINDOWS\system32\uoljdwpg.dll
    C:\WINDOWS\system32\maaqslaa.ini
    C:\WINDOWS\system32\rvmnox.dll
    C:\WINDOWS\system32\askbkafq.dll
    C:\WINDOWS\system32\cbXOGwvv.dll
    C:\WINDOWS\system32\awtrSjJD.dll
    C:\WINDOWS\system32\egdsojtq.ini
    C:\WINDOWS\system32\yayaBTno.dll
    C:\WINDOWS\system32\cbXpmkHX.dll
    C:\WINDOWS\system32\ddcBUkig.dll
    C:\WINDOWS\system32\enegwbhp.ini
    C:\WINDOWS\system32\exbzol.dll
    C:\WINDOWS\system32\vdefijga.dll
    C:\WINDOWS\system32\awttQjjh.dll
    C:\WINDOWS\system32\ljJAQHbb.dll
    C:\WINDOWS\system32\xxyaARjH.dll
    C:\WINDOWS\system32\hgGVlJaA.dll
    C:\WINDOWS\system32\qxmklx.dll
    C:\WINDOWS\system32\ytkjgcme.dll
    C:\WINDOWS\system32\sgirox.dll
    C:\WINDOWS\system32\tmpqrult.dll
    C:\WINDOWS\system32\dpiulvfu.ini
    C:\WINDOWS\system32\frseaiff.dll
    C:\WINDOWS\system32\fpoggg.dll
    C:\WINDOWS\system32\zodmcw.dll
    C:\WINDOWS\system32\hhjoheta.dll
    C:\WINDOWS\system32\vtuhmrcg.ini
    C:\WINDOWS\system32\xxyXRhfe.dll
    C:\WINDOWS\system32\mlJArQGy.dll
    C:\WINDOWS\system32\smtxzm.dll
    C:\WINDOWS\system32\legtxkpg.dll
    C:\WINDOWS\system32\rcnttsdm.exe
    C:\WINDOWS\system32\qoMFwuRJ.dll
    C:\WINDOWS\system32\pmnllKEt.dll
    C:\WINDOWS\system32\jkkHbabA.dll
    C:\WINDOWS\system32\hgGXnOhf.dll
    C:\WINDOWS\system32\urqOFyVL.dll
    C:\WINDOWS\system32\opnnlMDV.dll
    C:\WINDOWS\system32\yaywtRiH.dll
    C:\WINDOWS\system32\iifFxvwT.dll
    C:\WINDOWS\system32\tuvSKCst.dll
    C:\WINDOWS\system32\efcATNEX.dll
    C:\WINDOWS\system32\vtULfFXp.dll
    C:\WINDOWS\system32\efcaaWpN.dll
    C:\WINDOWS\system32\qoMeEUKE.dll
    C:\WINDOWS\system32\mlJCRhGY.dll
    C:\WINDOWS\system32\pmnnNfCV.dll
    C:\WINDOWS\system32\opnnoppN.dll
    C:\WINDOWS\system32\nnnkKeBq.dll
    C:\WINDOWS\system32\efcCssrs.dll
    C:\WINDOWS\system32\jkkLFxUn.dll
    C:\WINDOWS\system32\byXRkhij.dll
    C:\WINDOWS\system32\g61.exe
    C:\WINDOWS\system32\ddcDuUol.dll
    C:\WINDOWS\system32\cbXPhhgg.dll
    C:\WINDOWS\system32\jswscsup.dll
    C:\WINDOWS\system32\jxcnxtyb.ini
    C:\WINDOWS\system32\ftjtrfcm.ini
    C:\WINDOWS\system32\035133ad-.txt
    C:\WINDOWS\system32\vbzip10.dll
    C:\WINDOWS\system32\QI02
    C:\WINDOWS\system32\wpd
    C:\WINDOWS\system32\spc
    C:\WINDOWS\system32\ocx
    C:\WINDOWS\system32\dom
    C:\WINDOWS\system32\dPI02
    C:\WINDOWS\RGpvdW1lIE5hYmU
    C:\Documents and Settings\All Users\Application Data\Azureus
    C:\Documents and Settings\Keaton\Application Data\Azureus
    C:\Documents and Settings\Keaton\Application Data\Twain
    C:\Program Files\LimeWire
    C:\Documents and Settings\Keaton\Application Data\LimeWire
    C:\WINDOWS\system32\xin
    C:\WINDOWS\system32\AI
    C:\WINDOWS\system32\jec
    C:\WINDOWS\system32\DEC
    C:\Program Files\Common Files\rwzz
    C:\Documents and Settings\Keaton\Application Data\FrostWire
    C:\WINDOWS\system32\zk_sc dir
    sC:\WINDOWS\system32\usmt
    C:\WINDOWS\system32\bits
    C:\WINDOWS\peernet
    C:\WINDOWS\system32\npp
    C:\WINDOWS\srchasst
    :Reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\DNA\btdna.exe"=-
    "C:\Program Files\FrostWire\FrostWire.exe"=-
    "C:\Program Files\Bonjour\mDNSResponder.exe"=-
    "C:\Documents and Settings\Keaton\Desktop\20080826EudemonsV1130_BC.exe"=-
    "C:\Program Files\BitComet\BitComet.exe"=-
    "C:\Program Files\BitTorrent\bittorrent.exe"=-
    "C:\Program Files\LimeWire\LimeWire.exe"=-
    "C:\Program Files\Wyzo\wyzo.exe"=-
    "C:\Program Files\Vuze\Azureus.exe"=-
    :Commands
    [EmptyTemp]
    [Reboot]


    Please refer to this image to use OTMoveIt3.

    Image

  4. Click on MoveIt! (2)
  5. Click Exit (3) when done.


Please Download and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


In your next reply, please include:
  1. OTMoveIt3 log
  2. MBAM log
  3. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Please Answer this time, Last time had 15 views no Answers.

Unread postby Keaton » December 3rd, 2008, 8:58 pm

Heres the stuff. it goes Move it --> Mbam thing --> hijack this.

========== FILES ==========
C:\WINDOWS\system32\wtwonxrg.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hgGaxUOf.dll
C:\WINDOWS\system32\hgGaxUOf.dll NOT unregistered.
C:\WINDOWS\system32\hgGaxUOf.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\khfEWPIB.dll
C:\WINDOWS\system32\khfEWPIB.dll NOT unregistered.
C:\WINDOWS\system32\khfEWPIB.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wvUljHYQ.dll
C:\WINDOWS\system32\wvUljHYQ.dll NOT unregistered.
C:\WINDOWS\system32\wvUljHYQ.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xczxon.dll
C:\WINDOWS\system32\xczxon.dll NOT unregistered.
C:\WINDOWS\system32\xczxon.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\uoljdwpg.dll
C:\WINDOWS\system32\uoljdwpg.dll NOT unregistered.
C:\WINDOWS\system32\uoljdwpg.dll moved successfully.
C:\WINDOWS\system32\maaqslaa.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rvmnox.dll
C:\WINDOWS\system32\rvmnox.dll NOT unregistered.
C:\WINDOWS\system32\rvmnox.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\askbkafq.dll
C:\WINDOWS\system32\askbkafq.dll NOT unregistered.
C:\WINDOWS\system32\askbkafq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\cbXOGwvv.dll
C:\WINDOWS\system32\cbXOGwvv.dll NOT unregistered.
C:\WINDOWS\system32\cbXOGwvv.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\awtrSjJD.dll
C:\WINDOWS\system32\awtrSjJD.dll NOT unregistered.
C:\WINDOWS\system32\awtrSjJD.dll moved successfully.
C:\WINDOWS\system32\egdsojtq.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yayaBTno.dll
C:\WINDOWS\system32\yayaBTno.dll NOT unregistered.
C:\WINDOWS\system32\yayaBTno.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\cbXpmkHX.dll
C:\WINDOWS\system32\cbXpmkHX.dll NOT unregistered.
C:\WINDOWS\system32\cbXpmkHX.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ddcBUkig.dll
C:\WINDOWS\system32\ddcBUkig.dll NOT unregistered.
C:\WINDOWS\system32\ddcBUkig.dll moved successfully.
C:\WINDOWS\system32\enegwbhp.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\exbzol.dll
C:\WINDOWS\system32\exbzol.dll NOT unregistered.
C:\WINDOWS\system32\exbzol.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vdefijga.dll
C:\WINDOWS\system32\vdefijga.dll NOT unregistered.
C:\WINDOWS\system32\vdefijga.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\awttQjjh.dll
C:\WINDOWS\system32\awttQjjh.dll NOT unregistered.
C:\WINDOWS\system32\awttQjjh.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ljJAQHbb.dll
C:\WINDOWS\system32\ljJAQHbb.dll NOT unregistered.
C:\WINDOWS\system32\ljJAQHbb.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xxyaARjH.dll
C:\WINDOWS\system32\xxyaARjH.dll NOT unregistered.
C:\WINDOWS\system32\xxyaARjH.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hgGVlJaA.dll
C:\WINDOWS\system32\hgGVlJaA.dll NOT unregistered.
C:\WINDOWS\system32\hgGVlJaA.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qxmklx.dll
C:\WINDOWS\system32\qxmklx.dll NOT unregistered.
C:\WINDOWS\system32\qxmklx.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ytkjgcme.dll
C:\WINDOWS\system32\ytkjgcme.dll NOT unregistered.
C:\WINDOWS\system32\ytkjgcme.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\sgirox.dll
C:\WINDOWS\system32\sgirox.dll NOT unregistered.
C:\WINDOWS\system32\sgirox.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\tmpqrult.dll
C:\WINDOWS\system32\tmpqrult.dll NOT unregistered.
C:\WINDOWS\system32\tmpqrult.dll moved successfully.
C:\WINDOWS\system32\dpiulvfu.ini moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\frseaiff.dll
C:\WINDOWS\system32\frseaiff.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\frseaiff.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fpoggg.dll
C:\WINDOWS\system32\fpoggg.dll NOT unregistered.
C:\WINDOWS\system32\fpoggg.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\zodmcw.dll
C:\WINDOWS\system32\zodmcw.dll NOT unregistered.
C:\WINDOWS\system32\zodmcw.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hhjoheta.dll
C:\WINDOWS\system32\hhjoheta.dll NOT unregistered.
C:\WINDOWS\system32\hhjoheta.dll moved successfully.
C:\WINDOWS\system32\vtuhmrcg.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xxyXRhfe.dll
C:\WINDOWS\system32\xxyXRhfe.dll NOT unregistered.
C:\WINDOWS\system32\xxyXRhfe.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mlJArQGy.dll
C:\WINDOWS\system32\mlJArQGy.dll NOT unregistered.
C:\WINDOWS\system32\mlJArQGy.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\smtxzm.dll
C:\WINDOWS\system32\smtxzm.dll NOT unregistered.
C:\WINDOWS\system32\smtxzm.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\legtxkpg.dll
C:\WINDOWS\system32\legtxkpg.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\legtxkpg.dll scheduled to be moved on reboot.
C:\WINDOWS\system32\rcnttsdm.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qoMFwuRJ.dll
C:\WINDOWS\system32\qoMFwuRJ.dll NOT unregistered.
C:\WINDOWS\system32\qoMFwuRJ.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\pmnllKEt.dll
C:\WINDOWS\system32\pmnllKEt.dll NOT unregistered.
C:\WINDOWS\system32\pmnllKEt.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jkkHbabA.dll
C:\WINDOWS\system32\jkkHbabA.dll NOT unregistered.
C:\WINDOWS\system32\jkkHbabA.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hgGXnOhf.dll
C:\WINDOWS\system32\hgGXnOhf.dll NOT unregistered.
C:\WINDOWS\system32\hgGXnOhf.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\urqOFyVL.dll
C:\WINDOWS\system32\urqOFyVL.dll NOT unregistered.
C:\WINDOWS\system32\urqOFyVL.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\opnnlMDV.dll
C:\WINDOWS\system32\opnnlMDV.dll NOT unregistered.
C:\WINDOWS\system32\opnnlMDV.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yaywtRiH.dll
C:\WINDOWS\system32\yaywtRiH.dll NOT unregistered.
C:\WINDOWS\system32\yaywtRiH.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\iifFxvwT.dll
C:\WINDOWS\system32\iifFxvwT.dll NOT unregistered.
C:\WINDOWS\system32\iifFxvwT.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\tuvSKCst.dll
C:\WINDOWS\system32\tuvSKCst.dll NOT unregistered.
C:\WINDOWS\system32\tuvSKCst.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\efcATNEX.dll
C:\WINDOWS\system32\efcATNEX.dll NOT unregistered.
C:\WINDOWS\system32\efcATNEX.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vtULfFXp.dll
C:\WINDOWS\system32\vtULfFXp.dll NOT unregistered.
C:\WINDOWS\system32\vtULfFXp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\efcaaWpN.dll
C:\WINDOWS\system32\efcaaWpN.dll NOT unregistered.
C:\WINDOWS\system32\efcaaWpN.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qoMeEUKE.dll
C:\WINDOWS\system32\qoMeEUKE.dll NOT unregistered.
C:\WINDOWS\system32\qoMeEUKE.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mlJCRhGY.dll
C:\WINDOWS\system32\mlJCRhGY.dll NOT unregistered.
C:\WINDOWS\system32\mlJCRhGY.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\pmnnNfCV.dll
C:\WINDOWS\system32\pmnnNfCV.dll NOT unregistered.
C:\WINDOWS\system32\pmnnNfCV.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\opnnoppN.dll
C:\WINDOWS\system32\opnnoppN.dll NOT unregistered.
C:\WINDOWS\system32\opnnoppN.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nnnkKeBq.dll
C:\WINDOWS\system32\nnnkKeBq.dll NOT unregistered.
C:\WINDOWS\system32\nnnkKeBq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\efcCssrs.dll
C:\WINDOWS\system32\efcCssrs.dll NOT unregistered.
C:\WINDOWS\system32\efcCssrs.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jkkLFxUn.dll
C:\WINDOWS\system32\jkkLFxUn.dll NOT unregistered.
C:\WINDOWS\system32\jkkLFxUn.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\byXRkhij.dll
C:\WINDOWS\system32\byXRkhij.dll NOT unregistered.
C:\WINDOWS\system32\byXRkhij.dll moved successfully.
C:\WINDOWS\system32\g61.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ddcDuUol.dll
C:\WINDOWS\system32\ddcDuUol.dll NOT unregistered.
C:\WINDOWS\system32\ddcDuUol.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\cbXPhhgg.dll
C:\WINDOWS\system32\cbXPhhgg.dll NOT unregistered.
C:\WINDOWS\system32\cbXPhhgg.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jswscsup.dll
C:\WINDOWS\system32\jswscsup.dll NOT unregistered.
C:\WINDOWS\system32\jswscsup.dll moved successfully.
C:\WINDOWS\system32\jxcnxtyb.ini moved successfully.
C:\WINDOWS\system32\ftjtrfcm.ini moved successfully.
C:\WINDOWS\system32\035133ad-.txt moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\vbzip10.dll NOT unregistered.
C:\WINDOWS\system32\vbzip10.dll moved successfully.
C:\WINDOWS\system32\QI02 moved successfully.
C:\WINDOWS\system32\wpd moved successfully.
C:\WINDOWS\system32\spc moved successfully.
C:\WINDOWS\system32\ocx moved successfully.
C:\WINDOWS\system32\dom moved successfully.
C:\WINDOWS\system32\dPI02 moved successfully.
C:\WINDOWS\RGpvdW1lIE5hYmU moved successfully.
C:\Documents and Settings\All Users\Application Data\Azureus moved successfully.
C:\Documents and Settings\Keaton\Application Data\Azureus\torrents moved successfully.
C:\Documents and Settings\Keaton\Application Data\Azureus\tmp moved successfully.
C:\Documents and Settings\Keaton\Application Data\Azureus\subs moved successfully.
C:\Documents and Settings\Keaton\Application Data\Azureus\shares moved successfully.
C:\Documents and Settings\Keaton\Application Data\Azureus\plugins moved successfully.
C:\Documents and Settings\Keaton\Application Data\Azureus\net moved successfully.
C:\Documents and Settings\Keaton\Application Data\Azureus\logs moved successfully.
C:\Documents and Settings\Keaton\Application Data\Azureus\dht moved successfully.
C:\Documents and Settings\Keaton\Application Data\Azureus\active moved successfully.
C:\Documents and Settings\Keaton\Application Data\Azureus moved successfully.
C:\Documents and Settings\Keaton\Application Data\Twain moved successfully.
C:\Program Files\LimeWire\Incomplete moved successfully.
C:\Program Files\LimeWire moved successfully.
C:\Documents and Settings\Keaton\Application Data\LimeWire\xml\data moved successfully.
C:\Documents and Settings\Keaton\Application Data\LimeWire\xml moved successfully.
C:\Documents and Settings\Keaton\Application Data\LimeWire\themes\windows_theme moved successfully.
C:\Documents and Settings\Keaton\Application Data\LimeWire\themes moved successfully.
C:\Documents and Settings\Keaton\Application Data\LimeWire\promotion moved successfully.
C:\Documents and Settings\Keaton\Application Data\LimeWire\certificate moved successfully.
C:\Documents and Settings\Keaton\Application Data\LimeWire\.AppSpecialShare moved successfully.
C:\Documents and Settings\Keaton\Application Data\LimeWire moved successfully.
C:\WINDOWS\system32\xin moved successfully.
C:\WINDOWS\system32\AI moved successfully.
C:\WINDOWS\system32\jec moved successfully.
C:\WINDOWS\system32\DEC moved successfully.
C:\Program Files\Common Files\rwzz\rwzzd moved successfully.
C:\Program Files\Common Files\rwzz moved successfully.
C:\Documents and Settings\Keaton\Application Data\FrostWire\xml\data moved successfully.
C:\Documents and Settings\Keaton\Application Data\FrostWire\xml moved successfully.
C:\Documents and Settings\Keaton\Application Data\FrostWire\themes\frostwirePro_theme moved successfully.
C:\Documents and Settings\Keaton\Application Data\FrostWire\themes moved successfully.
C:\Documents and Settings\Keaton\Application Data\FrostWire\.NetworkShare\Incomplete moved successfully.
C:\Documents and Settings\Keaton\Application Data\FrostWire\.NetworkShare moved successfully.
C:\Documents and Settings\Keaton\Application Data\FrostWire\.AppSpecialShare moved successfully.
C:\Documents and Settings\Keaton\Application Data\FrostWire moved successfully.
C:\WINDOWS\system32\zk_sc dir moved successfully.
File/Folder sC:\WINDOWS\system32\usmt not found.
C:\WINDOWS\system32\bits moved successfully.
Folder move failed. C:\WINDOWS\peernet scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\npp scheduled to be moved on reboot.
C:\WINDOWS\srchasst\mui\0409 moved successfully.
C:\WINDOWS\srchasst\mui moved successfully.
C:\WINDOWS\srchasst\chars moved successfully.
Folder move failed. C:\WINDOWS\srchasst scheduled to be moved on reboot.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\DNA\btdna.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\FrostWire\FrostWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\Bonjour\mDNSResponder.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\Keaton\Desktop\20080826EudemonsV1130_BC.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\BitComet\BitComet.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\BitTorrent\bittorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\Wyzo\wyzo.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\Vuze\Azureus.exe deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Keaton\LOCALS~1\Temp\etilqs_xkpeJfCp1gMYfdfUxXCC scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Keaton\LOCALS~1\Temp\~DFCFCF.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Keaton\Local Settings\Application Data\Mozilla\Firefox\Profiles\0qpi6ov6.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Keaton\Local Settings\Application Data\Mozilla\Firefox\Profiles\0qpi6ov6.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Keaton\Local Settings\Application Data\Mozilla\Firefox\Profiles\0qpi6ov6.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Keaton\Local Settings\Application Data\Mozilla\Firefox\Profiles\0qpi6ov6.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Keaton\Local Settings\Application Data\Mozilla\Firefox\Profiles\0qpi6ov6.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Keaton\Local Settings\Application Data\Mozilla\Firefox\Profiles\0qpi6ov6.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12032008_193104

Files moved on Reboot...
LoadLibrary failed for C:\WINDOWS\system32\frseaiff.dll
C:\WINDOWS\system32\frseaiff.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\frseaiff.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\legtxkpg.dll
C:\WINDOWS\system32\legtxkpg.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\legtxkpg.dll scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\peernet scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\system32\npp scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\srchasst scheduled to be moved on reboot.
File C:\DOCUME~1\Keaton\LOCALS~1\Temp\etilqs_xkpeJfCp1gMYfdfUxXCC not found!
C:\DOCUME~1\Keaton\LOCALS~1\Temp\~DFCFCF.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Keaton\Local Settings\Application Data\Mozilla\Firefox\Profiles\0qpi6ov6.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Keaton\Local Settings\Application Data\Mozilla\Firefox\Profiles\0qpi6ov6.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Keaton\Local Settings\Application Data\Mozilla\Firefox\Profiles\0qpi6ov6.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Keaton\Local Settings\Application Data\Mozilla\Firefox\Profiles\0qpi6ov6.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Keaton\Local Settings\Application Data\Mozilla\Firefox\Profiles\0qpi6ov6.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Keaton\Local Settings\Application Data\Mozilla\Firefox\Profiles\0qpi6ov6.default\XUL.mfl moved successfully.

I did reboot btw.

Malwarebytes' Anti-Malware 1.30
Database version: 1455
Windows 5.1.2600 Service Pack 3

12/3/2008 7:56:55 PM
mbam-log-2008-12-03 (19-56-55).txt

Scan type: Full Scan (C:\|)
Objects scanned: 94328
Time elapsed: 20 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{A2DCDB7A-E02E-4D3D-B515-F1607F28918F}\RP189\A0067751.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2DCDB7A-E02E-4D3D-B515-F1607F28918F}\RP189\A0067760.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2DCDB7A-E02E-4D3D-B515-F1607F28918F}\RP189\A0067761.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2DCDB7A-E02E-4D3D-B515-F1607F28918F}\RP189\A0067804.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
Malware thing. Rebooting after this post.

Heres Hijack,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:29 PM, on 12/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Linksys\WMP110\gtwpssrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys\WMP110\WLSngS.exe
C:\Program Files\Linksys\WUSB54GSC\WLService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys\WMP110\WMP110.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [WMP110] C:\Program Files\Linksys\WMP110\WMP110.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8052945185
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/i ... downls.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GTWPSSRV (GTWPSService) - Unknown owner - C:\Program Files\Linksys\WMP110\gtwpssrv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Linksys\WMP110\jswpsapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: WLSng Service - TODO: <Company name> - C:\Program Files\Linksys\WMP110\WLSngS.exe
O23 - Service: WUSB54GSC - GEMTEKS - C:\Program Files\Linksys\WUSB54GSC\WLService.exe

--
End of file - 6650 bytes


Ill put another hijack after reboot

Hijack after reboot:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:31 PM, on 12/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Linksys\WMP110\gtwpssrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys\WMP110\WLSngS.exe
C:\Program Files\Linksys\WUSB54GSC\WLService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys\WMP110\WMP110.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MediaMonkey\MediaMonkey.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [WMP110] C:\Program Files\Linksys\WMP110\WMP110.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8052945185
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/i ... downls.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GTWPSSRV (GTWPSService) - Unknown owner - C:\Program Files\Linksys\WMP110\gtwpssrv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Linksys\WMP110\jswpsapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: WLSng Service - TODO: <Company name> - C:\Program Files\Linksys\WMP110\WLSngS.exe
O23 - Service: WUSB54GSC - GEMTEKS - C:\Program Files\Linksys\WUSB54GSC\WLService.exe

--
End of file - 6475 bytes
Keaton
Active Member
 
Posts: 4
Joined: November 28th, 2008, 1:49 am

Re: Please Answer this time, Last time had 15 views no Answers.

Unread postby Axephilic » December 4th, 2008, 12:48 pm

Congratulations! You are now all clean! To help to prevent from becoming reinfected, please follow the instructions below in order. If you have any questions, please feel free to ask them.

  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Click the CleanUp! button.
  • When it prompts you to Restart, click Yes.

Hide system files

  1. Open My Computer.
  2. Go to Tools > Folder Options.
  3. Select the View tab.
  4. Scroll down to Hidden files and folders.
  5. Select Do not show hidden files and folders.
  6. Check (tick) Hide extensions of known file types.
  7. Check (tick) Hide protected operating system files (Recommended).
  8. Click OK.
  9. Close My Computer.

Flush the system restore points

  1. Right click on My Computer and select Properties.
  2. Select the System Restore tab.
  3. Check (tick) Turn off system restore on all drives box.
  4. Click Apply.
  5. Uncheck (untick) Turn off system restore on all drives box.
  6. Click OK.
  7. Restart your computer.
Note: Do this only ONCE, don't flush it regularly.

Keep your system updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows and office

Go to Start > All Programs > Microsoft Update


Alternatively, you can visit the link below to update Windows and Office products.

Microsoft Update

If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:

  1. Go to Start > Control Panel > Automatic Updates
  2. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
  3. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
  4. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Be careful when opening attachments and downloading files.

  1. Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  2. Never open emails from unknown senders.
  3. Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  4. Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Surf safely

Many of the exploits are directed to users of Internet Explorer and Firefox.

Using Firefox with NoScript add-on helps to prevent most exploits from running as NoScript by default disables all scripts on all websites. If you trust the website, you can manually allow it.

If you prefer to use Internet Explorer, here are some settings to change to improve the security of Internet Explorer.

For Internet Explorer 7

Please read this article to configure Internet Explorer 7 properly.

Stop malicious scripts

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

Prevent a re-infection

  1. Winpatrol
    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.

  2. Hosts File
    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

    Here are some Hosts files:

    MVPS Hosts File
    Bluetack's Hosts File
    Bluetack's Host Manager
    hpHosts

    A tutorial about Hosts File can be found at Malware Removal.

  3. Spybot Search and Destroy
    Spybot Search & Destroy is another program for scanning spywares and adwares. Not only so, it has other preventive options as well. You are strongly encouraged to run a scan at least once per week.

    Spybot Search & Destroy can be downloaded from here.

    If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy tutorial at Bleeping Computer.

    Before downloading any anti-spyware programs, always check the Rogue/Suspect list of anti-spyware programs and Malwarebytes RogueNET. This will save you from a lot of trouble. If in doubt, don't ever download it.

  4. SiteHound Toolbar
    SiteHound is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spywares or has questionable contents. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Please Answer this time, Last time had 15 views no Answers.

Unread postby NonSuch » December 7th, 2008, 11:51 pm

As this issue is resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 497 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware