Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Internet windows randomly pop up

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Internet windows randomly pop up

Unread postby Angelace23 » January 22nd, 2009, 5:29 am

Hi, this is my first time posting in this forum. I hope you guys can help with this annoying problem. While I'm going through websites, another internet screen pops up with numbers in the beginning and redirects me to other websites. I'm using firefox and I have a router. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:08:05 AM, on 1/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\AOL\1129679374\ee\AOLSoftware.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\mcafee.com\personal firewall\MPFTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\AOL\1129679374\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1129679374\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 66.197.153.197 idenupdate.motorola.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1129679374\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\mcafee.com\personal firewall\MPFTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-19\..\Run: [pehoyimofi] Rundll32.exe "C:\WINDOWS\system32\sagenumi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [pehoyimofi] Rundll32.exe "C:\WINDOWS\system32\sagenumi.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9304249234
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8343836328
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/downloa ... YAX29b.cab
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} - http://pictures.aolcdn.com/ap/Resources ... .3.2.3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O20 - AppInit_DLLs: c C:\WINDOWS\system32\sagenumi.dll sanhkn.dll zausrr.dll mwelsm.dll jxwdbf.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10654 bytes
Angelace23
Active Member
 
Posts: 6
Joined: January 22nd, 2009, 4:37 am
Advertisement
Register to Remove

Re: Internet windows randomly pop up

Unread postby Bio-Hazard » January 23rd, 2009, 7:15 am

Hello and Welcome to forums!

My name is Bio-Hazard and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

  • I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • I f you don't know or understand something please don't hesitate to ask.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Absence of symptoms does not mean that everything is clear.

NOTE: Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Internet windows randomly pop up

Unread postby Bio-Hazard » January 23rd, 2009, 7:22 am

Hello!

Are you using Symantecs Antivirus program and Mcafees firewall?


Disable AdWatch

Please disable AdWatch, as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable AdWatch:

  • Open AdAware SE
  • Go to AdWatch User Interface
  • Go to Tools and Preferences
  • At the bottom of the screen you will see 2 options Active and Automatic
  • Active: This will turn Ad-Watch On\Off without closing it
  • Automatic: Suspicious activity will be blocked automatically
  • Uncheck both options. You can enable these after resolving your problem.


Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the Perform Full Scan option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and Scan in progress will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say The scan completed successfully. Click 'Show Results' to display all objects found.
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download DDS

Please disable any anti-malware program that will block scripts from running before running DDS.

Please downloadDDS from one of the links below and save it to your desktop:

Link1
Link2
Link3
  • Double click the tool to run it.
  • A black Screen will open, just read the contents and do nothing.
  • When the tool finish it will open a report, DDS.txt.
  • You will receive another prompt after a while. Click Yes at the prompt. It will take another few minutes to scan.
  • When the tool finish it will open a report, Attach.txt.
  • Copy/paste both reports back here and remove DDS from your desktop.


Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:
  • Answers to my questions
  • Malwarebytes Antimalware Log
  • DDS Logs DDS.txt and Attach.txt
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Internet windows randomly pop up

Unread postby Angelace23 » January 24th, 2009, 1:07 am

Thanks for replying Bio, I appreciate it. Symantecs Anti-Virus has been giving me some problems as of late but its doing its job. As for Mcafee, its part of the AOl safety and security app they had. I thought it would be better protection than the regular windows one. Is it?

Malwarebytes' Anti-Malware 1.33
Database version: 1684
Windows 5.1.2600 Service Pack 3

1/23/2009 10:56:45 PM
mbam-log-2009-01-23 (22-56-45).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Objects scanned: 142452
Time elapsed: 4 hour(s), 21 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS (Ver_09-01-19.01) - NTFSx86
Run by Owner at 23:50:14.37 on Fri 01/23/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.56 [GMT -5:00]

FW: AOL Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\AOL\1129679374\ee\AOLSoftware.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\AOL\1129679374\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1129679374\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.optonline.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>]
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [HostManager] "c:\program files\common files\aol\1129679374\ee\AOLSoftware.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
mRun: [vptray] c:\progra~1\symant~1\symant~1\vptray.exe
mRun: [MPFEXE] "c:\program files\mcafee.com\personal firewall\MPFTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] "c:\program files\lavasoft\ad-aware\AAWTray.exe"
mRun: [WinPatrol] "c:\program files\billp studios\winpatrol\winpatrol.exe" -expressboot
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 9304249234
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 8343836328
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/downloa ... YAX29b.cab
DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} - hxxp://pictures.aolcdn.com/ap/Resources ... .3.2.3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: WRNotifier - WRLogonNTF.dll
AppInit_DLLs: c c:\windows\system32\sagenumi.dll sanhkn.dll zausrr.dll mwelsm.dll jxwdbf.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli c:\windows\system32\sagenumi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\1hbe6j5n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/red ... 706&query={searchTerms}&invocationType=tb50fftrie7
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox ... S:official
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?inv ... rab&query=
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-22 64160]
R3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-8-11 224768]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090123.003\NAVENG.sys [2009-1-23 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090123.003\NAVEX15.sys [2009-1-23 876112]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 942416]
R4 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-8-11 30208]
R4 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-10-7 647168]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2007-2-15 50048]

=============== Created Last 30 ================

2009-01-22 14:50 27,678 ac------ c:\windows\system32\dllcache\ali5261.sys
2009-01-22 14:50 26,624 ac------ c:\windows\system32\dllcache\alifir.sys
2009-01-22 14:50 5,248 ac------ c:\windows\system32\dllcache\aliide.sys
2009-01-22 14:50 56,960 ac------ c:\windows\system32\dllcache\aic78xx.sys
2009-01-22 14:50 55,168 ac------ c:\windows\system32\dllcache\aic78u2.sys
2009-01-22 14:50 12,800 ac------ c:\windows\system32\dllcache\aha154x.sys
2009-01-22 14:50 24,576 ac------ c:\windows\system32\dllcache\agcgauge.ax
2009-01-22 14:49 101,888 ac------ c:\windows\system32\dllcache\adpu160m.sys
2009-01-22 14:49 46,112 ac------ c:\windows\system32\dllcache\adptsf50.sys
2009-01-22 14:49 10,880 ac------ c:\windows\system32\dllcache\admjoy.sys
2009-01-22 14:49 747,392 ac------ c:\windows\system32\dllcache\adm8830.sys
2009-01-22 14:49 553,984 ac------ c:\windows\system32\dllcache\adm8820.sys
2009-01-22 14:49 584,448 ac------ c:\windows\system32\dllcache\adm8810.sys
2009-01-22 14:49 20,160 ac------ c:\windows\system32\dllcache\adm8511.sys
2009-01-22 14:49 7,424 ac------ c:\windows\system32\dllcache\adicvls.sys
2009-01-22 14:49 61,440 ac------ c:\windows\system32\dllcache\acerscad.dll
2009-01-22 14:47 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-01-22 04:44 3,739 a------- c:\windows\imsins.BAK
2009-01-22 03:12 <DIR> --d----- c:\docume~1\owner\applic~1\WinPatrol
2009-01-22 03:05 <DIR> --d----- c:\program files\BillP Studios
2009-01-22 02:14 15,688 a------- c:\windows\system32\lsdelete.exe
2009-01-22 00:49 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-01-22 00:38 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-20 04:04 685,056 a------- c:\windows\isRS-000.tmp
2009-01-20 03:57 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-01-20 03:57 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-20 03:57 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-20 03:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-20 03:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-18 12:51 1,355,377 ---sh--- c:\windows\system32\ebapopam.ini
2009-01-18 00:57 1,355,377 ---sh--- c:\windows\system32\ipujadoh.ini
2009-01-17 12:18 1,355,355 ---sh--- c:\windows\system32\opararez.ini
2009-01-16 08:18 1,332,199 ---sh--- c:\windows\system32\ovenuhet.ini
2009-01-15 19:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avg8
2009-01-15 15:59 1,328,608 ---sh--- c:\windows\system32\ejeforav.ini
2009-01-15 15:58 2,713 ---sh--- c:\windows\system32\pazewaju.dll
2009-01-14 22:43 1,319,202 ---sh--- c:\windows\system32\akiditev.ini
2009-01-13 19:15 1,303,086 ---sh--- c:\windows\system32\etagomiy.ini
2009-01-13 02:59 1,223,955 ---sh--- c:\windows\system32\edebizuv.ini
2009-01-12 15:09 1,223,955 ---sh--- c:\windows\system32\ovinutow.ini
2009-01-11 13:58 1,213,744 ---sh--- c:\windows\system32\ozonadel.ini
2009-01-11 02:06 2,713 ---sh--- c:\windows\system32\ponegiwu.dll
2009-01-10 14:09 2,713 ---sh--- c:\windows\system32\jojilite.dll
2009-01-09 21:55 664 a------- c:\windows\system32\d3d9caps.dat
2009-01-09 12:11 1,283,952 ---sh--- c:\windows\system32\iyoforun.ini
2009-01-08 15:02 1,283,460 ---sh--- c:\windows\system32\anevomus.ini
2009-01-08 00:10 <DIR> --d----- c:\program files\AVG
2009-01-07 22:17 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-01-07 22:17 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-07 22:16 <DIR> --d----- c:\program files\iTunes
2009-01-07 22:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-07 18:03 1,277,174 ---sh--- c:\windows\system32\avuwoguz.ini
2009-01-06 17:53 1,277,174 ---sh--- c:\windows\system32\avoridad.ini
2009-01-06 00:44 1,262,111 ---sh--- c:\windows\system32\ohoragog.ini
2009-01-05 11:28 1,262,101 ---sh--- c:\windows\system32\opivider.ini
2009-01-04 23:26 1,262,075 ---sh--- c:\windows\system32\uyiyinug.ini
2008-12-31 00:15 5,632 a------- c:\windows\system32\ptpusb.dll
2008-12-31 00:15 159,232 a------- c:\windows\system32\ptpusd.dll
2008-12-26 16:05 <DIR> --d----- c:\program files\common files\xing shared
2008-12-26 15:14 <DIR> --d----- c:\program files\Bonjour

==================== Find3M ====================

2008-12-19 01:56 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-12-19 01:56 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-11-25 19:23 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-16 12:07 26,520 ac------ c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2008-11-10 12:23 243,840 a------- c:\windows\system32\ZuneWlanCfgSvc.exe
2008-11-10 12:23 60,032 a------- c:\windows\system32\ZuneBusEnum.exe
2005-11-17 12:42 22,768 ac------ c:\documents and settings\owner\usbsermpt.sys
2006-12-12 10:44 88 ---shr-- c:\windows\system32\96E6365097.sys
2006-12-12 10:44 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-08-26 20:52 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082620080827\index.dat

============= FINISH: 23:51:09.78 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-19.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/14/2005 10:12:19 AM
System Uptime: 1/23/2009 11:36:40 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | A7N8X-LA
Processor: AMD Athlon(tm) XP 2800+ | Socket A | 2079/166mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 72.295 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce MCP Networking Controller
Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_80A71043&REV_A1\3&267A616A&0&20
Manufacturer: Nvidia
Name: NVIDIA nForce MCP Networking Controller
PNP Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_80A71043&REV_A1\3&267A616A&0&20
Service: NVENET

==== System Restore Points ===================

RP901: 1/21/2009 1:16:28 AM - System Checkpoint
RP902: 1/22/2009 4:31:34 PM - System Checkpoint
RP903: 1/22/2009 5:30:19 PM - Restore Operation

==== Installed Programs ======================

6300
6300_Help
6300Trb
Ad-Aware
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Photoshop 7.0
Adobe Premiere Pro 1.5
Adobe Reader 8.1.3
Adobe® Photoshop® Album Starter Edition 3.0
AiO_Scan_CDA
AiOSoftwareNPI
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Registration
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
Bonjour
BufferChm
CA Pest Patrol Realtime Protection
CameraDrivers
CCleaner (remove only)
Cool Edit Pro 2.0
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
CreativeProjects
CreativeProjectsTemplates
CueTour
CustomerResearchQFolder
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DivX Content Uploader
DivX Web Player
DocProc
Documents To Go
DocumentViewer
DocumentViewerQFolder
eSupportQFolder
Fax_CDA
FrostWire 4.17.0
FTDI USB Serial Converter Drivers
FullDPAppQFolder
GdiplusUpgrade
Handmark® Tetris® Classic(TM) for PalmOne
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
HP Document Viewer 6.1
HP Extended Capabilities 6.1
HP Imaging Device Functions 6.1
HP Photosmart Cameras 4.5
HP Photosmart Premier Software 6.1
HP PSC & OfficeJet 6.1.A
HP Solution Center and Imaging Support Tools 6.1
HP Update
HPProductAssistant
HPSystemDiagnostics
InstantShare
InstantShareDevices
Intel(R) PRO Network Adapters and Drivers
Interactive User’s Guide
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 10
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Learn2 Player (Uninstall Only)
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Xbox 360 Accessories 1.1
MONOPOLY HERE & NOW EDITION
motoSpeak Loader
Mozilla Firefox (3.0.5)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero Media Player
Nero OEM
NeroVision Express 2
NewCopy_CDA
NVIDIA Display Driver
NVIDIA Ethernet Driver
OTOY
Palm
PanoStandAlone
PhotoGallery
PowerDVD
ProductContextNPI
Pure Networks Port Magic
QFolder
QuickTime
RandMap
Readme
RealArcade
RealPlayer
Realtek AC'97 Audio
Rhapsody Player Engine
Safety and Security Center Uninstaller
Scan
ScannerCopy
Scanning Suite
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
ShareIns
SkinsHP1
SolutionCenter
Sonic_PrimoSDK
Sony Digital Voice Editor 3
Status
Symantec AntiVirus Client
Toolbox
TrayApp
Unload
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
VeohTV BETA
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Warcraft III: All Products
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPatrol 2008
WinRAR archiver
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

==== Event Viewer Messages From Past Week ========

1/19/2009 1:11:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/19/2009 1:42:48 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/19/2009 1:40:32 AM, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 3 time(s).
1/19/2009 1:38:44 AM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
1/19/2009 1:36:13 AM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
1/19/2009 1:26:40 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/19/2009 1:26:30 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 Fips IPSec MPFIREWL MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
1/19/2009 1:26:30 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/19/2009 1:26:30 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/19/2009 1:26:30 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/19/2009 1:26:30 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
1/19/2009 1:26:30 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/19/2009 1:26:30 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/18/2009 12:41:52 PM, error: ZuneNetworkSvc [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
1/18/2009 12:34:32 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/18/2009 12:34:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
1/18/2009 12:34:23 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "-Service" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
1/18/2009 12:33:22 PM, error: Service Control Manager [7023] - The iPod Service service terminated with the following error: Security must be initialized before any interfaces are marshalled or unmarshalled. It cannot be changed once initialized.
1/18/2009 12:33:09 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
1/17/2009 1:54:49 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/17/2009 12:16:01 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
1/17/2009 12:14:12 PM, error: Dhcp [1002] - The IP address lease 192.168.1.36 for the Network Card with network address 00A0C9772474 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/16/2009 8:09:46 PM, error: i8042prt [41] - An error occurred while enabling the mouse to transmit information. The device has been reset in an attempt to make the device functional.
1/20/2009 11:56:59 PM, error: ZuneNetworkSvc [14371] - A Zune device with IP address '192.168.1.34' failed to authenticate itself for content retrieval due to error '0x80040208'. Verify that the device has the latest update and that the network connection between the computer and the device is working properly. Then try to connect to the device again.o connect to the device again.
1/22/2009 12:55:01 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ImapiService service.
1/22/2009 12:55:01 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/23/2009 11:35:08 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SSFS0509\0000 disappeared from the system without first being prepared for removal.
1/23/2009 11:35:08 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SSHRMD\0000 disappeared from the system without first being prepared for removal.
1/23/2009 11:35:08 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SSIDRV\0000 disappeared from the system without first being prepared for removal.
1/23/2009 11:35:09 PM, error: Service Control Manager [7034] - The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).
1/22/2009 2:47:18 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
1/22/2009 2:50:38 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\adsiisex.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
1/22/2009 2:50:51 PM, information: Windows File Protection [64018] - Windows File Protection file scan was cancelled by user interaction, user name is Owner.

==== End Of File ===========================
Angelace23
Active Member
 
Posts: 6
Joined: January 22nd, 2009, 4:37 am

Re: Internet windows randomly pop up

Unread postby Bio-Hazard » January 24th, 2009, 8:06 am

Thanks for replying Bio, I appreciate it. Symantecs Anti-Virus has been giving me some problems as of late but its doing its job. As for Mcafee, its part of the AOl safety and security app they had. I thought it would be better protection than the regular windows one. Is it?


That is fine. I just wanted to make sure.


Use of P2P (Person to Person) file sharing programs

We have noticed that most people seeking help from us are coming with infections contracted from the use of P2P programs.

Because of this, we felt we needed to change our policy on the use of P2P file sharing programs.
  • If your helper detects the presence of such programs on your computer he/she will ask you to remove them. We will withdraw our help should you not agree to their removal.
  • If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we will refuse our help.

We do not ask you to do this without reason.

P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P program.
http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

We see no purpose in cleaning your machine if you use P2P programs, as it is pretty much certain that if you continue to use them then you will get infected again.

You have the following P-2-P program(s) installed
FrostWire 4.17.0

This is how you uninstall it/them:

  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):

    FrostWire 4.17.0

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

==============================================================

Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

HOW TO USE COMBOFIX

IMPORTANT: combofix.exe MUST be on your Desktop for us to proceed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on ComboFix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

NOTE: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Image


  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Image

  • Click on Yes, to continue scanning for malware.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Combofix should never take more that 20 minutes including the reboot if malware is detected.


Next Reply

Please reply with:
  • ComboFix log (found at C:\Combofix.txt)
  • New HijackThis log
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Internet windows randomly pop up

Unread postby Angelace23 » January 24th, 2009, 4:22 pm

No prob, P2p gone. The computer is definitely running alot more smoother now. Start up is not as slow and things are getting processed much faster. So whats next?....sidenote: while combofix was running I didnt shut off winpatrol. When the computer restarted and combofix was making the logfile, winpatrol popped up stating there was a change on a HOST. I accepted the changes and shut winpatrol off. Was that ok?

ComboFix 09-01-21.04 - Owner 2009-01-24 14:45:44.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.117 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
FW: AOL Firewall *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\akiditev.ini
c:\windows\system32\anevomus.ini
c:\windows\system32\avoridad.ini
c:\windows\system32\avuwoguz.ini
c:\windows\system32\ebapopam.ini
c:\windows\system32\edebizuv.ini
c:\windows\system32\ejeforav.ini
c:\windows\system32\etagomiy.ini
c:\windows\system32\ipujadoh.ini
c:\windows\system32\iyoforun.ini
c:\windows\system32\ohoragog.ini
c:\windows\system32\opararez.ini
c:\windows\system32\opivider.ini
c:\windows\system32\ovenuhet.ini
c:\windows\system32\ovinutow.ini
c:\windows\system32\ozonadel.ini
c:\windows\system32\uyiyinug.ini

----- BITS: Possible infected sites -----

hxxp://77.74.48.105
.
((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))
.

2009-01-22 14:50 . 2001-08-17 14:07 56,960 --a--c--- c:\windows\system32\dllcache\aic78xx.sys
2009-01-22 14:50 . 2001-08-17 14:07 55,168 --a--c--- c:\windows\system32\dllcache\aic78u2.sys
2009-01-22 14:50 . 2001-08-17 12:11 27,678 --a--c--- c:\windows\system32\dllcache\ali5261.sys
2009-01-22 14:50 . 2001-08-17 13:49 26,624 --a--c--- c:\windows\system32\dllcache\alifir.sys
2009-01-22 14:50 . 2001-08-17 22:37 24,576 --a--c--- c:\windows\system32\dllcache\agcgauge.ax
2009-01-22 14:50 . 2001-08-17 13:52 12,800 --a--c--- c:\windows\system32\dllcache\aha154x.sys
2009-01-22 14:50 . 2001-08-17 13:51 5,248 --a--c--- c:\windows\system32\dllcache\aliide.sys
2009-01-22 14:49 . 2001-08-17 12:19 747,392 --a--c--- c:\windows\system32\dllcache\adm8830.sys
2009-01-22 14:49 . 2001-08-17 12:19 584,448 --a--c--- c:\windows\system32\dllcache\adm8810.sys
2009-01-22 14:49 . 2001-08-17 12:19 553,984 --a--c--- c:\windows\system32\dllcache\adm8820.sys
2009-01-22 14:49 . 2001-08-17 14:07 101,888 --a--c--- c:\windows\system32\dllcache\adpu160m.sys
2009-01-22 14:49 . 2001-08-17 22:36 61,440 --a--c--- c:\windows\system32\dllcache\acerscad.dll
2009-01-22 14:49 . 2001-08-17 12:11 46,112 --a--c--- c:\windows\system32\dllcache\adptsf50.sys
2009-01-22 14:49 . 2001-08-17 12:11 20,160 --a--c--- c:\windows\system32\dllcache\adm8511.sys
2009-01-22 14:49 . 2002-08-29 00:00 10,880 --a--c--- c:\windows\system32\dllcache\admjoy.sys
2009-01-22 14:49 . 2001-08-17 13:53 7,424 --a--c--- c:\windows\system32\dllcache\adicvls.sys
2009-01-22 14:47 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll
2009-01-22 04:44 . 2009-01-22 14:31 3,739 --a------ c:\windows\imsins.BAK
2009-01-22 03:12 . 2009-01-22 03:12 <DIR> d-------- c:\documents and settings\Owner\Application Data\WinPatrol
2009-01-22 03:05 . 2009-01-22 03:05 <DIR> d-------- c:\program files\BillP Studios
2009-01-22 02:14 . 2009-01-22 00:48 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-22 00:49 . 2009-01-22 00:48 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-22 00:38 . 2009-01-22 00:38 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-20 04:04 . 2009-01-20 04:04 685,056 --a------ c:\windows\isRS-000.tmp
2009-01-20 03:57 . 2009-01-20 04:04 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-20 03:57 . 2009-01-20 03:57 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-01-20 03:57 . 2009-01-20 03:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-20 03:57 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-20 03:57 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-15 19:48 . 2009-01-15 19:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-01-15 15:58 . 2009-01-15 15:58 2,713 ---hs---- c:\windows\system32\pazewaju.dll
2009-01-11 02:06 . 2009-01-11 02:06 2,713 ---hs---- c:\windows\system32\ponegiwu.dll
2009-01-10 14:09 . 2009-01-10 14:09 2,713 ---hs---- c:\windows\system32\jojilite.dll
2009-01-09 21:55 . 2009-01-13 23:06 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-08 03:48 . 2009-01-08 03:48 <DIR> d-------- c:\documents and settings\Owner\Application Data\Viewpoint
2009-01-08 00:10 . 2009-01-08 00:10 <DIR> d-------- c:\program files\AVG
2009-01-07 22:17 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-01-07 22:17 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-07 22:16 . 2009-01-07 22:17 <DIR> d-------- c:\program files\iTunes
2009-01-07 22:16 . 2009-01-07 22:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-31 00:15 . 2008-04-13 20:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-31 00:15 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-26 16:05 . 2008-12-26 16:05 <DIR> d-------- c:\program files\Common Files\xing shared
2008-12-26 15:14 . 2008-12-26 15:14 <DIR> d-------- c:\program files\Bonjour
2008-12-26 15:13 . 2008-12-26 15:14 <DIR> d-------- c:\program files\QuickTime
2008-12-26 15:10 . 2008-12-26 15:10 <DIR> d-------- c:\program files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 19:26 --------- d-----w c:\program files\FrostWire
2009-01-22 05:37 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-22 04:34 --------- d-----w c:\program files\Common Files\AOL
2009-01-20 06:21 --------- d-----w c:\program files\CCleaner
2009-01-18 18:23 --------- d-----w c:\program files\Incomplete
2009-01-18 18:23 --------- d-----w c:\documents and settings\Owner\Application Data\FrostWire
2009-01-08 20:39 --------- d-----w c:\program files\Common Files\Adobe
2009-01-08 04:21 --------- d-----w c:\program files\Viewpoint
2009-01-08 04:21 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-01-08 04:15 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-08 04:15 --------- d-----w c:\documents and settings\Owner\Application Data\InstallShield
2009-01-08 04:08 --------- d-----w c:\program files\VstPlugins
2009-01-08 03:16 --------- d-----w c:\program files\iPod
2009-01-08 03:16 --------- d-----w c:\program files\Common Files\Apple
2008-12-26 21:05 --------- d-----w c:\program files\Common Files\Real
2008-12-23 02:37 --------- d-----w c:\program files\ScanningSuite
2008-12-20 03:04 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Corporation
2008-12-19 07:42 --------- d-----w c:\program files\Zune
2008-12-19 06:56 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-12-19 06:56 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-07 19:22 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-11-26 00:23 --------- d-----w c:\program files\Java
2008-11-16 17:07 26,520 -c--a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2005-12-02 17:58 286,720 -c--a-w c:\documents and settings\Motorola Phone Tools\RasCnxMngr.dll
2005-11-30 16:48 1,646,592 -c--a-w c:\documents and settings\Motorola Phone Tools\SyncEngine.dll
2005-11-24 22:03 724,992 -c--a-w c:\documents and settings\Motorola Phone Tools\mPhonetools.exe
2005-11-24 22:03 634,880 -c--a-w c:\documents and settings\Motorola Phone Tools\Calendar.dll
2005-11-24 22:02 827,392 -c--a-w c:\documents and settings\Motorola Phone Tools\wfp2n.dll
2005-11-24 22:02 61,440 -c--a-w c:\documents and settings\Motorola Phone Tools\Toshiba.dll
2005-11-24 22:02 192,512 -c--a-w c:\documents and settings\Motorola Phone Tools\MngDriver.dll
2005-11-24 22:02 135,168 -c--a-w c:\documents and settings\Motorola Phone Tools\WFP1N.dll
2005-11-24 22:02 1,044,480 -c--a-w c:\documents and settings\Motorola Phone Tools\Phonebk.dll
2005-11-24 22:01 176,128 -c--a-w c:\documents and settings\Motorola Phone Tools\CAgdOutlook.dll
2005-11-17 17:42 22,768 -c--a-w c:\documents and settings\Owner\usbsermpt.sys
2005-10-21 15:18 151,552 -c--a-w c:\documents and settings\Motorola Phone Tools\Pbkres.dll
2005-10-20 18:37 94,208 -c--a-w c:\documents and settings\Motorola Phone Tools\pbkoutlk.dll
2005-10-20 18:35 77,824 -c--a-w c:\documents and settings\Motorola Phone Tools\PBKBVRP.dll
2005-10-20 18:35 69,632 -c--a-w c:\documents and settings\Motorola Phone Tools\PbkExchg.dll
2005-10-20 18:35 61,440 -c--a-w c:\documents and settings\Motorola Phone Tools\PBKOE.dll
2005-10-20 18:35 57,344 -c--a-w c:\documents and settings\Motorola Phone Tools\PbkODBC.dll
2005-10-20 18:35 49,152 -c--a-w c:\documents and settings\Motorola Phone Tools\PbkLN.dll
2005-10-20 18:35 299,008 -c--a-w c:\documents and settings\Motorola Phone Tools\PbkUser.dll
2005-10-20 18:34 86,016 -c--a-w c:\documents and settings\Motorola Phone Tools\PBKENGINE.dll
2005-10-19 15:37 122,880 -c--a-w c:\documents and settings\Motorola Phone Tools\AgdBd.dll
2005-10-19 14:38 90,112 -c--a-w c:\documents and settings\Motorola Phone Tools\CalEngine.dll
2005-10-18 19:41 344,064 -c--a-w c:\documents and settings\Motorola Phone Tools\MelodyEdit.dll
2005-10-18 16:25 1,650,688 -c--a-w c:\documents and settings\Motorola Phone Tools\VideoEditor.dll
2005-10-14 22:44 36,864 -c--a-w c:\documents and settings\Motorola Phone Tools\ModExch.dll
2005-10-13 16:08 401,408 -c--a-w c:\documents and settings\Motorola Phone Tools\ModemWiz.dll
2005-10-12 22:38 139,264 -c--a-w c:\documents and settings\Motorola Phone Tools\CAgdLNote.dll
2005-10-12 16:48 577,536 -c--a-w c:\documents and settings\Motorola Phone Tools\MExplorer.dll
2005-10-04 16:17 368,640 -c--a-w c:\documents and settings\Motorola Phone Tools\BtWizard.dll
2005-09-29 16:01 405,504 -c--a-w c:\documents and settings\Motorola Phone Tools\BvrpCtln.dll
2005-09-27 22:56 73,728 -c--a-w c:\documents and settings\Motorola Phone Tools\Comm.dll
2005-09-27 19:41 28,672 -c--a-w c:\documents and settings\Motorola Phone Tools\Aboutn.dll
2005-09-22 19:51 94,208 -c--a-w c:\documents and settings\Motorola Phone Tools\WidComm.dll
2005-09-21 22:43 196,608 -c--a-w c:\documents and settings\Motorola Phone Tools\LogoEdit.dll
2005-09-21 18:10 73,728 -c--a-w c:\documents and settings\Motorola Phone Tools\msbt.dll
2005-09-19 14:48 81,920 -c--a-w c:\documents and settings\Motorola Phone Tools\NewUI.dll
2005-09-12 21:56 258,048 -c--a-w c:\documents and settings\Motorola Phone Tools\LiveUpdateClientTools.dll
2005-09-12 17:52 143,360 -c--a-w c:\documents and settings\Motorola Phone Tools\OLRegist.dll
2005-09-09 15:43 380,928 -c--a-w c:\documents and settings\Motorola Phone Tools\MMCenter.exe
2005-09-07 19:50 733,184 -c--a-w c:\documents and settings\Motorola Phone Tools\MmsKrnl.dll
2005-09-06 20:55 159,744 -c--a-w c:\documents and settings\Motorola Phone Tools\MMSEdit.dll
2005-09-05 21:19 376,832 -c--a-w c:\documents and settings\Motorola Phone Tools\MOffice.exe
2005-09-05 20:52 69,632 -c--a-w c:\documents and settings\Motorola Phone Tools\MOSync.dll
2005-08-29 21:39 94,275 -c--a-w c:\documents and settings\Motorola Phone Tools\ObexKrnl.dll
2005-08-18 22:45 98,304 -c--a-w c:\documents and settings\Motorola Phone Tools\DxFile.dll
2005-08-18 22:45 57,344 -c--a-w c:\documents and settings\Motorola Phone Tools\Codec.dll
2005-08-18 22:45 335,872 -c--a-w c:\documents and settings\Motorola Phone Tools\MpegDecode.dll
2005-08-18 22:45 307,200 -c--a-w c:\documents and settings\Motorola Phone Tools\MP4ACodec.dll
2005-08-18 22:45 266,240 -c--a-w c:\documents and settings\Motorola Phone Tools\MpegEncode.dll
2005-08-18 22:45 122,880 -c--a-w c:\documents and settings\Motorola Phone Tools\h263Encode.dll
2005-08-18 22:45 106,496 -c--a-w c:\documents and settings\Motorola Phone Tools\H263Decode.dll
2005-08-18 22:44 86,016 -c--a-w c:\documents and settings\Motorola Phone Tools\FileAVI.dll
2005-08-18 22:44 73,728 -c--a-w c:\documents and settings\Motorola Phone Tools\File3GP.dll
2005-08-18 22:44 49,152 -c--a-w c:\documents and settings\Motorola Phone Tools\FileTIT.dll
2005-08-18 22:44 425,984 -c--a-w c:\documents and settings\Motorola Phone Tools\Mpeg12Output.dll
2005-08-18 22:44 229,376 -c--a-w c:\documents and settings\Motorola Phone Tools\AudioInterface.dll
2005-08-18 22:43 331,776 -c--a-w c:\documents and settings\Motorola Phone Tools\amrstreamconv.dll
2005-08-16 20:59 303,104 -c--a-w c:\documents and settings\Motorola Phone Tools\MailUser.dll
2005-08-12 15:29 77,824 -c--a-w c:\documents and settings\Motorola Phone Tools\OutlSync.dll
2005-08-12 15:29 77,824 -c--a-w c:\documents and settings\Motorola Phone Tools\Outl97.dll
2005-08-11 17:33 65,589 -c--a-w c:\documents and settings\Motorola Phone Tools\bvrpnac.dll
2005-08-04 20:31 73,728 -c--a-w c:\documents and settings\Motorola Phone Tools\wfcomrc.dll
2005-07-29 17:49 86,016 -c--a-w c:\documents and settings\Motorola Phone Tools\PrintCalendar.dll
2005-07-25 20:35 45,056 -c--a-w c:\documents and settings\Motorola Phone Tools\FileTransZM.dll
2005-07-20 18:53 61,440 -c--a-w c:\documents and settings\Motorola Phone Tools\QCDMExplorer.dll
2005-06-30 17:08 24,576 -c--a-w c:\documents and settings\Motorola Phone Tools\HrMapi.dll
2005-06-30 16:28 499,712 -c--a-w c:\documents and settings\Motorola Phone Tools\OpeIcons.dll
2005-06-30 16:12 45,056 -c--a-w c:\documents and settings\Motorola Phone Tools\TxtToPgf.dll
2005-06-14 14:27 131,072 -c--a-w c:\documents and settings\Motorola Phone Tools\MailKrnl.dll
2005-04-15 18:38 53,248 -c--a-w c:\documents and settings\Motorola Phone Tools\VObject.dll
2005-04-14 21:08 65,536 -c--a-w c:\documents and settings\Motorola Phone Tools\Users.dll
2005-03-29 20:34 24,576 -c--a-w c:\documents and settings\Motorola Phone Tools\Prpgf2n.dll
2005-03-21 22:28 36,864 -c--a-w c:\documents and settings\Motorola Phone Tools\Pager.dll
2005-02-03 20:59 163,840 -c--a-w c:\documents and settings\Motorola Phone Tools\ScreenCapture.dll
2005-01-26 20:39 49,152 -c--a-w c:\documents and settings\Motorola Phone Tools\WgViewer.dll
2005-01-25 16:47 73,728 -c--a-w c:\documents and settings\Motorola Phone Tools\GrConv.dll
2006-12-12 15:44 88 --sh--r c:\windows\system32\96E6365097.sys
2006-12-12 15:44 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-08-27 01:52 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082620080827\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1129679374\ee\AOLSoftware.exe" [2008-06-24 41824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-25 136600]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 99480]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-10-07 90112]
"MPFEXE"="c:\program files\mcafee.com\personal firewall\MPFTray.exe" [2006-03-07 992808]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-26 185872]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-22 507224]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2008-09-26 11:02 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler]
--a------ 2006-11-20 15:42 8784 c:\program files\Common Files\AOL\1129679374\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-02-23 15:43 3026944 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sscRun]
--a------ 2006-11-20 15:42 153168 c:\program files\Common Files\AOL\1129679374\ee\sscRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-12-26 16:04 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-02-23 15:43 753664 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129679374\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129679374\\ee\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129679374\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\New Folder\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Symantec_Client_Security\\Symantec AntiVirus\\VPC32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\New Folder\\Warcraft III\\War3.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\VS7Debug\\mdm.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-22 64160]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 942416]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2007-02-15 50048]

--- Other Services/Drivers In Memory ---

*Deregistered* - MDM
*Deregistered* - MpfService
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Norton AntiVirus Server
*Deregistered* - NVSvc
*Deregistered* - Pml Driver HPZ12
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - upnphost
*Deregistered* - W32Time
*Deregistered* - WANMiniportService
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC
*Deregistered* - ZuneBusEnum
*Deregistered* - ZuneNetworkSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a08731b-b1f1-11dd-957a-00038a000015}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e29e9c46-eff5-11dc-92f7-00038a000015}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-22 00:48]

2009-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.optonline.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} - hxxp://pictures.aolcdn.com/ap/Resources ... .3.2.3.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1hbe6j5n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/red ... 706&query={searchTerms}&invocationType=tb50fftrie7
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox ... S:official
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?inv ... rab&query=
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.
.
------- File Associations -------
.
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 14:55:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MPFEXE = "c:\program files\mcafee.com\personal firewall\MPFTray.exe"????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\SYMANT~1\SYMANT~1\DefWatch.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\CA\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\progra~1\SYMANT~1\SYMANT~1\Rtvscan.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Zune\ZuneNss.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-24 15:10:26 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2009-01-24 20:10:18

Pre-Run: 77,485,375,488 bytes free
Post-Run: 77,367,799,808 bytes free

390 --- E O F --- 2009-01-24 06:33:20

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:30 PM, on 1/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\AOL\1129679374\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1129679374\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1129679374\ee\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1129679374\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\mcafee.com\personal firewall\MPFTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9304249234
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8343836328
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/downloa ... YAX29b.cab
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} - http://pictures.aolcdn.com/ap/Resources ... .3.2.3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9165 bytes
Angelace23
Active Member
 
Posts: 6
Joined: January 22nd, 2009, 4:37 am

Re: Internet windows randomly pop up

Unread postby Bio-Hazard » January 24th, 2009, 5:09 pm

while combofix was running I didnt shut off winpatrol. When the computer restarted and combofix was making the logfile, winpatrol popped up stating there was a change on a HOST. I accepted the changes and shut winpatrol off. Was that ok?


We are making progress. That was ok.


Run CFScript

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

Code: Select all
File::
c:\windows\system32\pazewaju.dll
c:\windows\system32\ponegiwu.dll
c:\windows\system32\jojilite.dll

Folder::
c:\program files\FrostWire
c:\documents and settings\Owner\Application Data\FrostWire

FileLook::
c:\windows\system32\drivers\Lbd.sys


Save this as CFScript.txt, in the same location as ComboFix.exe (on your desktop)


Image


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

NOTE: Do not mouseclick combofix's window whilst it's running. That may cause it to stall it.


ATF-Cleaner

Please download ATF Cleaner by Atribune.

  • Save it to your desktop
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.

    NOTE: If you would like to keep your saved passwords please click No at the prompt.
  • Click Exit on the Main menu to close the program.


Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply along with a fresh HijackThis log.

Next Reply

Please reply with:[*]Kaspersky Log
  • ComboFix log (found at C:\Combofix.txt)
  • New HijackThis log
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Internet windows randomly pop up

Unread postby Angelace23 » January 25th, 2009, 2:25 pm

Ok, here u go.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, January 25, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, January 25, 2009 08:16:25
Records in database: 1693004
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: no

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
H:\
I:\
J:\
K:\

Scan statistics:
Files scanned: 88413
Threat name: 30
Infected objects: 91
Suspicious objects: 0
Duration of the scan: 03:17:15


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\00F00000.VBN Infected: Trojan.Win32.Monderd.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\018C0000.VBN Infected: Trojan.Win32.FraudPack.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02000000.VBN Infected: Trojan.Win32.Monder.aidz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02A40000.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03C40001.VBN Infected: Trojan.Win32.Monder.amxj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04000000.VBN Infected: Trojan.Win32.Monderd.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04B00001.VBN Infected: Trojan.Win32.FraudPack.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05000000.VBN Infected: Trojan.Win32.Agent.bfdf 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05000001.VBN Infected: Trojan.Win32.Agent.bfdf 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\050C0000.VBN Infected: Trojan.Win32.Monder.amxr 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\050C0001.VBN Infected: Trojan.Win32.Monder.amxr 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\053C0001.VBN Infected: Trojan.Win32.Monderd.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\054C0002.VBN Infected: Trojan.Win32.Monderd.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\054C0003.VBN Infected: Trojan.Win32.Monderd.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05680000.VBN Infected: Trojan.Win32.Agent.bfdf 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05A00002.VBN Infected: Trojan.Win32.Monder.amxr 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05A00003.VBN Infected: Trojan.Win32.Monderd.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05A00004.VBN Infected: Trojan.Win32.Agent.bilk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05A00005.VBN Infected: Trojan.Win32.Agent.bilk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05CC0000.VBN Infected: Trojan.Win32.Monder.amxr 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05CC0001.VBN Infected: Trojan.Win32.Monderd.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05CC0004.VBN Infected: Trojan.Win32.Agent.bilk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05CC0009.VBN Infected: Trojan-Spy.Win32.Agent.pni 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05CC000A.VBN Infected: Trojan-Spy.Win32.Agent.pni 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E80001.VBN Infected: Trojan.Win32.Monder.amxn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06240000.VBN Infected: Trojan.Win32.Monderd.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06AC0000.VBN Infected: Trojan.Win32.FraudPack.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\074C0000.VBN Infected: Trojan.Win32.Monder.aidi 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07700000.VBN Infected: Trojan.Win32.Monder.amxj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07940000.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F80000.VBN Infected: Trojan.Win32.Monderd.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\085C0000.VBN Infected: Exploit.HTML.IESlice.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08C00001.VBN Infected: Trojan.Win32.Monder.aidz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A840000.VBN Infected: Trojan.Win32.Monderd.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A840002.VBN Infected: Trojan.Win32.Monderd.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A840003.VBN Infected: Trojan.Win32.Monder.amxr 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A840004.VBN Infected: Trojan.Win32.Monder.amxr 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A840005.VBN Infected: Trojan.Win32.Monder.amxr 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A880000.VBN Infected: Trojan.Win32.FraudPack.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A8C0000.VBN Infected: Trojan.Win32.Agent.bilk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A8C0001.VBN Infected: Trojan.Win32.Agent.bilk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A8C0002.VBN Infected: Trojan.Win32.Agent.bilk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A8C0003.VBN Infected: Trojan.Win32.Agent.bilk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A8C0004.VBN Infected: Trojan-Spy.Win32.Agent.pni 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A8C0005.VBN Infected: Trojan-Spy.Win32.Agent.pni 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A8C0006.VBN Infected: Trojan-Spy.Win32.Agent.pni 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A8C0007.VBN Infected: Trojan-Spy.Win32.Agent.pni 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A8C0008.VBN Infected: Trojan.Win32.Agent.bilk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A8C0009.VBN Infected: Trojan.Win32.Agent.bilk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A8C000A.VBN Infected: Trojan.Win32.Agent.bilk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A8C000B.VBN Infected: Trojan.Win32.Agent.bilk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA00000.VBN Infected: Backdoor.Win32.SdBot.jnj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B440000.VBN Infected: Backdoor.Win32.Rbot.kna 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BB80000.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00000.VBN Infected: Trojan-Downloader.WMA.Wimad.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BE40000.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BE40001.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C000000.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C040001.VBN Infected: Trojan.Win32.Monder.aouv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C040004.VBN Infected: Trojan.Win32.Monder.amxn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C040006.VBN Infected: Trojan.Win32.Agent.bilk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C380000.VBN Infected: Worm.Win32.Perlovga.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C400000.VBN Infected: Trojan.Win32.Monderd.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C480000.VBN Infected: Trojan.Win32.Agent.bfdf 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C900000.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C900001.VBN Infected: Trojan.Win32.Agent.bfdf 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D240000.VBN Infected: Trojan.Win32.FraudPack.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D5C0000.VBN Infected: Worm.Win32.AutoRun.ejn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D640001.VBN Infected: Trojan-Downloader.Win32.FraudLoad.csq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D640003.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DE80000.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DF00000.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E380000.VBN Infected: Trojan-Downloader.WMA.Wimad.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F140000.VBN Infected: Trojan.Win32.Monder.aidz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F140001.VBN Infected: Trojan.Win32.Agent.bfdf 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F780000.VBN Infected: Trojan.Win32.FraudPack.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FEC0000.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0FEC0001.VBN Infected: Trojan-Downloader.WMA.Wimad.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\16840000.VBN Infected: Trojan-Spy.Win32.Agent.kbm 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\168C0000.VBN Infected: Trojan.Win32.Monder.aixn 1
C:\Documents and Settings\Owner\My Documents\My Music\FrostWire\Incomplete\T-3515162-voyeurism disturbia - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Owner\My Documents\My Music\xingtonefree.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
C:\Documents and Settings\Owner\My Documents\My Music\xingtonefree.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 2
C:\Documents and Settings\Owner\My Documents\My Music\xingtonefree.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 1
C:\Documents and Settings\Owner\My Documents\My Music\xingtonefree.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 1
C:\Documents and Settings\Owner\My Documents\My Music\xingtonefree.exe Infected: not-a-virus:AdWare.Win32.WebHancer 2
C:\Documents and Settings\Owner\My Documents\My Music\xingtonefree.exe Infected: not-a-virus:AdWare.Win32.WebHancer.370 1
C:\Documents and Settings\Owner\My Documents\My Music\xingtonefree.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k 1
C:\Documents and Settings\Owner\My Documents\My Music\xingtonefree.exe Infected: not-a-virus:AdWare.Win32.Relevant.a 1

The selected area was scanned.

ComboFix 09-01-21.04 - Owner 2009-01-25 3:30:57.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.137 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\CFScript.txt
FW: AOL Firewall *disabled*
* Created a new restore point

FILE ::
c:\windows\system32\jojilite.dll
c:\windows\system32\pazewaju.dll
c:\windows\system32\ponegiwu.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\FrostWire
c:\documents and settings\Owner\Application Data\FrostWire\.AppSpecialShare\[PSP]Dragon.Ball.Z.Shin.Budokai.Another.Road.[USA][FULL].-.[ESPALPSP.com].rar.torrent.bak
c:\documents and settings\Owner\Application Data\FrostWire\.AppSpecialShare\Dragon Ball Z Shin Budokai 2 [MULTI5][PSP][WwW.GamesTorrents.CoM].torrent.bak
c:\documents and settings\Owner\Application Data\FrostWire\.AppSpecialShare\dragon ball z shin budokai 2.iso.torrent.bak
c:\documents and settings\Owner\Application Data\FrostWire\.AppSpecialShare\Mike_Falzone_Fun_With_Honesty_frostclick.com_frostwire.com_MP3_192k_12282008.torrent
c:\documents and settings\Owner\Application Data\FrostWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\documents and settings\Owner\Application Data\FrostWire\checkandupdate.txt
c:\documents and settings\Owner\Application Data\FrostWire\createtimes.cache
c:\documents and settings\Owner\Application Data\FrostWire\downloads.dat
c:\documents and settings\Owner\Application Data\FrostWire\fileurns.bak
c:\documents and settings\Owner\Application Data\FrostWire\fileurns.cache
c:\documents and settings\Owner\Application Data\FrostWire\filters.props
c:\documents and settings\Owner\Application Data\FrostWire\frostwire.props
c:\documents and settings\Owner\Application Data\FrostWire\gnutella.net
c:\documents and settings\Owner\Application Data\FrostWire\installation.props
c:\documents and settings\Owner\Application Data\FrostWire\intent.props
c:\documents and settings\Owner\Application Data\FrostWire\library.dat
c:\documents and settings\Owner\Application Data\FrostWire\mojito.props
c:\documents and settings\Owner\Application Data\FrostWire\questions.props
c:\documents and settings\Owner\Application Data\FrostWire\responses.cache
c:\documents and settings\Owner\Application Data\FrostWire\simpp.xml
c:\documents and settings\Owner\Application Data\FrostWire\spam.dat
c:\documents and settings\Owner\Application Data\FrostWire\tables.props
c:\documents and settings\Owner\Application Data\FrostWire\themes\frostwirePro_theme.fwtp
c:\documents and settings\Owner\Application Data\FrostWire\themes\frostwirePro_theme\theme.txt
c:\documents and settings\Owner\Application Data\FrostWire\themes\frostwirePro_theme\version.txt
c:\documents and settings\Owner\Application Data\FrostWire\ttrees.cache
c:\documents and settings\Owner\Application Data\FrostWire\ttroot.cache
c:\documents and settings\Owner\Application Data\FrostWire\version.xml
c:\documents and settings\Owner\Application Data\FrostWire\xml\data\audio.sxml2
c:\program files\FrostWire
c:\program files\FrostWire\hs_err_pid1048.log
c:\program files\FrostWire\hs_err_pid2084.log
c:\program files\FrostWire\hs_err_pid2288.log
c:\program files\FrostWire\hs_err_pid3576.log
c:\program files\FrostWire\log.txt
c:\program files\FrostWire\seenMessages.dat
c:\program files\FrostWire\t-pain ft. ludacris - chopped & screwed.mp3
c:\windows\system32\jojilite.dll
c:\windows\system32\pazewaju.dll
c:\windows\system32\ponegiwu.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-25 to 2009-01-25 )))))))))))))))))))))))))))))))
.

2009-01-22 14:50 . 2001-08-17 14:07 56,960 --a--c--- c:\windows\system32\dllcache\aic78xx.sys
2009-01-22 14:50 . 2001-08-17 14:07 55,168 --a--c--- c:\windows\system32\dllcache\aic78u2.sys
2009-01-22 14:50 . 2001-08-17 12:11 27,678 --a--c--- c:\windows\system32\dllcache\ali5261.sys
2009-01-22 14:50 . 2001-08-17 13:49 26,624 --a--c--- c:\windows\system32\dllcache\alifir.sys
2009-01-22 14:50 . 2001-08-17 22:37 24,576 --a--c--- c:\windows\system32\dllcache\agcgauge.ax
2009-01-22 14:50 . 2001-08-17 13:52 12,800 --a--c--- c:\windows\system32\dllcache\aha154x.sys
2009-01-22 14:50 . 2001-08-17 13:51 5,248 --a--c--- c:\windows\system32\dllcache\aliide.sys
2009-01-22 14:49 . 2001-08-17 12:19 747,392 --a--c--- c:\windows\system32\dllcache\adm8830.sys
2009-01-22 14:49 . 2001-08-17 12:19 584,448 --a--c--- c:\windows\system32\dllcache\adm8810.sys
2009-01-22 14:49 . 2001-08-17 12:19 553,984 --a--c--- c:\windows\system32\dllcache\adm8820.sys
2009-01-22 14:49 . 2001-08-17 14:07 101,888 --a--c--- c:\windows\system32\dllcache\adpu160m.sys
2009-01-22 14:49 . 2001-08-17 22:36 61,440 --a--c--- c:\windows\system32\dllcache\acerscad.dll
2009-01-22 14:49 . 2001-08-17 12:11 46,112 --a--c--- c:\windows\system32\dllcache\adptsf50.sys
2009-01-22 14:49 . 2001-08-17 12:11 20,160 --a--c--- c:\windows\system32\dllcache\adm8511.sys
2009-01-22 14:49 . 2002-08-29 00:00 10,880 --a--c--- c:\windows\system32\dllcache\admjoy.sys
2009-01-22 14:49 . 2001-08-17 13:53 7,424 --a--c--- c:\windows\system32\dllcache\adicvls.sys
2009-01-22 14:47 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll
2009-01-22 04:44 . 2009-01-22 14:31 3,739 --a------ c:\windows\imsins.BAK
2009-01-22 03:12 . 2009-01-22 03:12 <DIR> d-------- c:\documents and settings\Owner\Application Data\WinPatrol
2009-01-22 03:05 . 2009-01-22 03:05 <DIR> d-------- c:\program files\BillP Studios
2009-01-22 02:14 . 2009-01-22 00:48 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-22 00:49 . 2009-01-22 00:48 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-22 00:38 . 2009-01-22 00:38 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-20 04:04 . 2009-01-20 04:04 685,056 --a------ c:\windows\isRS-000.tmp
2009-01-20 03:57 . 2009-01-20 04:04 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-20 03:57 . 2009-01-20 03:57 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-01-20 03:57 . 2009-01-20 03:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-20 03:57 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-20 03:57 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-15 19:48 . 2009-01-15 19:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-01-09 21:55 . 2009-01-13 23:06 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-08 03:48 . 2009-01-08 03:48 <DIR> d-------- c:\documents and settings\Owner\Application Data\Viewpoint
2009-01-08 00:10 . 2009-01-08 00:10 <DIR> d-------- c:\program files\AVG
2009-01-07 22:17 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-01-07 22:17 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-07 22:16 . 2009-01-07 22:17 <DIR> d-------- c:\program files\iTunes
2009-01-07 22:16 . 2009-01-07 22:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-31 00:15 . 2008-04-13 20:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-31 00:15 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-26 16:05 . 2008-12-26 16:05 <DIR> d-------- c:\program files\Common Files\xing shared
2008-12-26 15:14 . 2008-12-26 15:14 <DIR> d-------- c:\program files\Bonjour
2008-12-26 15:13 . 2008-12-26 15:14 <DIR> d-------- c:\program files\QuickTime
2008-12-26 15:10 . 2008-12-26 15:10 <DIR> d-------- c:\program files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-22 05:37 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-22 04:34 --------- d-----w c:\program files\Common Files\AOL
2009-01-20 06:21 --------- d-----w c:\program files\CCleaner
2009-01-18 18:23 --------- d-----w c:\program files\Incomplete
2009-01-08 20:39 --------- d-----w c:\program files\Common Files\Adobe
2009-01-08 04:21 --------- d-----w c:\program files\Viewpoint
2009-01-08 04:21 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-01-08 04:15 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-08 04:15 --------- d-----w c:\documents and settings\Owner\Application Data\InstallShield
2009-01-08 04:08 --------- d-----w c:\program files\VstPlugins
2009-01-08 03:16 --------- d-----w c:\program files\iPod
2009-01-08 03:16 --------- d-----w c:\program files\Common Files\Apple
2008-12-26 21:05 --------- d-----w c:\program files\Common Files\Real
2008-12-23 02:37 --------- d-----w c:\program files\ScanningSuite
2008-12-20 03:04 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Corporation
2008-12-19 07:42 --------- d-----w c:\program files\Zune
2008-12-19 06:56 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-12-19 06:56 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-07 19:22 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-11-26 00:23 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-11-26 00:23 --------- d-----w c:\program files\Java
2008-11-16 17:07 26,520 -c--a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-11-10 17:23 60,032 ----a-w c:\windows\system32\ZuneBusEnum.exe
2008-11-10 17:23 243,840 ----a-w c:\windows\system32\ZuneWlanCfgSvc.exe
2005-12-02 17:58 286,720 -c--a-w c:\documents and settings\Motorola Phone Tools\RasCnxMngr.dll
2005-11-30 16:48 1,646,592 -c--a-w c:\documents and settings\Motorola Phone Tools\SyncEngine.dll
2005-11-24 22:03 724,992 -c--a-w c:\documents and settings\Motorola Phone Tools\mPhonetools.exe
2005-11-24 22:03 634,880 -c--a-w c:\documents and settings\Motorola Phone Tools\Calendar.dll
2005-11-24 22:02 827,392 -c--a-w c:\documents and settings\Motorola Phone Tools\wfp2n.dll
2005-11-24 22:02 61,440 -c--a-w c:\documents and settings\Motorola Phone Tools\Toshiba.dll
2005-11-24 22:02 192,512 -c--a-w c:\documents and settings\Motorola Phone Tools\MngDriver.dll
2005-11-24 22:02 135,168 -c--a-w c:\documents and settings\Motorola Phone Tools\WFP1N.dll
2005-11-24 22:02 1,044,480 -c--a-w c:\documents and settings\Motorola Phone Tools\Phonebk.dll
2005-11-24 22:01 176,128 -c--a-w c:\documents and settings\Motorola Phone Tools\CAgdOutlook.dll
2005-11-17 17:42 22,768 -c--a-w c:\documents and settings\Owner\usbsermpt.sys
2005-10-21 15:18 151,552 -c--a-w c:\documents and settings\Motorola Phone Tools\Pbkres.dll
2005-10-20 18:37 94,208 -c--a-w c:\documents and settings\Motorola Phone Tools\pbkoutlk.dll
2005-10-20 18:35 77,824 -c--a-w c:\documents and settings\Motorola Phone Tools\PBKBVRP.dll
2005-10-20 18:35 69,632 -c--a-w c:\documents and settings\Motorola Phone Tools\PbkExchg.dll
2005-10-20 18:35 61,440 -c--a-w c:\documents and settings\Motorola Phone Tools\PBKOE.dll
2005-10-20 18:35 57,344 -c--a-w c:\documents and settings\Motorola Phone Tools\PbkODBC.dll
2005-10-20 18:35 49,152 -c--a-w c:\documents and settings\Motorola Phone Tools\PbkLN.dll
2005-10-20 18:35 299,008 -c--a-w c:\documents and settings\Motorola Phone Tools\PbkUser.dll
2005-10-20 18:34 86,016 -c--a-w c:\documents and settings\Motorola Phone Tools\PBKENGINE.dll
2005-10-19 15:37 122,880 -c--a-w c:\documents and settings\Motorola Phone Tools\AgdBd.dll
2005-10-19 14:38 90,112 -c--a-w c:\documents and settings\Motorola Phone Tools\CalEngine.dll
2005-10-18 19:41 344,064 -c--a-w c:\documents and settings\Motorola Phone Tools\MelodyEdit.dll
2005-10-18 16:25 1,650,688 -c--a-w c:\documents and settings\Motorola Phone Tools\VideoEditor.dll
2005-10-14 22:44 36,864 -c--a-w c:\documents and settings\Motorola Phone Tools\ModExch.dll
2005-10-13 16:08 401,408 -c--a-w c:\documents and settings\Motorola Phone Tools\ModemWiz.dll
2005-10-12 22:38 139,264 -c--a-w c:\documents and settings\Motorola Phone Tools\CAgdLNote.dll
2005-10-12 16:48 577,536 -c--a-w c:\documents and settings\Motorola Phone Tools\MExplorer.dll
2005-10-04 16:17 368,640 -c--a-w c:\documents and settings\Motorola Phone Tools\BtWizard.dll
2005-09-29 16:01 405,504 -c--a-w c:\documents and settings\Motorola Phone Tools\BvrpCtln.dll
2005-09-27 22:56 73,728 -c--a-w c:\documents and settings\Motorola Phone Tools\Comm.dll
2005-09-27 19:41 28,672 -c--a-w c:\documents and settings\Motorola Phone Tools\Aboutn.dll
2005-09-22 19:51 94,208 -c--a-w c:\documents and settings\Motorola Phone Tools\WidComm.dll
2005-09-21 22:43 196,608 -c--a-w c:\documents and settings\Motorola Phone Tools\LogoEdit.dll
2005-09-21 18:10 73,728 -c--a-w c:\documents and settings\Motorola Phone Tools\msbt.dll
2005-09-19 14:48 81,920 -c--a-w c:\documents and settings\Motorola Phone Tools\NewUI.dll
2005-09-12 21:56 258,048 -c--a-w c:\documents and settings\Motorola Phone Tools\LiveUpdateClientTools.dll
2005-09-12 17:52 143,360 -c--a-w c:\documents and settings\Motorola Phone Tools\OLRegist.dll
2005-09-09 15:43 380,928 -c--a-w c:\documents and settings\Motorola Phone Tools\MMCenter.exe
2005-09-07 19:50 733,184 -c--a-w c:\documents and settings\Motorola Phone Tools\MmsKrnl.dll
2005-09-06 20:55 159,744 -c--a-w c:\documents and settings\Motorola Phone Tools\MMSEdit.dll
2005-09-05 21:19 376,832 -c--a-w c:\documents and settings\Motorola Phone Tools\MOffice.exe
2005-09-05 20:52 69,632 -c--a-w c:\documents and settings\Motorola Phone Tools\MOSync.dll
2005-08-29 21:39 94,275 -c--a-w c:\documents and settings\Motorola Phone Tools\ObexKrnl.dll
2005-08-18 22:45 98,304 -c--a-w c:\documents and settings\Motorola Phone Tools\DxFile.dll
2005-08-18 22:45 57,344 -c--a-w c:\documents and settings\Motorola Phone Tools\Codec.dll
2005-08-18 22:45 335,872 -c--a-w c:\documents and settings\Motorola Phone Tools\MpegDecode.dll
2005-08-18 22:45 307,200 -c--a-w c:\documents and settings\Motorola Phone Tools\MP4ACodec.dll
2005-08-18 22:45 266,240 -c--a-w c:\documents and settings\Motorola Phone Tools\MpegEncode.dll
2005-08-18 22:45 122,880 -c--a-w c:\documents and settings\Motorola Phone Tools\h263Encode.dll
2005-08-18 22:45 106,496 -c--a-w c:\documents and settings\Motorola Phone Tools\H263Decode.dll
2005-08-18 22:44 86,016 -c--a-w c:\documents and settings\Motorola Phone Tools\FileAVI.dll
2005-08-18 22:44 73,728 -c--a-w c:\documents and settings\Motorola Phone Tools\File3GP.dll
2005-08-18 22:44 49,152 -c--a-w c:\documents and settings\Motorola Phone Tools\FileTIT.dll
2005-08-18 22:44 425,984 -c--a-w c:\documents and settings\Motorola Phone Tools\Mpeg12Output.dll
2005-08-18 22:44 229,376 -c--a-w c:\documents and settings\Motorola Phone Tools\AudioInterface.dll
2005-08-18 22:43 331,776 -c--a-w c:\documents and settings\Motorola Phone Tools\amrstreamconv.dll
2005-08-16 20:59 303,104 -c--a-w c:\documents and settings\Motorola Phone Tools\MailUser.dll
2005-08-12 15:29 77,824 -c--a-w c:\documents and settings\Motorola Phone Tools\OutlSync.dll
2005-08-12 15:29 77,824 -c--a-w c:\documents and settings\Motorola Phone Tools\Outl97.dll
2005-08-11 17:33 65,589 -c--a-w c:\documents and settings\Motorola Phone Tools\bvrpnac.dll
2005-08-04 20:31 73,728 -c--a-w c:\documents and settings\Motorola Phone Tools\wfcomrc.dll
2005-07-29 17:49 86,016 -c--a-w c:\documents and settings\Motorola Phone Tools\PrintCalendar.dll
2005-07-25 20:35 45,056 -c--a-w c:\documents and settings\Motorola Phone Tools\FileTransZM.dll
2005-07-20 18:53 61,440 -c--a-w c:\documents and settings\Motorola Phone Tools\QCDMExplorer.dll
2005-06-30 17:08 24,576 -c--a-w c:\documents and settings\Motorola Phone Tools\HrMapi.dll
2005-06-30 16:28 499,712 -c--a-w c:\documents and settings\Motorola Phone Tools\OpeIcons.dll
2005-06-30 16:12 45,056 -c--a-w c:\documents and settings\Motorola Phone Tools\TxtToPgf.dll
2005-06-14 14:27 131,072 -c--a-w c:\documents and settings\Motorola Phone Tools\MailKrnl.dll
2005-04-15 18:38 53,248 -c--a-w c:\documents and settings\Motorola Phone Tools\VObject.dll
2005-04-14 21:08 65,536 -c--a-w c:\documents and settings\Motorola Phone Tools\Users.dll
2005-03-29 20:34 24,576 -c--a-w c:\documents and settings\Motorola Phone Tools\Prpgf2n.dll
2005-03-21 22:28 36,864 -c--a-w c:\documents and settings\Motorola Phone Tools\Pager.dll
2005-02-03 20:59 163,840 -c--a-w c:\documents and settings\Motorola Phone Tools\ScreenCapture.dll
2005-01-26 20:39 49,152 -c--a-w c:\documents and settings\Motorola Phone Tools\WgViewer.dll
2006-12-12 15:44 88 --sh--r c:\windows\system32\96E6365097.sys
2006-12-12 15:44 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-08-27 01:52 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082620080827\index.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.


---- c:\windows\system32\drivers\Lbd.sys ----
Company: Lavasoft AB
File Description: Boot Driver
File Version: 1.0.00.000 built by: WinDDK
Product Name: Ad-Aware
Copyright: Copyright (c) Lavasoft AB 2008
Original file name: Lbd.sys
MD5: 0a2e3fd4a18962741b760c218e67813a


((((((((((((((((((((((((((((( snapshot@2009-01-24_15.08.53.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-22 06:22:59 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-24 20:27:58 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-22 06:22:59 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-24 20:27:58 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-22 06:22:59 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-24 20:27:58 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-25 07:54:25 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1129679374\ee\AOLSoftware.exe" [2008-06-24 41824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-25 136600]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 99480]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-10-07 90112]
"MPFEXE"="c:\program files\mcafee.com\personal firewall\MPFTray.exe" [2006-03-07 992808]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-26 185872]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-22 507224]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2008-09-26 11:02 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler]
--a------ 2006-11-20 15:42 8784 c:\program files\Common Files\AOL\1129679374\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-02-23 15:43 3026944 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sscRun]
--a------ 2006-11-20 15:42 153168 c:\program files\Common Files\AOL\1129679374\ee\sscRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-12-26 16:04 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-02-23 15:43 753664 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129679374\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129679374\\ee\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129679374\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\New Folder\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Symantec_Client_Security\\Symantec AntiVirus\\VPC32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\New Folder\\Warcraft III\\War3.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\VS7Debug\\mdm.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-22 64160]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 942416]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2007-02-15 50048]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a08731b-b1f1-11dd-957a-00038a000015}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e29e9c46-eff5-11dc-92f7-00038a000015}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-22 00:48]

2009-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.optonline.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} - hxxp://pictures.aolcdn.com/ap/Resources ... .3.2.3.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1hbe6j5n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/red ... 706&query={searchTerms}&invocationType=tb50fftrie7
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox ... S:official
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?inv ... rab&query=
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-25 03:37:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MPFEXE = "c:\program files\mcafee.com\personal firewall\MPFTray.exe"????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-25 3:42:21
ComboFix-quarantined-files.txt 2009-01-25 08:41:08
ComboFix2.txt 2009-01-24 20:10:29

Pre-Run: 77,360,566,272 bytes free
Post-Run: 77,340,225,536 bytes free

368 --- E O F --- 2009-01-24 06:33:20

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:17:17 PM, on 1/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\AOL\1129679374\ee\AOLSoftware.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Common Files\AOL\1129679374\ee\aolsoftware.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1129679374\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1129679374\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\mcafee.com\personal firewall\MPFTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9304249234
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8343836328
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/downloa ... YAX29b.cab
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} - http://pictures.aolcdn.com/ap/Resources ... .3.2.3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9189 bytes
Angelace23
Active Member
 
Posts: 6
Joined: January 22nd, 2009, 4:37 am

Re: Internet windows randomly pop up

Unread postby Bio-Hazard » January 25th, 2009, 3:14 pm

Hello!

Could you please empty this folder: C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine

Delete this file: C:\Documents and Settings\Owner\My Documents\My Music\FrostWire\Incomplete\T-3515162-voyeurism disturbia - greatest hits.wma


Remove HijackThis entries

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE


  • Close all open windows and browsers/email etc...
  • Click on the Fix Checked button
  • When completed close the application.



Update Adobe Reader

Please uninstall older version of Adobe Reader before installing the latest version

  • Click Start
  • Control Panel
  • Double clicking on Add/Remove Programs
  • Locate older version of Adobe Reader and click on Change/Remove to uninstall it
  • Click HERE to download the latest version of Adobe Acrobat Reader.
  • Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you. If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
  • Close your Internet browser and open it again.


Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:
  • A fresh HijackThis Log ( after all the above has been done)
  • A description of how your computer is behaving
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Internet windows randomly pop up

Unread postby Angelace23 » January 25th, 2009, 8:57 pm

The computer is running good, the startup is taking a little time, but its not horrible. Heres the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:43:27 PM, on 1/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1129679374\ee\AOLSoftware.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\AOL\1129679374\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
c:\program files\common files\aol\1129679374\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1129679374\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\mcafee.com\personal firewall\MPFTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9304249234
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8343836328
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/downloa ... YAX29b.cab
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} - http://pictures.aolcdn.com/ap/Resources ... .3.2.3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9179 bytes
Angelace23
Active Member
 
Posts: 6
Joined: January 22nd, 2009, 4:37 am

Re: Internet windows randomly pop up

Unread postby Bio-Hazard » January 26th, 2009, 3:40 am

These will speed up your startup little bit. Those entries are not needed.

Remove HijackThis entries

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1129679374\ee\AOLSoftware.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler


  • Close all open windows and browsers/email etc...
  • Click on the Fix Checked button
  • When completed close the application.



Your log now appears to be clean. Congratulations!

You can get rid of the tools we used:
  • ATF Cleaner(You can just delete the exe file from your desktop)
  • DDS(You can just delete the exe file from your desktop)

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints. You need to be registered to post as, unfortunately, we were hit with too many spam posts to allow guest posting to continue. Just find your country room and register your complaint.

    Delete ComboFix and Clean Up
    Click Start > Run > type combofix /u > OK (Note the space between combofix and /u)
    Image
    Please advise if this step is missed for any reason as it performs some important actions.

    Protection Programs
    Don't forget to re-enable any protection programs we disabled during your fix.

    You can now re-enable Lavasofts Ad-Watch

    General Security and Computer Health
    Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

    • Make sure that you keep your antivirus updated
      New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
      NOTE: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

    • Security Updates for Windows, Internet Explorer & Microsoft Office
      Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
      NOTE: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
    • Update Non-Microsoft Programs
      Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector or
      F-secure Health Check. I suggest that you run one of them at least once a month.
    • Make Internet Explorer More Secure
      You are using Internet Explorer v. 7. Therefore please read and follow the recommendations at this SITE


    Recommended Programs

    I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

    • WinPatrol
      As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
    • SpywareBlaster
      SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE.
    • Malwarebytes' Anti-Malware
      Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.You can download Malwarebytes' Anti-Malware from HERE. Here are two tutorials: Malwarebytes' Anti-Malware Setup Guide and Malwarebytes' Anti-Malware Scanning Guide.
    • Hosts File
      For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
    • Use an alternative Internet Browser
      Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:Firefox or Opera


Finally I am trying to make one point very clear. It is ABSOLUTELY ESSENTIAL to keep all of your security programs up to date.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!

Bio-Hazard
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Internet windows randomly pop up

Unread postby Angelace23 » January 26th, 2009, 5:44 pm

Yup, definitely helped. Thanks for everything, I appreciate it. Take care
Angelace23
Active Member
 
Posts: 6
Joined: January 22nd, 2009, 4:37 am

Re: Internet windows randomly pop up

Unread postby NonSuch » January 27th, 2009, 2:47 pm

As this issue is resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 296 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware