Free Malware Removal Forum

by **reaperofelement** » May 1st, 2009, 1:32 pm

Hi my names Chris, I think I have Maleware on my computer and I don't know how to get it off. My computer doesn't allow me to run system restore or defrag. Brings me to random websites when I'm surfing the internet like on google. Also, everytime I restart my computer I always have to turn my firewall back on cause it is randimly turned off. I thank you ahead of time for your time. Here is my HiJackThis log that I ran.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:25:51 PM, on 5/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\DOCUME~1\CHRISJ~1\LOCALS~1\Temp\Google Toolbar\gtb2.tmp.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.watch-movies-links.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - d:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google

Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program

Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - d:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - D:\Program Files\Google\Google

Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh

Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google

Toolbar\GoogleToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - D:\Program Files\Veoh

Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - D:\Program Files\Veoh Networks\Veoh Video

Compass\SearchRecsPlugin.dll
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) -

http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -

http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://gfx2.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.microsoft.com/windows ... 6342352765
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -

http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftup ... 9072450140
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -

https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05A6128C-C0F4-4DEE-B3AC-485D775D3A7F}: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.120,85.255.112.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{05A6128C-C0F4-4DEE-B3AC-485D775D3A7F}: NameServer = 85.255.112.120,85.255.112.83
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CS2\Services\Tcpip\..\{05A6128C-C0F4-4DEE-B3AC-485D775D3A7F}: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CS3\Services\Tcpip\..\{05A6128C-C0F4-4DEE-B3AC-485D775D3A7F}: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.19,85.255.112.120
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - D:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

--
End of file - 6557 bytes

by **MWR 3 day Mod** » May 4th, 2009, 2:20 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.

by **flashh4** » May 4th, 2009, 8:26 pm

Hello and welcome to the forums. First i need you to uncheck WORD WRAP.
In Notepad click on FORMAT in the top menu bar and uncheck WORD WRAP. This will stop the separated lines in HJT log.

Please do not run any other programs with out my permission !!
Run all programs in the order posted !!!!!

My name is flashh4 and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
4. Please note you'll need to have Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
5. Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.
6. Please post all request .......... not as a Attachment.

If you can do those things, everything should go smoothly.

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Note: I am still in training at Malware Removal, however I will be working under the direct supervision of one of our Malware Experts. Any recommendations will first be approved before being given to you. Because of this, there may be a short delay in getting our responses to you, however be assured that we will be working diligently on your problem.

I will be back as soon as possible with a fix !!
In the mean time can you give me an Uninstall list please !!

Open HijackThis.
Click on the Open the Misc Tools section button.
Look under System tools.
Click on the Open Uninstall Manager... button.
Click on the Save list... button.
It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
Notepad will open. Please post this log in your next reply.

*Notes*
1. It would be very helpful if you informed me of which Antivirus and Firewall you are running or if it's disabled.
2. There is a 5 day limit which you must respond to this topic or it will be closed. Then you will have to start a new topic.

Please post next:
1. New HJT log
2. Uninstall List

Thanks
Chuck

by **reaperofelement** » May 6th, 2009, 5:07 pm

I have Mcafee Installed on my computer for a firewall but I dont really ever use it, I keep it disabled, and I just installed it recently when this problem happened. I bearly ever keep it running, I just scanned once for a virus didn't find anything. But he is the information you requested. How I think I got whatever I have is through a movie I downloaded from a site. It opened WMP and asked to update a activeXcontrol or something like that I hit ok and yes. Well afterwards it still was unplayable. I deleted the file right after (the movie that is). Was from Mininova.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:40 PM, on 5/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.watch-movies-links.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - d:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - d:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - D:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - D:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6342352765
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9072450140
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05A6128C-C0F4-4DEE-B3AC-485D775D3A7F}: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.120,85.255.112.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{05A6128C-C0F4-4DEE-B3AC-485D775D3A7F}: NameServer = 85.255.112.120,85.255.112.83
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CS2\Services\Tcpip\..\{05A6128C-C0F4-4DEE-B3AC-485D775D3A7F}: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CS3\Services\Tcpip\..\{05A6128C-C0F4-4DEE-B3AC-485D775D3A7F}: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.19,85.255.112.120
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

--
End of file - 6518 bytes

Uninstall List

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player ActiveX
Adobe Reader 9
AIM 6
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
Camgoo TwoPlay
CCleaner (remove only)
Conexant AC-Link Audio
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
Defraggler (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DotA Client Build 2.2 Beta
DotA Client Build 2.3 Beta
Download Manager 2.3.6
Garena
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Java(TM) 6 Update 11
Java(TM) 6 Update 7
K-Lite Codec Pack 3.2.5 Standard
LimeWire 4.18.8
McAfee SecurityCenter
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
MSN
Philips SPC 600NC PC Camera
Philips VLounge
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
SIPPS
Soft Data Fax Modem with SmartCP
Synaptics Pointing Device Driver
Ventrilo Client
Veoh Video Compass
Veoh Web Player Beta
VeohTV BETA
Warkeys 1.13.1.0b
WinAce Archiver
Windows Essentials Media Codec Pack 2.2
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinPcap 4.0.2

by **flashh4** » May 7th, 2009, 9:59 pm

Hi reaperofelement, i would advise you to keep Mcafee running as everyone needs the protection of a Fire Wall and a Antivirus.

Please download this tool from Microsoft.
Double click on MGADiag.exe to run it.
Click Continue.
The program will run. It takes a while to finish the diagnosis, please be patient.
Once done, click on Copy.
Open Notepad and paste the contents in. Save this file and post it in your next reply.

NEXT

REMOVE P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire 4.18.8

Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.

Post back a new HijackThis log and new Uninstall List, so we can continue cleaning your pc.

Thanks
Chuck

by **reaperofelement** » May 9th, 2009, 8:34 pm

I keep getting this message on the link you put.

Oops! This link appears to be broken.Suggestions:
Go to microsoft.com
Go to download.microsoft.com
Go to sitemap www.microsoft.com/sitemap
Search download.microsoft.com for download 7B1C3ADA 723B 4CC8 8949 7250397FA9CD mgadiag
Search on Google:

Google Toolbar Help - Why am I seeing this page?

©2009 Google - Google Home

Tried all the rest of them tried searching for like 15 mins for the program. I'm not to sure what its called, but I couldn't find the program. Unless you have a different link for me or could send it to me yourself we might have to try a new step. Grrr so aggravating. So what do I do next sir?

by **flashh4** » May 10th, 2009, 10:37 am

Hi reaperofelement, ok don't worry about running that program (MGADiag.exe) for now but the link works for me.

Go ahead and follow the other instructions above.

Post these: If P2P was Uninstalled
1. New HJT log
2. Uninstall List

Thanks
Chuck

by **reaperofelement** » May 10th, 2009, 2:51 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:47:12 PM, on 5/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.watch-movies-links.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - d:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - d:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - D:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - D:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6342352765
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9072450140
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05A6128C-C0F4-4DEE-B3AC-485D775D3A7F}: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.120,85.255.112.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{05A6128C-C0F4-4DEE-B3AC-485D775D3A7F}: NameServer = 85.255.112.120,85.255.112.83
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CS2\Services\Tcpip\..\{05A6128C-C0F4-4DEE-B3AC-485D775D3A7F}: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CS3\Services\Tcpip\..\{05A6128C-C0F4-4DEE-B3AC-485D775D3A7F}: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.19,85.255.112.120
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

--
End of file - 6561 bytes

Uninstall part :

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player ActiveX
Adobe Reader 9
AIM 6
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
Camgoo TwoPlay
CCleaner (remove only)
Conexant AC-Link Audio
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
Defraggler (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DotA Client Build 2.2 Beta
DotA Client Build 2.3 Beta
Download Manager 2.3.6
Garena
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Java(TM) 6 Update 11
Java(TM) 6 Update 7
K-Lite Codec Pack 3.2.5 Standard
McAfee SecurityCenter
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
MSN
Philips SPC 600NC PC Camera
Philips VLounge
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
SIPPS
Soft Data Fax Modem with SmartCP
Synaptics Pointing Device Driver
Ventrilo Client
Veoh Video Compass
Veoh Web Player Beta
VeohTV BETA
Warkeys 1.13.1.0b
WinAce Archiver
Windows Essentials Media Codec Pack 2.2
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinPcap 4.0.2

But yeah I dont know why that link wont work for me. Maybe its part of the adware or malware whatever it is. Cause I think when I first got it, I couldn't run a windows update. Wouldnt let me goto the windowsmicrost webpage. I can now though. Hope you can find out whats going on though. Slowing my computer down. Even when I play WoW now, its so lagged and my FPS drops soo low, I don't know if you know anything on how to change that either.

by **flashh4** » May 10th, 2009, 5:16 pm

Hi reaperofelement, if you can get to MS website then you should be able to find the "Windows Validation Tool". (MGADiag.exe)

Lets continue.

Please download ATF cleaner
Make sure that all browser windows are closed.

ATF-Cleaner.exe

Main

Select All

Empty Selected

If you use Firefox browser

Firefox

Select All

Empty Selected

NOTE:

No

If you use Opera browser

Opera

Select All

Empty Selected

NOTE:

No

Click Exit on the Main menu to close the program.

...................................

If you want to keep your cookies !!

Please download ATF cleaner
Make sure that all browser windows are closed.

ATF-Cleaner.exe

Main

Select All

UNCHECK

Empty Selected

If you use Firefox browser

Firefox

Select All

UNCHECK

Empty Selected

NOTE:

No

If you use Opera browser

Opera

Select All

UNCHECK

Empty Selected

NOTE:

No

Click Exit on the Main menu to close the program.

NEXT

Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop. to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Close the Notepad file.
The log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

NEXT

Download and Run RSIT

Please download Random's System Information Tool by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
- log.txt will be opened maximized.
- info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.

Please post next
1. Malwarebytes' log
2. RSIT >> Please post the contents of both log.txt and info.txt.
No need to post a New HJT log RSIT will make one for us.

Thanks
Chuck

by **reaperofelement** » May 10th, 2009, 10:40 pm

Hi Chuck, well I downloaded the Malware Bytes thing, its on my desktop followed the instructions, had both updates and lauch checked, clicked finish. Afterwards it did nothing, so I tried opening the program still nothing never opened. So I restarted my computer still nothing when I try to open it, dbl click it doesnt open or run nothing at all. Also when I clicked on the link it did that same Google Oops sorry this link is missing thing like it did for the Microsoft thing. I just ended up googling The program and downloaded it from Majorgeeks the same website you had me Download the first program to clear cache etc. The RSIT link worked fine. Was wondering what u want me to do should I run RSIT anyways and post a log, or is there a way I can bypass to run this Malware Bytes. Thanks Chuck talk to you soon.

by **flashh4** » May 12th, 2009, 8:11 am

Hi reaperofelement, lets run Malwarebytes in "Safe Mode." Now I will be asking you to boot into Safe Mode for the next part of the fix. It may prove beneficial if you print of the following instructions or save them to notepad as you will not have Internet access whilst in the aforementioned safe mode.

How to boot into Safe Mode:

Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should come up where you will be given the option to enter Safe Mode, do so.

If any problems refer to this tutorial.

In safe mode carry out the following:

[*]Double-click mbam icon
[*]Once the program has loaded, select Perform full scan, then click Scan.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
[*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Save the MBAM scan report to post in next reply.

Now boot back to "Normal Mode" and run RSIT as instructed above.

Post Next:
1. Malwarebytes Log
2. RSIT logs ( Please post the contents of both log.txt and info.txt.)
I need the RSIT logs regardless of what happens with running Malwarebytes.

Thanks
Chuck

by **reaperofelement** » May 12th, 2009, 4:55 pm

Hey Chuck, so yeah I couldn't run Safe Mode, got stuck on a black screen with all the Multi disk stuff finding the file sto run safe mode or whatever that is. But I went ahead and ran the RSIT here's what I got.

Log file:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Chris Jablonski at 2009-05-12 16:49:18
Microsoft Windows XP Professional Service Pack 3
System drive D: has 38 GB (46%) free of 81 GB
Total RAM: 1022 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:49:24 PM, on 5/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
d:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Chris Jablonski\Desktop\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\Chris Jablonski.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.watch-movies-links.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - d:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - d:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - D:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - D:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6342352765
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9072450140
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05A6128C-C0F4-4DEE-B3AC-485D775D3A7F}: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CS2\Services\Tcpip\..\{05A6128C-C0F4-4DEE-B3AC-485D775D3A7F}: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CS3\Services\Tcpip\..\{05A6128C-C0F4-4DEE-B3AC-485D775D3A7F}: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CS4\Services\Tcpip\..\{05A6128C-C0F4-4DEE-B3AC-485D775D3A7F}: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.19,85.255.112.120
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

--
End of file - 6541 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\McDefragTask.job
D:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - D:\Program Files\Java\jre6\bin\ssv.dll [2008-12-02 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - d:\program files\mcafee\virusscan\scriptsn.dll [2006-07-14 67136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-05-01 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-17 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}]
CPub Object - d:\program files\mcafee\mps\mcpopup.dll [2006-07-27 185896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-01 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-02 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-02 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-06-19 352256]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - D:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-02-24 429816]
{52836EB0-631A-47B1-94A6-61F9D9112DAE} - Veoh Video Compass - D:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll [2009-02-13 404216]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-05-01 259696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-07-23 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
D:\Program Files\AIM6\aim6.exe [2008-08-06 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
D:\PROGRA~1\AVG\AVG8\avgtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
D:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
D:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
D:\Program Files\Download Manager\DLM.exe [2007-03-05 1103480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
D:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE REBOOT []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Codec Update Service]
D:\Program Files\Essentials Codec Pack\WECPUpdate.exe [2009-01-25 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP4 Player]
D:\Program Files\MP4 Player\mp4Player.exe hmw []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MskAgentexe]
D:\Program Files\McAfee\MSK\MskAgent.exe [2006-07-24 157264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
D:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
D:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
D:\Program Files\Norton Internet Security\osCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC ScanAndSweep]
D:\Program Files\Ascentive\PC ScanAndSweep\PCScanAndSweep.exe -m []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]
D:\Program Files\Ascentive\Performance Center\APCMain.exe -m []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phc600]
D:\WINDOWS\vphc600.exe [2005-07-20 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
D:\Program Files\QuickTime\qttask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Striker Pro]
D:\Program Files\Ascentive\Spyware Striker\SpywareStriker.exe -m []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
D:\Program Files\Java\jre6\bin\jusched.exe [2008-12-02 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-07-23 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
D:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
D:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-09-26 3660848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
D:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-02-24 3558136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^TrayMin600.exe.lnk]
D:\PROGRA~1\Philips\SPC600~1\TRAYMI~1.EXE [2005-07-12 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Chris Jablonski^Start Menu^Programs^Startup^My_AutoWarkey_Script.lnk]
D:\PROGRA~1\Warkeys\AUTOWA~1\AUTOHO~1\AUTOHO~1.EXE [2008-03-09 240640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3
"rpcapd"=3
"WMPNetworkSvc"=3
"WLSetupSvc"=3
"usnjsvc"=3
"MioNet"=2
"Viewpoint Manager Service"=2
"JavaQuickStarterService"=2
"avg8emc"=2
"avg8wd"=2
"SymAppCore"=2
"Symantec Core LC"=3
"ISPwdSvc"=3
"comHost"=3
"CLTNetCnService"=2
"ccSetMgr"=2
"ccEvtMgr"=2
"MSK80Service"=2
"MPS9"=2
"MpfService"=2
"mcusrmgr"=2
"mctskshd.exe"=2
"McSysmon"=2
"McShield"=2
"McRedirector"=2
"McProxy"=2
"mcpromgr"=2
"McODS"=2
"McNASvc"=2
"mcmispupdmgr"=2
"McLogManagerService"=2
"McAfee HackerWatch Service"=2
"Emproxy"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
D:\WINDOWS\system32\Ati2evxx.dll [2005-11-22 47104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Internet Explorer\iexplore.exe"="D:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"D:\Documents and Settings\Chris Jablonski\Local Settings\Temporary Internet Files\Content.IE5\K1IZW5U3\WoW-BurningCrusade-Trial-enUS-Installer-downloader[1].exe"="D:\Documents and Settings\Chris Jablonski\Local Settings\Temporary Internet Files\Content.IE5\K1IZW5U3\WoW-BurningCrusade-Trial-enUS-Installer-downloader[1].exe:*:Enabled:Blizzard Downloader"
"D:\Program Files\World of Warcraft\Launcher.exe"="D:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft"
"D:\Program Files\Download Manager\DLM.exe"="D:\Program Files\Download Manager\DLM.exe:*:Enabled:Download Manager"
"D:\Program Files\Warcraft III\Frozen Throne.exe"="D:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"D:\Program Files\Ventrilo\Ventrilo.exe"="D:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo"
"D:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="D:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"D:\Program Files\Common Files\AOL\Loader\aolload.exe"="D:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"D:\Program Files\AIM6\aim6.exe"="D:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"D:\Program Files\Warcraft III\pickup.listchecker.exe"="D:\Program Files\Warcraft III\pickup.listchecker.exe:*:Enabled:pickup.listchecker"
"D:\WINDOWS\system32\wupdmgr.exe"="D:\WINDOWS\system32\wupdmgr.exe:*:Enabled:wupdmgr"
"D:\Program Files\LimeWire\LimeWire.exe"="D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"D:\Program Files\World of Warcraft\BNUpdate.exe"="D:\Program Files\World of Warcraft\BNUpdate.exe:*:Enabled:BNUpdate"
"D:\Program Files\World of Warcraft\BackgroundDownloader.exe"="D:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:BackgroundDownloader"
"D:\Program Files\World of Warcraft\WoW-2.4.0.8089-to-2.4.1.8125-enUS-downloader.exe"="D:\Program Files\World of Warcraft\WoW-2.4.0.8089-to-2.4.1.8125-enUS-downloader.exe:*:Enabled:WoW-2.4.0.8089-to-2.4.1.8125-enUS-downloader"
"D:\Program Files\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-enUS-downloader.exe"="D:\Program Files\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-enUS-downloader.exe:*:Enabled:WoW-3.0.2.9056-to-3.0.3.9183-enUS-downloader"
"D:\Program Files\World of Warcraft\Updates\WoW-3.0.1-to-3.0.2-Update\Updater.exe"="D:\Program Files\World of Warcraft\Updates\WoW-3.0.1-to-3.0.2-Update\Updater.exe:*:Enabled:Updater"
"D:\Program Files\World of Warcraft\WoW-BurningCrusade-enUS-Slim-Installer\Installer.exe"="D:\Program Files\World of Warcraft\WoW-BurningCrusade-enUS-Slim-Installer\Installer.exe:*:Enabled:Installer"
"D:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe"="D:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe:*:Enabled:Acrobat.com"
"D:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft Installer\Installer.exe"="D:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft Installer\Installer.exe:*:Enabled:Installer"
"D:\Program Files\Messenger\msmsgs.exe"="D:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Program Files\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe"="D:\Program Files\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Documents and Settings\Chris Jablonski\Local Settings\Temp\Blizzard Launcher Temporary - 54807040\Launcher.exe"="D:\Documents and Settings\Chris Jablonski\Local Settings\Temp\Blizzard Launcher Temporary - 54807040\Launcher.exe:*:Enabled:Blizzard Launcher"
"D:\Documents and Settings\Chris Jablonski\Local Settings\Temp\Blizzard Launcher Temporary - 659823f0\Launcher.exe"="D:\Documents and Settings\Chris Jablonski\Local Settings\Temp\Blizzard Launcher Temporary - 659823f0\Launcher.exe:*:Enabled:Blizzard Launcher"
"D:\Documents and Settings\Chris Jablonski\My Documents\World of Warcraft Public Test\Launcher.exe"="D:\Documents and Settings\Chris Jablonski\My Documents\World of Warcraft Public Test\Launcher.exe:*:Enabled:Blizzard Launcher"
"D:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="D:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"D:\WINDOWS\system32\sessmgr.exe"="D:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"D:\Program Files\AVG\AVG8\avgui.exe"="D:\Program Files\AVG\AVG8\avgui.exe:*:Enabled:AVG Free User Interface"
"D:\Program Files\AVG\AVG8\avgtray.exe"="D:\Program Files\AVG\AVG8\avgtray.exe:*:Enabled:AVG Free Tray Icon"
"D:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"="D:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Program Files\Garena\Garena.exe"="D:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"D:\Documents and Settings\Chris Jablonski\Local Settings\Temp\7zS2.tmp\SymNRT.exe"="D:\Documents and Settings\Chris Jablonski\Local Settings\Temp\7zS2.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
"D:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="D:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2009-05-12 16:49:18 ----D---- D:\rsit
2009-05-11 16:38:15 ----D---- D:\Avenger
2009-05-11 16:38:14 ----A---- D:\avenger.txt
2009-05-10 22:29:30 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
2009-05-10 22:29:30 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-09 19:39:47 ----D---- D:\Documents and Settings\Chris Jablonski\Application Data\GetRightToGo
2009-04-29 16:55:17 ----A---- D:\WINDOWS\system32\dunzip32.dll
2009-04-29 16:53:16 ----D---- D:\Program Files\McAfee.com
2009-04-29 16:53:12 ----D---- D:\Program Files\Common Files\McAfee
2009-04-29 16:53:02 ----D---- D:\Program Files\McAfee
2009-04-29 16:52:42 ----D---- D:\Documents and Settings\All Users\Application Data\McAfee
2009-04-28 07:36:18 ----D---- D:\Program Files\Trend Micro
2009-04-22 03:26:39 ----D---- D:\Program Files\Garena
2009-04-16 03:00:47 ----D---- D:\Program Files\Defraggler
2009-04-13 03:46:43 ----A---- D:\WINDOWS\system32\capicom.dll
2009-04-13 03:46:39 ----D---- D:\Documents and Settings\All Users\Application Data\Symantec
2009-04-13 03:46:04 ----D---- D:\Program Files\Common Files\Symantec Shared
2009-04-06 20:28:33 ----SHD---- D:\Config.Msi
2009-04-06 20:27:59 ----D---- D:\WINDOWS\SxsCaPendDel
2009-04-06 20:17:31 ----AD---- D:\Documents and Settings\All Users\Application Data\TEMP
2009-04-06 17:35:25 ----HD---- D:\$AVG8.VAULT$
2009-04-06 17:15:31 ----D---- D:\Documents and Settings\All Users\Application Data\avg8
2009-03-26 17:19:57 ----A---- D:\WINDOWS\system32\BNCSutil.dll
2009-03-26 16:26:27 ----D---- D:\Documents and Settings\Chris Jablonski\Application Data\Media Player Classic
2009-03-22 17:50:11 ----D---- D:\Program Files\Warkeys

======List of files/folders modified in the last 3 months======

2009-05-12 16:46:34 ----D---- D:\WINDOWS\Temp
2009-05-12 16:37:35 ----A---- D:\WINDOWS\SchedLgU.Txt
2009-05-12 06:31:24 ----D---- D:\Program Files\Warcraft III
2009-05-12 04:18:59 ----D---- D:\WINDOWS\system32\CatRoot2
2009-05-12 00:48:09 ----D---- D:\WINDOWS\system32
2009-05-12 00:48:09 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2009-05-11 19:51:11 ----D---- D:\WINDOWS\Prefetch
2009-05-11 16:38:15 ----D---- D:\WINDOWS\system32\drivers
2009-05-10 23:14:52 ----D---- D:\Documents and Settings\Chris Jablonski\Application Data\uTorrent
2009-05-10 22:29:30 ----RD---- D:\Program Files
2009-05-10 21:54:50 ----D---- D:\WINDOWS
2009-05-10 14:44:34 ----D---- D:\Program Files\LimeWire
2009-05-10 14:42:52 ----D---- D:\Documents and Settings\Chris Jablonski\Application Data\LimeWire
2009-05-09 20:38:47 ----A---- D:\WINDOWS\win.ini
2009-05-09 20:38:47 ----A---- D:\WINDOWS\system.ini
2009-05-08 15:13:41 ----SHD---- D:\RECYCLER
2009-05-07 05:51:28 ----D---- D:\WINDOWS\system32\LogFiles
2009-05-05 17:13:18 ----D---- D:\Program Files\World of Warcraft
2009-05-01 13:59:15 ----SHD---- D:\WINDOWS\Installer
2009-04-29 17:05:43 ----HD---- D:\WINDOWS\inf
2009-04-29 16:53:41 ----SD---- D:\WINDOWS\Tasks
2009-04-29 16:53:12 ----D---- D:\Program Files\Common Files
2009-04-26 08:13:42 ----D---- D:\Program Files\Common Files\Blizzard Entertainment
2009-04-26 07:19:17 ----A---- D:\WINDOWS\NeroDigital.ini
2009-04-16 02:56:45 ----D---- D:\Program Files\CCleaner
2009-04-13 03:25:53 ----SD---- D:\Documents and Settings\Chris Jablonski\Application Data\Microsoft
2009-04-06 20:29:38 ----D---- D:\Documents and Settings\All Users\Application Data\Viewpoint
2009-04-06 20:27:59 ----D---- D:\WINDOWS\WinSxS
2009-04-06 20:27:54 ----D---- D:\Program Files\Common Files\Microsoft Shared
2009-03-28 16:16:29 ----D---- D:\Program Files\DotA Gaming Network
2009-03-26 16:14:21 ----D---- D:\Program Files\Essentials Codec Pack
2009-03-26 16:11:35 ----HD---- D:\Program Files\InstallShield Installation Information
2009-03-13 19:48:06 ----D---- D:\WINDOWS\Debug
2009-03-13 13:26:15 ----D---- D:\Program Files\Internet Explorer
2009-03-13 13:23:59 ----RSHDC---- D:\WINDOWS\system32\dllcache
2009-03-13 13:23:10 ----HD---- D:\WINDOWS\$hf_mig$
2009-03-03 01:17:12 ----D---- D:\Program Files\Veoh Networks
2009-02-27 07:24:09 ----D---- D:\Documents and Settings
2009-02-25 12:55:00 ----A---- D:\WINDOWS\system32\MRT.exe
2009-02-24 20:56:34 ----D---- D:\Documents and Settings\Chris Jablonski\Application Data\Ventrilo
2009-02-24 17:58:00 ----D---- D:\WINDOWS\network diagnostic
2009-02-24 17:52:47 ----SD---- D:\Documents and Settings\All Users\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;AMD HwPState Processor Driver; D:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 MPFP;MPFP; D:\WINDOWS\System32\Drivers\Mpfp.sys [2006-08-01 104536]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; D:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 mdmxsdk;mdmxsdk; D:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 Arp1394;1394 ARP Client Protocol; D:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; D:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-11-22 1410560]
R3 CAMCAUD;Conexant AMC Audio; D:\WINDOWS\system32\drivers\camc6aud.sys [2005-08-01 38016]
R3 CAMCHALA;CAMCHALA; D:\WINDOWS\system32\drivers\camc6hal.sys [2005-08-01 349312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; D:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 hidusb;Microsoft HID Class Driver; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; D:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-08-22 1035008]
R3 HSFHWATI;HSFHWATI; D:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]
R3 KMWDFILTER;HIDUASDesc; D:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]
R3 mfeavfk;McAfee Inc.; D:\WINDOWS\system32\drivers\mfeavfk.sys [2006-07-08 84744]
R3 mfebopk;McAfee Inc.; D:\WINDOWS\system32\drivers\mfebopk.sys [2006-07-14 33896]
R3 mfehidk;McAfee Inc.; D:\WINDOWS\system32\drivers\mfehidk.sys [2006-07-14 161768]
R3 mouhid;Mouse HID Driver; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NIC1394;1394 Net Driver; D:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 phc600;USB PC Camera (phc600); D:\WINDOWS\system32\DRIVERS\phc600.sys [2005-06-07 440064]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-12-02 118656]
R3 sdbus;sdbus; D:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; D:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-15 213696]
R3 usbaudio;USB Audio Driver (WDM); D:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; D:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464]
S1 kbdhid;Keyboard HID Driver; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; D:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-10-23 1391104]
S3 Bridge;MAC Bridge; D:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; D:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 mferkdk;McAfee Inc.; D:\WINDOWS\system32\drivers\mferkdk.sys [2006-07-14 31560]
S3 mfesmfk;McAfee Inc.; D:\WINDOWS\system32\drivers\mfesmfk.sys [2006-07-14 37800]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; D:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; D:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; D:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; D:\WINDOWS\system32\Ati2evxx.exe [2005-11-22 393216]
R2 McShield;McAfee Real-time Scanner; D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2006-07-14 140864]
S4 Emproxy;McAfee E-mail Proxy; D:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe [2006-07-22 341584]
S4 gusvc;Google Software Updater; D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-01 182768]
S4 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2008-12-02 152984]
S4 McAfee HackerWatch Service;McAfee HackerWatch Service; D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe [2006-07-24 554600]
S4 McLogManagerService;McAfee Log Manager; D:\PROGRA~1\McAfee\MSC\mclogsrv.exe [2006-07-22 178800]
S4 mcmispupdmgr;McAfee Update Manager; D:\PROGRA~1\McAfee\MSC\mcupdmgr.exe [2006-07-22 665200]
S4 McNASvc;McAfee Network Agent; d:\program files\common files\mcafee\mna\mcnasvc.exe [2006-07-21 2135592]
S4 McODS;McAfee Scanner; D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2006-07-14 353872]
S4 mcpromgr;McAfee Protection Manager; D:\PROGRA~1\McAfee\MSC\mcpromgr.exe [2006-07-22 473200]
S4 McProxy;McAfee Proxy Service; d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2006-07-22 341592]
S4 McRedirector;McAfee Redirector Service; d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe [2006-07-16 231008]
S4 McSysmon;McAfee SystemGuards; D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2006-07-14 624208]
S4 mctskshd.exe;McAfee Task Scheduler; D:\PROGRA~1\McAfee\MSC\mctskshd.exe [2006-07-22 189552]
S4 mcusrmgr;McAfee User Manager; D:\PROGRA~1\McAfee\MSC\mcusrmgr.exe [2006-07-22 304752]
S4 MpfService;McAfee Personal Firewall Service; D:\Program Files\McAfee\MPF\MPFSrv.exe [2006-07-25 804392]
S4 MPS9;McAfee Privacy Service; D:\Program Files\McAfee\MPS\mps.exe [2006-07-27 890408]
S4 MSK80Service;McAfee SpamKiller Service; D:\Program Files\McAfee\MSK\MskSrver.exe [2006-07-24 44624]
S4 rpcapd;Remote Packet Capture Protocol v.0 (experimental); D:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; D:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 Viewpoint Manager Service;Viewpoint Manager Service; D:\Program Files\Viewpoint\Common\ViewpointService.exe []
S4 WLSetupSvc;Windows Live Setup Service; D:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; D:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

Info file:

info.txt logfile of random's system information tool 1.06 2009-05-12 16:49:26

======Uninstall list======

-->D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->D:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->D:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX-->D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
AIM 6-->D:\Program Files\AIM6\uninst.exe
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->D:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 D:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Camgoo TwoPlay-->"D:\Program Files\Camgoo TwoPlay\unins000.exe"
CCleaner (remove only)-->"D:\Program Files\CCleaner\uninst.exe"
Conexant AC-Link Audio-->D:\Program Files\CONEXANT\CNXT_AUDIO\UIU32a.exe -U -ICPL309BA.INF
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07-->"D:\avi-dvd-pro\unins000.exe"
Defraggler (remove only)-->"D:\Program Files\Defraggler\uninst.exe"
DivX Codec-->D:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->D:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->D:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DotA Client Build 2.2 Beta-->"D:\Program Files\DotA Gaming Network\unins001.exe"
DotA Client Build 2.3 Beta-->"D:\Program Files\DotA Gaming Network\unins000.exe"
Download Manager 2.3.6-->D:\Program Files\Download Manager\uninst.exe
Garena-->D:\Program Files\Garena\uninst.exe
Google Toolbar for Internet Explorer-->"D:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 3.2.5 Standard-->"D:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->D:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"D:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"D:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
MSN-->D:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Philips SPC 600NC PC Camera-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{E3F26FE7-4BFF-4740-A5C5-A7DC32ED14BD}\setup.exe" -l0x9
Philips VLounge-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{269A4095-DB55-4D35-8FD0-39957D26BEEC}\Setup.exe" -l0x9
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"D:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"D:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"D:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"D:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"D:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"D:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
SIPPS-->D:\WINDOWS\UNSIPPS.exe /UNINSTALL
Soft Data Fax Modem with SmartCP-->D:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378\HXFSETUP.EXE -U -Icpl309bk.inf
Synaptics Pointing Device Driver-->rundll32.exe "D:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Veoh Video Compass-->D:\Program Files\Veoh Networks\Veoh Video Compass\uninst.exe
Veoh Web Player Beta-->"D:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
VeohTV BETA-->D:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Warkeys 1.13.1.0b-->D:\Program Files\Warkeys\uninst.exe
WinAce Archiver-->"D:\Program Files\WinAce\SXUNINST.EXE" "D:\Program Files\WinAce\SXUNINST.INI"
Windows Essentials Media Codec Pack 2.2-->D:\Program Files\Essentials Codec Pack\uninst.exe
Windows Internet Explorer 7-->"D:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"D:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"D:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"D:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"D:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"D:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 4.0.2-->D:\Program Files\WinPcap\uninstall.exe

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======System event log======

Computer Name: DRUID-6053DD59B
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 47
Source Name: Tcpip
Time Written: 20090406211219.000000-240
Event Type: warning
User:

Computer Name: DRUID-6053DD59B
Event Code: 7031
Message: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Record Number: 45
Source Name: Service Control Manager
Time Written: 20090406205333.000000-240
Event Type: error
User:

Computer Name: DRUID-6053DD59B
Event Code: 59
Message: Generate Activation Context failed for D:\PROGRA~1\AVG\AVG8\avgtray.exe.
Reference error message: The operation completed successfully.
.

Record Number: 5
Source Name: SideBySide
Time Written: 20090406204150.000000-240
Event Type: error
User:

Computer Name: DRUID-6053DD59B
Event Code: 59
Message: Resolve Partial Assembly failed for Microsoft.VC80.MFC.
Reference error message: The referenced assembly is not installed on your system.
.

Record Number: 4
Source Name: SideBySide
Time Written: 20090406204150.000000-240
Event Type: error
User:

Computer Name: DRUID-6053DD59B
Event Code: 32
Message: Dependent Assembly Microsoft.VC80.MFC could not be found and Last Error was The referenced assembly is not installed on your system.

Record Number: 3
Source Name: SideBySide
Time Written: 20090406204150.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: DRUID-6053DD59B
Event Code: 1000
Message: Faulting application avi2mpg.exe, version 5.0.0.1, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Record Number: 641
Source Name: Application Error
Time Written: 20081213070751.000000-300
Event Type: error
User:

Computer Name: DRUID-6053DD59B
Event Code: 1000
Message: Faulting application avi2mpg.exe, version 5.0.0.1, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Record Number: 639
Source Name: Application Error
Time Written: 20081213070252.000000-300
Event Type: error
User:

Computer Name: DRUID-6053DD59B
Event Code: 1000
Message: Faulting application avi2mpg.exe, version 5.0.0.1, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Record Number: 633
Source Name: Application Error
Time Written: 20081213064504.000000-300
Event Type: error
User:

Computer Name: DRUID-6053DD59B
Event Code: 1000
Message: Faulting application avi2mpg.exe, version 5.0.0.1, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Record Number: 631
Source Name: Application Error
Time Written: 20081213064108.000000-300
Event Type: error
User:

Computer Name: DRUID-6053DD59B
Event Code: 1000
Message: Faulting application avi2mpg.exe, version 5.0.0.1, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Record Number: 629
Source Name: Application Error
Time Written: 20081213063902.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;D:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2402
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;D:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=D:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

by **flashh4** » May 14th, 2009, 8:06 pm

Hi reaperofelement, Download and run Combofix

Lets run ComboFix.exe. Please visit one of these download links, and instructions for running the tool:

Link 1
Link 2
Link 3

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

Post Next:
1. ComboFix log
2. New HJT log

Thanks
Chuck

by **reaperofelement** » May 15th, 2009, 3:52 pm

Alrigth chuck, everything ran right this time, maybe whatever you had me do fixed what was going on. Here is the logs.

Combofix.log

ComboFix 09-05-15.01 - Chris Jablonski 05/15/2009 15:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.772 [GMT -4:00]
Running from: d:\documents and settings\Chris Jablonski\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\recycler\S-0-1-34-100013498-100029783-100014235-4921.com
c:\recycler\S-0-2-79-100017223-100006776-100029718-1619.com
c:\recycler\S-0-9-85-100024240-100025291-100010176-5020.com
c:\recycler\S-3-1-58-100026666-100006904-100016457-9531.com
c:\recycler\S-6-8-33-100008770-100025621-100007244-8313.com
c:\recycler\S-7-1-10-100031659-100004384-100017697-2980.com
c:\recycler\S-8-1-47-100027246-100017640-100002790-9991.com
c:\recycler\S-9-0-20-100013894-100011210-100013542-3595.com
c:\recycler\S-9-5-45-100010741-100001236-100002314-4307.com
c:\recycler\S-9-8-12-100026266-100017457-100015365-7325.com
D:\autorun.inf
d:\program files\Essentials Codec Pack
d:\program files\Essentials Codec Pack\FFDShow\audxlib.dll
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\andreas_78er.matrix.xcm
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\andreas_doppelte_99er.matrix.xcm
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\andreas_einfache_99er.matrix.xcm
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\Bulletproof's Heavy Compression Matrix.xcm
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\Bulletproof's High Quality Matrix.xcm
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\CG-Animation Matrix.xcm
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\eqm_autogk_sharp.xcm
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\eqm_avc_hr.cfg
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v1.xcm
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3ehr.xcm
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3hr.xcm
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3lr.xcm
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3uhr_rev2.xcm
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\eqm_v3ulr_rev3.xcm
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\hvs-best-picture.xcm
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\hvs-better-picture.xcm
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\hvs-good-picture.xcm
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\Low Bitrate Matrix.xcm
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\MPEG.xcm
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\pvcd.xcm
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\q_matrix.cfg
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\q_matrix_def.cfg
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\q_matrix2.cfg
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\Soulhunters V3.xcm
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\Soulhunters V5.xcm
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\Standard.xcm
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\Ultimate Matrix.xcm
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\Ultra Low Bitrate Matrix.xcm
d:\program files\Essentials Codec Pack\FFDShow\custom matrices\Very Low Bitrate Matrix.xcm
d:\program files\Essentials Codec Pack\FFDShow\ff_kernelDeint.dll
d:\program files\Essentials Codec Pack\FFDShow\ff_liba52.dll
d:\program files\Essentials Codec Pack\FFDShow\ff_libdts.dll
d:\program files\Essentials Codec Pack\FFDShow\ff_libfaad2.dll
d:\program files\Essentials Codec Pack\FFDShow\ff_libmad.dll
d:\program files\Essentials Codec Pack\FFDShow\ff_realaac.dll
d:\program files\Essentials Codec Pack\FFDShow\ff_samplerate.dll
d:\program files\Essentials Codec Pack\FFDShow\ff_theora.dll
d:\program files\Essentials Codec Pack\FFDShow\ff_tremor.dll
d:\program files\Essentials Codec Pack\FFDShow\ff_unrar.dll
d:\program files\Essentials Codec Pack\FFDShow\ff_vfw.dll
d:\program files\Essentials Codec Pack\FFDShow\ff_vfw.dll.manifest
d:\program files\Essentials Codec Pack\FFDShow\ff_wmv9.dll
d:\program files\Essentials Codec Pack\FFDShow\ff_x264.dll
d:\program files\Essentials Codec Pack\FFDShow\ffavisynth.avsi
d:\program files\Essentials Codec Pack\FFDShow\ffavisynth.dll
d:\program files\Essentials Codec Pack\FFDShow\ffdshow.ax
d:\program files\Essentials Codec Pack\FFDShow\ffdshow.ax.manifest
d:\program files\Essentials Codec Pack\FFDShow\ffvdub.vdf
d:\program files\Essentials Codec Pack\FFDShow\FLT_ffdshow.dll
d:\program files\Essentials Codec Pack\FFDShow\languages\ffdshow.1026.bg
d:\program files\Essentials Codec Pack\FFDShow\languages\ffdshow.1028.tc
d:\program files\Essentials Codec Pack\FFDShow\languages\ffdshow.1029.cz
d:\program files\Essentials Codec Pack\FFDShow\languages\ffdshow.1031.de
d:\program files\Essentials Codec Pack\FFDShow\languages\ffdshow.1033.en
d:\program files\Essentials Codec Pack\FFDShow\languages\ffdshow.1034.es
d:\program files\Essentials Codec Pack\FFDShow\languages\ffdshow.1035.fi
d:\program files\Essentials Codec Pack\FFDShow\languages\ffdshow.1036.fr
d:\program files\Essentials Codec Pack\FFDShow\languages\ffdshow.1038.hu
d:\program files\Essentials Codec Pack\FFDShow\languages\ffdshow.1040.it
d:\program files\Essentials Codec Pack\FFDShow\languages\ffdshow.1041.ja
d:\program files\Essentials Codec Pack\FFDShow\languages\ffdshow.1045.pl
d:\program files\Essentials Codec Pack\FFDShow\languages\ffdshow.1046.br
d:\program files\Essentials Codec Pack\FFDShow\languages\ffdshow.1049.ru
d:\program files\Essentials Codec Pack\FFDShow\languages\ffdshow.1051.sk
d:\program files\Essentials Codec Pack\FFDShow\languages\ffdshow.1053.se
d:\program files\Essentials Codec Pack\FFDShow\languages\ffdshow.2052.sc
d:\program files\Essentials Codec Pack\FFDShow\libavcodec.dll
d:\program files\Essentials Codec Pack\FFDShow\libmpeg2_ff.dll
d:\program files\Essentials Codec Pack\FFDShow\libmplayer.dll
d:\program files\Essentials Codec Pack\FFDShow\msvcr71.dll
d:\program files\Essentials Codec Pack\FFDShow\openIE.js
d:\program files\Essentials Codec Pack\FFDShow\TomsMoComp_ff.dll
d:\program files\Essentials Codec Pack\FFDShow\xvidcore.dll
d:\program files\Essentials Codec Pack\Gabset\FLVSplitter.ax
d:\program files\Essentials Codec Pack\Gabset\Mpeg2DecFilter.ax
d:\program files\Essentials Codec Pack\Gabset\VSFilter.dll
d:\program files\Essentials Codec Pack\Haali\avi.dll
d:\program files\Essentials Codec Pack\Haali\avs.dll
d:\program files\Essentials Codec Pack\Haali\avss.dll
d:\program files\Essentials Codec Pack\Haali\cue2xml.js
d:\program files\Essentials Codec Pack\Haali\dsmux.exe
d:\program files\Essentials Codec Pack\Haali\dxr.dll
d:\program files\Essentials Codec Pack\Haali\gdsmux.exe
d:\program files\Essentials Codec Pack\Haali\license.txt
d:\program files\Essentials Codec Pack\Haali\mkunicode.dll
d:\program files\Essentials Codec Pack\Haali\mkv2vfr.exe
d:\program files\Essentials Codec Pack\Haali\mkx.dll
d:\program files\Essentials Codec Pack\Haali\mkzlib.dll
d:\program files\Essentials Codec Pack\Haali\mmfinfo.dll
d:\program files\Essentials Codec Pack\Haali\mp4.dll
d:\program files\Essentials Codec Pack\Haali\ogm.dll
d:\program files\Essentials Codec Pack\Haali\splitter.ax
d:\program files\Essentials Codec Pack\Haali\ts.dll
d:\program files\Essentials Codec Pack\MediaRepair.exe
d:\program files\Essentials Codec Pack\mplayerc.exe
d:\program files\Essentials Codec Pack\uninst.exe
d:\program files\Essentials Codec Pack\WavPack\license.txt
d:\program files\Essentials Codec Pack\WavPack\WavPackDSDecoder.ax
d:\program files\Essentials Codec Pack\WavPack\WavPackDSSplitter.ax
d:\program files\Essentials Codec Pack\WECPUpdate.exe
d:\program files\Essentials Codec Pack\Windows Essentials Media Codec Pack.url
d:\recycler\S-0-1-34-100013498-100029783-100014235-4921.com
d:\windows\system32\drivers\gaopdxljffevmlmwxquwakixbtwmhkufkntobw.sys
d:\windows\system32\drivers\gaopdxnkcmtftpjbqlmpkuabuhyidntqlaetjb.sys
d:\windows\system32\drivers\gaopdxstjexgsnpiqhxnsvdkmrxwuywmttkbmq.sys
d:\windows\system32\drivers\gaopdxtyxubvmfjpypiqwerxduxxtavbdmwivs.sys
d:\windows\system32\drivers\gaopdxvxepargwvewbrfvxviyalkibgsatfmov.sys
d:\windows\system32\drivers\gaopdxwrtuirflxowpcqppptmpuiurdbqvrbvn.sys
d:\windows\system32\drivers\gaopdxxbcrmoddvcxeitypawyroducjdtnipqd.sys
d:\windows\system32\drivers\gxvxcserv.sys
d:\windows\system32\gaopdxcounter
d:\windows\system32\gaopdxtrpnqocuhnkcltbfhhkdmcorvxejdnix.dll
E:\Autorun.inf
e:\recycler\S-0-1-34-100013498-100029783-100014235-4921.com
e:\recycler\S-0-2-79-100017223-100006776-100029718-1619.com
e:\recycler\S-0-9-85-100024240-100025291-100010176-5020.com
e:\recycler\S-3-1-58-100026666-100006904-100016457-9531.com
e:\recycler\S-6-8-33-100008770-100025621-100007244-8313.com
e:\recycler\S-7-1-10-100031659-100004384-100017697-2980.com
e:\recycler\S-8-1-47-100027246-100017640-100002790-9991.com
e:\recycler\S-9-0-20-100013894-100011210-100013542-3595.com
e:\recycler\S-9-5-45-100010741-100001236-100002314-4307.com
e:\recycler\S-9-8-12-100026266-100017457-100015365-7325.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys

((((((((((((((((((((((((( Files Created from 2009-04-15 to 2009-05-15 )))))))))))))))))))))))))))))))
.

2009-05-12 20:49 . 2009-05-12 20:49 -------- d-----w D:\rsit
2009-05-11 02:29 . 2009-04-06 19:32 15504 ----a-w d:\windows\system32\drivers\mbam.sys
2009-05-11 02:29 . 2009-04-06 19:32 38496 ----a-w d:\windows\system32\drivers\mbamswissarmy.sys
2009-05-11 02:29 . 2009-05-11 02:29 -------- d-----w d:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-11 02:29 . 2009-05-11 02:29 -------- d-----w d:\program files\Malwarebytes' Anti-Malware
2009-05-09 23:39 . 2009-05-09 23:41 -------- d-----w d:\documents and settings\Chris Jablonski\Application Data\GetRightToGo
2009-05-01 05:03 . 2009-05-01 05:03 201 ----a-w d:\windows\nsreg.dat
2009-04-29 20:55 . 2006-03-03 15:07 143360 ----a-w d:\windows\system32\dunzip32.dll
2009-04-29 20:54 . 2006-07-14 04:09 31560 ----a-w d:\windows\system32\drivers\mferkdk.sys
2009-04-29 20:54 . 2006-07-14 04:10 37800 ----a-w d:\windows\system32\drivers\mfesmfk.sys
2009-04-29 20:54 . 2006-07-14 04:09 33896 ----a-w d:\windows\system32\drivers\mfebopk.sys
2009-04-29 20:54 . 2006-07-14 04:09 161768 ----a-w d:\windows\system32\drivers\mfehidk.sys
2009-04-29 20:54 . 2006-07-08 19:46 84744 ----a-w d:\windows\system32\drivers\mfeavfk.sys
2009-04-29 20:53 . 2006-08-01 17:59 104536 ----a-w d:\windows\system32\drivers\Mpfp.sys
2009-04-29 20:53 . 2009-04-29 20:53 -------- d-----w d:\program files\McAfee.com
2009-04-29 20:53 . 2009-04-29 20:55 -------- d-----w d:\program files\Common Files\McAfee
2009-04-29 20:53 . 2009-04-29 21:08 -------- d-----w d:\program files\McAfee
2009-04-29 20:52 . 2009-04-29 20:56 -------- d-----w d:\documents and settings\All Users\Application Data\McAfee
2009-04-29 02:26 . 2009-04-29 02:26 102800 ----a-w d:\windows\system32\drivers\tmcomm.sys
2009-04-28 11:36 . 2009-04-28 11:36 -------- d-----w d:\program files\Trend Micro
2009-04-22 07:26 . 2009-04-22 07:39 -------- d-----w d:\program files\Garena
2009-04-16 07:05 . 2009-04-16 07:05 -------- d-----w d:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-04-16 07:00 . 2009-04-16 07:01 -------- d-----w d:\program files\Defraggler

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-15 07:15 . 2008-07-18 04:50 -------- d-----w d:\program files\Warcraft III
2009-05-10 18:44 . 2008-07-18 05:35 -------- d-----w d:\program files\LimeWire
2009-05-05 21:13 . 2008-07-18 01:46 -------- d-----w d:\program files\World of Warcraft
2009-04-29 01:53 . 2009-04-13 07:46 -------- d-----w d:\program files\Common Files\Symantec Shared
2009-04-26 12:13 . 2008-07-18 01:55 -------- d-----w d:\program files\Common Files\Blizzard Entertainment
2009-04-16 06:56 . 2008-07-18 05:58 -------- d-----w d:\program files\CCleaner
2009-03-28 20:16 . 2008-11-17 01:39 -------- d-----w d:\program files\DotA Gaming Network
2009-03-26 20:11 . 2008-07-18 15:09 -------- d--h--w d:\program files\InstallShield Installation Information
2009-03-22 21:50 . 2009-03-22 21:50 -------- d-----w d:\program files\Warkeys
2009-03-20 03:36 . 2008-07-18 04:56 78123 ----a-w d:\windows\War3Unin.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-23 68856]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\D:\0autocheck autochk *

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^TrayMin600.exe.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\TrayMin600.exe.lnk
backup=d:\windows\pss\TrayMin600.exe.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^Chris Jablonski^Start Menu^Programs^Startup^My_AutoWarkey_Script.lnk]
path=d:\documents and settings\Chris Jablonski\Start Menu\Programs\Startup\My_AutoWarkey_Script.lnk
backup=d:\windows\pss\My_AutoWarkey_Script.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"rpcapd"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"MioNet"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"avg8emc"=2 (0x2)
"avg8wd"=2 (0x2)
"SymAppCore"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"ISPwdSvc"=3 (0x3)
"comHost"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"MSK80Service"=2 (0x2)
"MPS9"=2 (0x2)
"MpfService"=2 (0x2)
"mcusrmgr"=2 (0x2)
"mctskshd.exe"=2 (0x2)
"McSysmon"=2 (0x2)
"McShield"=2 (0x2)
"McRedirector"=2 (0x2)
"McProxy"=2 (0x2)
"mcpromgr"=2 (0x2)
"McODS"=2 (0x2)
"McNASvc"=2 (0x2)
"mcmispupdmgr"=2 (0x2)
"McLogManagerService"=2 (0x2)
"McAfee HackerWatch Service"=2 (0x2)
"Emproxy"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\World of Warcraft\\Launcher.exe"=
"d:\\Program Files\\Download Manager\\DLM.exe"=
"d:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"d:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"d:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"d:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"d:\\Program Files\\AIM6\\aim6.exe"=
"d:\\Program Files\\Warcraft III\\pickup.listchecker.exe"=
"d:\\WINDOWS\\system32\\wupdmgr.exe"=
"d:\\Program Files\\World of Warcraft\\BNUpdate.exe"=
"d:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"d:\\Program Files\\World of Warcraft\\WoW-2.4.0.8089-to-2.4.1.8125-enUS-downloader.exe"=
"d:\\Program Files\\World of Warcraft\\WoW-3.0.2.9056-to-3.0.3.9183-enUS-downloader.exe"=
"d:\\Program Files\\World of Warcraft\\Updates\\WoW-3.0.1-to-3.0.2-Update\\Updater.exe"=
"d:\\Program Files\\World of Warcraft\\WoW-BurningCrusade-enUS-Slim-Installer\\Installer.exe"=
"d:\\Program Files\\Adobe\\Acrobat.com\\Acrobat.com.exe"=
"d:\\Program Files\\Common Files\\Blizzard Entertainment\\World of Warcraft Installer\\Installer.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\World of Warcraft\\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe"=
"d:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"d:\\Program Files\\Garena\\Garena.exe"=
"d:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"d:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader
"1700:TCP"= 1700:TCP:*:Disabled:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:*:Disabled:MioNet Remote Drive Verification
"6111:TCP"= 6111:TCP:wc3
"6110:TCP"= 6110:TCP:wc3
"6114:TCP"= 6114:TCP:wc3

R3 HSFHWATI;HSFHWATI;d:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 6:06 PM 231424]
R3 phc600;USB PC Camera (phc600);d:\windows\system32\drivers\phc600.sys [11/19/2008 1:43 AM 440064]
S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [11/6/2007 4:22 PM 34064]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"d:\program files\Viewpoint\Common\ViewpointService.exe" --> d:\program files\Viewpoint\Common\ViewpointService.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-05-15 d:\windows\Tasks\McDefragTask.job
- d:\windows\system32\defrag.exe [2004-08-04 00:12]

2009-05-01 d:\windows\Tasks\McQcTask.job
- d:\program files\mcafee\mqc\QcConsol.exe [2009-04-29 20:01]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{9516EB1C-AC77-492D-8FD6-A05AFAC9EA6E} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.watch-movies-links.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - d:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-15 15:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-796845957-2111687655-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
d:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-05-15 15:44
ComboFix-quarantined-files.txt 2009-05-15 19:44

Pre-Run: 39,431,184,384 bytes free
Post-Run: 39,389,233,152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
345 --- E O F --- 2008-11-18 21:25

Here is the HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:28 PM, on 5/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.watch-movies-links.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - d:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - d:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - D:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - D:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6342352765
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9072450140
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CS3\Services\Tcpip\..\{05A6128C-C0F4-4DEE-B3AC-485D775D3A7F}: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.19,85.255.112.120
O17 - HKLM\System\CS4\Services\Tcpip\..\{05A6128C-C0F4-4DEE-B3AC-485D775D3A7F}: NameServer = 85.255.112.19,85.255.112.120
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

--
End of file - 5824 bytes

Thanks Chuck, talk to you soon.

by **reaperofelement** » May 16th, 2009, 6:25 am

sorry i didnt catch this before, but I was just able to open malewarebytes anti-maleware now. Should I do the steps you had previously told me to do now that I can run Malewarebytes anti-maleware.

Free Malware Removal Forum

Maleware probelm, My HiJackThis log

Maleware probelm, My HiJackThis log

Re: Maleware probelm, My HiJackThis log

Re: Maleware probelm, My HiJackThis log

Re: Maleware probelm, My HiJackThis log

Re: Maleware probelm, My HiJackThis log

Re: Maleware probelm, My HiJackThis log

Re: Maleware probelm, My HiJackThis log

Re: Maleware probelm, My HiJackThis log

Re: Maleware probelm, My HiJackThis log

Re: Maleware probelm, My HiJackThis log

Re: Maleware probelm, My HiJackThis log

Re: Maleware probelm, My HiJackThis log

Re: Maleware probelm, My HiJackThis log

Re: Maleware probelm, My HiJackThis log

Re: Maleware probelm, My HiJackThis log

Who is online