Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Firefox popups & Unknown downloads

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Firefox popups & Unknown downloads

Unread postby csmvrck » December 13th, 2008, 3:33 am

For the past few months, my computer has been experiencing some difficulties. At first, I thought I could ignore it. Now, it's becoming quite the hassle. There are 3 main problems with my computer:

1. When I'm using Firefox (and sometimes even when I'm not), a random Firefox screen will pop up with an ad. I can tell when my computer suddenly gets slower. These ads can range from porn to spyware removal websites. (As I'm typing this, a pop up came up. hxxp://scan.proantispyware-scanner.com/457/7/)
2. When I press "Windows" + "E", then click on a file, a "Critical Error!" window pops up out of nowhere. It says "Attention, (my name)! Some dangerous viruses detected in your system. Microsoft Windows XP files corrupted. This may lead to the destruction of important files in C:\WINDOWS. Download protection software now! Click OK to download antispyware. (Recommended)." I've always clicked No, but every time I do, an Optimum Online window pops up. Here's the URL: hxxp://domainnotfound.optimum.net/cable ... ruscan.com
3. Once when I turned on my laptop, I found gay porn links/icons on my desktop. I had no idea where these came from. How can things be downloaded without my consent?

Also, I can't even use Internet Explorer anymore. Once I open it, pop ups come out of no where. Is there a way to fix this too?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:19:08 AM, on 12/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Mirar - {694B2A3C-60AD-4A48-B9A3-EDA1083E6723} - C:\WINDOWS\system32\winoe77.dll (file missing)
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [lphcvsrj0e3rr] C:\WINDOWS\system32\lphcvsrj0e3rr.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [OxigenClientAdmin] "C:\Program Files\Oxigen\bin\Oxigen.exe"
O4 - HKLM\..\Run: [OxigenTrayIcon] C:\Program Files\Oxigen\bin\OxiTray.exe
O4 - HKLM\..\Run: [Bar] C:\DOCUME~1\Charlie\LOCALS~1\Temp\mirasnet.tmp
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKLM\..\Run: [75a17511] rundll32.exe "C:\WINDOWS\system32\eoqetaqo.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Charlie\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6863785656
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: xbzevl.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8686 bytes
csmvrck
Active Member
 
Posts: 11
Joined: December 12th, 2008, 7:55 pm
Advertisement
Register to Remove

Re: Firefox popups & Unknown downloads

Unread postby Axephilic » December 14th, 2008, 2:19 am

Hello csmvrck,

Welcome to the Malware Removal Forums! My name is Adam and I will be assisting you with getting the malware off of your computer. Please observe the following points before we start:
  1. If at any point you don't understand something, please let me know and I will be glad to expain or go more into depth for you. :)
  2. I am still in training, so my responses may take more time than usual because all of my posts must be checked by an expert or teacher.
    Also, please remember, I am a volunteer and I have a personal life. I go to school full time, have a part time job, and I do sports. A lot of this takes a lot of time.
  3. Please keep all of your replys in this topic/thread and do not make a new topic/thread, thanks!
  4. Please stick with this, don't stop responding because the symptoms are gone, the infection could still be there. Keep replying to my posts until I give you the All Clean message. ;)
  5. If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me so the topic will not be closed.

Make an Uninstall List

Next, please make an uninstall list using HijackThis.
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply. Please also include a new HijackThis log.

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Firefox popups & Unknown downloads

Unread postby csmvrck » December 14th, 2008, 5:43 am

Hello, Adam. Once again, thank you for all your help.

First off, I think there is a problem with my Uninstall list. Every time I click the "save list" button, the HijackThis window closes automatically. I can't find the list anywhere. Is there another way for me to do this?

Secondly, here is the updated log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:40:53 AM, on 12/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Mirar - {694B2A3C-60AD-4A48-B9A3-EDA1083E6723} - C:\WINDOWS\system32\winoe77.dll (file missing)
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [lphcvsrj0e3rr] C:\WINDOWS\system32\lphcvsrj0e3rr.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [OxigenClientAdmin] "C:\Program Files\Oxigen\bin\Oxigen.exe"
O4 - HKLM\..\Run: [OxigenTrayIcon] C:\Program Files\Oxigen\bin\OxiTray.exe
O4 - HKLM\..\Run: [Bar] C:\DOCUME~1\Charlie\LOCALS~1\Temp\mirasnet.tmp
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Charlie\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6863785656
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: nupskl.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8536 bytes
csmvrck
Active Member
 
Posts: 11
Joined: December 12th, 2008, 7:55 pm

Re: Firefox popups & Unknown downloads

Unread postby Axephilic » December 14th, 2008, 1:18 pm

Ok, no problem. I will be able to live without the uninstall list for now. One of the infections is probably blocking HijackThis from making the uninstall list.

I will post back as soon as I can with a fix. I'm just waiting on it to be approved by a Teacher.

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Firefox popups & Unknown downloads

Unread postby Axephilic » December 15th, 2008, 12:43 pm

Hello,

Do NOT download anything from any of these pop-ups you are getting. They are a fake including the things saying that they will fix your problems, will just create more problems.

How can things be downloaded without my consent?

When you get a virus, some of the more nasty ones can run in the background without you even having the slightest idea that they are there and download more and more viruses until your system is crazy. This is what looks like what happened to you. :(

Also, I can't even use Internet Explorer anymore. Once I open it, pop ups come out of no where. Is there a way to fix this too?

This will be fixed soon enough. Keep trying to use it after your done doing each of my fixes and let me know if it works or not. One of the infections you have, which is quite a few, is making it do this.


We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.


Upload a file to VirusTotal

Please visit Virustotal
  • Click the Browse.. button
  • Navigate to the file D:\Setup.exe
  • Click the Open button
  • Click the Send button
  • Copy and paste the results into a new reply in this thread please.

In your next reply, please include:
  1. ComboFix report
  2. VirusTotal results
  3. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Firefox popups & Unknown downloads

Unread postby csmvrck » December 15th, 2008, 10:00 pm

Hey, Adam. I didn't know what you were talking about when you told me to find the D:\Setup.exe file with VirusTotal. I "ctrl+F"-ed but a lot of setup.exe programs came up. Is there a specific one you want me to find?

That being said, here is the ComboFix log:

ComboFix 08-12-15.01 - Charlie 2008-12-15 19:38:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.77 [GMT -5:00]
Running from: c:\documents and settings\Charlie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Charlie\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Charlie\Application Data\gadcom
c:\documents and settings\Charlie\Application Data\gadcom\gadcom.exe
c:\documents and settings\Charlie\Application Data\ShoppingReport
c:\documents and settings\Charlie\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Charlie\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Charlie\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Charlie\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Charlie\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Charlie\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Charlie\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
c:\documents and settings\Charlie\Favorites\Error Cleaner.url
c:\documents and settings\Charlie\Favorites\Privacy Protector.url
c:\documents and settings\Charlie\Favorites\Spyware&Malware Protection.url
c:\documents and settings\Charlie\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Charlie\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\documents and settings\Dad\Application Data\ShoppingReport
c:\documents and settings\Dad\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Dad\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Dad\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Dad\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Dad\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Dad\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Dad\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\Jilly\Favorites\Error Cleaner.url
c:\documents and settings\Jilly\Favorites\Privacy Protector.url
c:\documents and settings\Jilly\Favorites\Spyware&Malware Protection.url
c:\program files\RichVideoCodec
c:\program files\RichVideoCodec\escan.exe
c:\program files\RichVideoCodec\InstallRegerLib.dll
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
c:\program files\ShoppingReport\Uninst.exe
c:\recycler\ADAPT_Installer.exe
C:\test.txt
c:\windows\system32\aadqsdtd.dll
c:\windows\system32\bhoext.dll
c:\windows\system32\cbXOEUlK.dll
c:\windows\system32\dtdsqdaa.ini
c:\windows\system32\dumphive.exe
c:\windows\system32\edekjemk.dll
c:\windows\system32\gatluj.dll
c:\windows\system32\hanamwqo.dll
c:\windows\system32\hitxpu.dll
c:\windows\system32\KlUEOXbc.ini
c:\windows\system32\KlUEOXbc.ini2
c:\windows\system32\ltsjxidf.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\nlkvepjw.dll
c:\windows\system32\nupskl.dll
c:\windows\system32\oqateqoe.ini
c:\windows\system32\Process.exe
c:\windows\system32\psfsvskf.dll
c:\windows\system32\richvideocodec.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\sssrmoxp.dll
c:\windows\system32\tmp.reg
c:\windows\system32\uyjulo.dll
c:\windows\system32\wjpevkln.ini
c:\windows\system32\wvUmjgdb.dll
c:\windows\system32\xahhltdy.ini
c:\windows\system32\xbzevl.dll
c:\windows\system32\ydtlhhax.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-16 to 2008-12-16 )))))))))))))))))))))))))))))))
.

2008-12-13 02:18 . 2008-12-13 02:18 <DIR> d-------- c:\program files\Trend Micro
2008-11-22 17:49 . 2008-11-22 17:49 <DIR> d-------- c:\program files\Oxigen
2008-11-22 17:45 . 2008-11-22 17:45 <DIR> d-------- c:\program files\OxigenInstall

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 01:31 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-14 22:06 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-07 05:58 --------- d-----w c:\documents and settings\Charlie\Application Data\LimeWire
2008-12-07 05:56 --------- d-----w c:\program files\LimeWire
2008-12-05 06:27 --------- d-----w c:\program files\Tennis Elbow 2009
2008-11-16 22:52 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-14 05:06 --------- d-----w c:\program files\AIM6
2008-11-14 05:06 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-14 05:04 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-14 05:04 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-11-05 02:44 --------- d-----w c:\program files\Norton PC Checkup
2008-11-05 02:29 --------- d-----w c:\program files\Ascentive
2008-11-05 02:25 --------- d-----w c:\documents and settings\Charlie\Application Data\InstallShield
2008-11-05 02:14 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-31 22:25 --------- d-----w c:\program files\Spyware Doctor
2008-10-31 05:12 --------- d-----w c:\program files\CONEXANT
2008-10-25 19:38 --------- d-----w c:\program files\Perfect World Entertainment
2008-10-24 13:40 --------- d-----w c:\documents and settings\Charlie\Application Data\GetRightToGo
2008-10-24 06:12 --------- d-----w c:\program files\Common Files\Sonic Shared
2008-10-24 06:11 --------- d-----w c:\program files\Sonic
2008-10-24 06:00 --------- d-----w c:\program files\My Faster PC
2008-10-24 05:59 --------- d-----w c:\program files\Google
2008-10-24 05:57 --------- d-----w c:\documents and settings\All Users\Application Data\Avg7
2008-10-24 05:54 --------- d--h--w c:\documents and settings\Charlie\Application Data\ijjigame
2008-10-24 05:50 --------- d-----w c:\program files\Shockwave.com
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2005-12-28 07:07 670 ----a-w c:\documents and settings\Charlie\Application Data\wklnhst.dat
2007-04-05 19:38 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"Home Theater SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2005-06-14 106496]
"WINREMOTE"="c:\program files\InterVideo\Common\Bin\WinRemote.exe" [2005-06-14 233472]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-05-30 180269]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-06-23 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-03-02 257088]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"OxigenClientAdmin"="c:\program files\Oxigen\bin\Oxigen.exe" [2007-06-23 887264]
"OxigenTrayIcon"="c:\program files\Oxigen\bin\OxiTray.exe" [2007-06-23 557536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

c:\documents and settings\Administrator.SHEN\Start Menu\Programs\Startup\
AutoTBar.exe [2003-09-30 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=nupskl.dll gatluj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1133663716\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1133663716\\ee\\aim6.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Nexon\\MapleStory\\MapleStory.exe"=
"c:\\Program Files\\Tennis Elbow 2009\\TennisElbow.exe"=
"c:\\Gamigo Games\\Smash Online\\SmashOnline.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c94e5b1-122a-11db-a0f4-0014a51d6749}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{77AB59B4-55A3-4737-9FD5-B93C6430BF78} - c:\windows\system32\ltsjxidf.dll
BHO-{EBDF1F0F-11D7-4FA3-BE50-0C91BDA07AC2} - c:\windows\system32\cbXOEUlK.dll
Toolbar-{694B2A3C-60AD-4A48-B9A3-EDA1083E6723} - c:\windows\system32\winoe77.dll
WebBrowser-{694B2A3C-60AD-4A48-B9A3-EDA1083E6723} - c:\windows\system32\winoe77.dll
HKCU-Run-Performance Center - c:\program files\Ascentive\Performance Center\APCMain.exe
HKCU-Run-prunnet - c:\windows\system32\prunnet.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-zzzHPSETUP - D:\Setup.exe
HKLM-Run-lphcvsrj0e3rr - c:\windows\system32\lphcvsrj0e3rr.exe
HKLM-Run-prunnet - c:\windows\system32\prunnet.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 20:28:59
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????w????|?????? ???B?????????????hLC? ??????
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Spyware Doctor\pctsAuxs.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HPQ\Shared\hpqwmi.exe
c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe
c:\program files\Java\jre1.6.0_02\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-12-15 20:46:33 - machine was rebooted [Charlie]
ComboFix-quarantined-files.txt 2008-12-16 01:46:23
ComboFix2.txt 2007-07-17 23:07:25

Pre-Run: 3,484,913,664 bytes free
Post-Run: 8,265,875,456 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

269 --- E O F --- 2008-10-28 17:52:21

And here is an updated HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:41 PM, on 12/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Oxigen\bin\Oxigen.exe
C:\Program Files\Oxigen\bin\OxiTray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [OxigenClientAdmin] "C:\Program Files\Oxigen\bin\Oxigen.exe"
O4 - HKLM\..\Run: [OxigenTrayIcon] C:\Program Files\Oxigen\bin\OxiTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6863785656
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: nupskl.dll gatluj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9258 bytes
csmvrck
Active Member
 
Posts: 11
Joined: December 12th, 2008, 7:55 pm

Re: Firefox popups & Unknown downloads

Unread postby Axephilic » December 16th, 2008, 12:02 am

Please try and make the uninstall list again. :)
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Firefox popups & Unknown downloads

Unread postby csmvrck » December 16th, 2008, 8:00 pm

Here is the uninstall list.

7-Zip 4.58 beta
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player 11
AIM 6
AOL Instant Messenger (SM)
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
ArcSoft Panorama Maker 3.5
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
BitLord 1.1
CCleaner (remove only)
Chinese (Simplified) Language Support
Chinese (Traditional) Language Support
Compatibility Pack for the 2007 Office system
Conexant AC-Link Audio
Data Fax SoftModem with SmartCP
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Easy Internet Sign-up
EAX(tm) Unified (SHELL)
Final Fantasy VII
Final Fantasy VII XP Patch
FINAL FANTASY VIII
Form Fill (Windows Live Toolbar)
Google Toolbar for Firefox
Google Updater
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Help and Support
HP Image Zone 4.8.5
HP Image Zone Plus 4.8.5
HP Pavillion zv6000 User Guides
HP Photosmart Cameras 3.5
HP PSC & OfficeJet 4.7
HP Software Update
HP Wireless Assistant 1.01 A3
HPIZplus450
InterVideo Home Theater
InterVideo WinDVD
iTunes
Java(TM) 6 Update 2
LimeWire 4.18.8
LiveUpdate BVRP Software
MapleStory
Memories Disc Creator 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mirar
Mozilla Firefox (3.0.4)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
muvee autoProducer 4.0 - SE
Norton PC Checkup
Oxigen Client v5.01.0000
Popup Blocker (Windows Live Toolbar)
Quick Launch Buttons 5.10 B3
QuickTime
RealPlayer
Rhapsody Player Engine
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Smash Online 1.0
Sonic Update Manager
Spyware Doctor 6.0
SymNet
Synaptics Pointing Device Driver
TBS WMP Plug-in
Tennis Elbow 2009 1.0
Texas Instruments PCIxx21/x515 drivers.
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
UserGuides
Ventrilo Client
VideoLAN VLC media player 0.8.4a
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Vimicro USB PC Camera (ZC0301PLH)
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
WinRAR archiver
XviD 1.1 final uninstall
YAMAHA SoftSynthesizer S-YXG70
csmvrck
Active Member
 
Posts: 11
Joined: December 12th, 2008, 7:55 pm

Re: Firefox popups & Unknown downloads

Unread postby Axephilic » December 17th, 2008, 12:24 pm

Hi,

P2P Warning!

With reference to Malware Removal's P2P Programs Policy, please uninstall the following programs before we continue:

  1. Click on Start > Control Panel and double click on Add/Remove Programs.
  2. Locate the following programs and click on the Change/Remove button to uninstall them.

    BitLord 1.1
    LimeWire 4.18.8
  3. Please also do that for these programs, these are not P2P related, but just bad:

    Mirar
  4. Close Add/Remove Programs and Control Panel when done.

Please post a new Hijackthis log when finished.

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Firefox popups & Unknown downloads

Unread postby csmvrck » December 17th, 2008, 8:04 pm

Adam, I removed BitLord as well as Limewire in accordance with policy. I could not, however, remove the program "Mirar". When I pressed "remove", a blank (completely white) window popped up which prohibited me from clicking on anything else. There was a url on the border of the window (http://remove.getmirar.com); I'm not sure if that helps or not. Is there another way for me to delete this program?

And, here is another HijackThis Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:03:43 PM, on 12/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [OxigenClientAdmin] "C:\Program Files\Oxigen\bin\Oxigen.exe"
O4 - HKLM\..\Run: [OxigenTrayIcon] C:\Program Files\Oxigen\bin\OxiTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6863785656
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: nupskl.dll gatluj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8372 bytes
csmvrck
Active Member
 
Posts: 11
Joined: December 12th, 2008, 7:55 pm

Re: Firefox popups & Unknown downloads

Unread postby Axephilic » December 18th, 2008, 4:00 pm

Hello,

Thank you for removing those. :)

No Anti-Virus!
I don't see an anti-virus program present on your system! You should pick ONE of the following and install it. Never install more than 1 anti-virus or firewall.



Fix HijackThis lines

  • Run HijackThis!
  • Click on Do a System Scan only
  • Place a tick next to the following lines:

    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
Close all open windows and click on Fix checked and when you get a popup window click on Yes.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
Folder::
c:\program files\Ascentive
c:\program files\LimeWire
c:\documents and settings\Charlie\Application Data\LimeWire

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitLord\\BitLord.exe"=-
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
"c:\\Program Files\\eMule\\emule.exe"=-


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Kaspersky Online Scanner
Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

In your next reply, please include:
  1. ComboFix log
  2. Kaspersky report
  3. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Firefox popups & Unknown downloads

Unread postby csmvrck » December 19th, 2008, 2:00 am

Adam, sorry for responding so late. The ComboFix log took longer to complete than expected. The Kaspersky took twice as long as ComboFix.

Btw, how do I remove the "Mirar" program?

First off, here is the ComboFix log..

ComboFix 08-12-15.01 - Charlie 2008-12-18 19:48:28.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.117 [GMT -5:00]
Running from: c:\documents and settings\Charlie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Charlie\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Charlie\Application Data\LimeWire
c:\documents and settings\Charlie\Application Data\LimeWire\.AppSpecialShare\[Conclave-Mendoi]_Mobile_Suit_Gundam_00_-_03_[704x400_XviD_MP3][E6CBE224].avi.torrent.bak
c:\documents and settings\Charlie\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\documents and settings\Charlie\Application Data\LimeWire\410splashpro.png
c:\documents and settings\Charlie\Application Data\LimeWire\412splashpro.png
c:\documents and settings\Charlie\Application Data\LimeWire\414splashfree.png
c:\documents and settings\Charlie\Application Data\LimeWire\active.mojito
c:\documents and settings\Charlie\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Charlie\Application Data\LimeWire\data.ser
c:\documents and settings\Charlie\Application Data\LimeWire\downloads.dat
c:\documents and settings\Charlie\Application Data\LimeWire\fileurns.bak
c:\documents and settings\Charlie\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Charlie\Application Data\LimeWire\filters.props
c:\documents and settings\Charlie\Application Data\LimeWire\gnutella.net
c:\documents and settings\Charlie\Application Data\LimeWire\installation.props
c:\documents and settings\Charlie\Application Data\LimeWire\library.dat
c:\documents and settings\Charlie\Application Data\LimeWire\limewire.props
c:\documents and settings\Charlie\Application Data\LimeWire\mojito.props
c:\documents and settings\Charlie\Application Data\LimeWire\passive.mojito
c:\documents and settings\Charlie\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Charlie\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Charlie\Application Data\LimeWire\pub1.key
c:\documents and settings\Charlie\Application Data\LimeWire\public.key
c:\documents and settings\Charlie\Application Data\LimeWire\questions.props
c:\documents and settings\Charlie\Application Data\LimeWire\responses.cache
c:\documents and settings\Charlie\Application Data\LimeWire\secureMessage.key
c:\documents and settings\Charlie\Application Data\LimeWire\simpp.xml
c:\documents and settings\Charlie\Application Data\LimeWire\spam.dat
c:\documents and settings\Charlie\Application Data\LimeWire\tables.props
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme.lwtp
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\01_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\02_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\03_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\04_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\05_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\chat.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\dir_closed.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\dir_open.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\forward_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\forward_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\kill.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\kill_on.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\lime.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\logo.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\notsearching.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\pause_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\pause_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\play_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\play_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\question.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\rewind_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\searching.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\splash.png
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\splashpro.png
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\stop_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\stop_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\theme.txt
c:\documents and settings\Charlie\Application Data\LimeWire\themes\black_theme\warning.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme.lwtp
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\01_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\02_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\03_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\04_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\05_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\chat.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\dir_open.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\forward_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\kill.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\logo.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\notsearching.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\pause_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\play_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\play_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\question.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\search.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\searching.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\splash.png
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\splashpro.png
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\stop_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\theme.txt
c:\documents and settings\Charlie\Application Data\LimeWire\themes\classic_theme\warning.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme.lwtp
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\01_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\02_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\03_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\04_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\05_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\chat.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\kill.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\lime.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\logo.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\play_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\question.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\searching.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\splash.png
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\splashpro.png
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\theme.txt
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewire_theme\warning.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme.lwtp
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\01_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\02_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\03_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\04_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\05_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\chat.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\dir_closed.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\dir_open.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\forward_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\forward_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\kill.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\kill_on.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\lime.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\logo.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\notsearching.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\pause_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\pause_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\play_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\play_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\question.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\rewind_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\rewind_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\searching.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\splash.png
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\splashpro.png
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\stop_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\stop_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\theme.txt
c:\documents and settings\Charlie\Application Data\LimeWire\themes\limewirePro_theme\warning.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\other_theme.lwtp
c:\documents and settings\Charlie\Application Data\LimeWire\themes\other_theme\01_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\other_theme\02_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\other_theme\03_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\other_theme\04_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\other_theme\05_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\other_theme\chat.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\other_theme\forward_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\other_theme\forward_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\other_theme\kill.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\other_theme\kill_on.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\other_theme\logo.png
c:\documents and settings\Charlie\Application Data\LimeWire\themes\other_theme\notsearching.png
c:\documents and settings\Charlie\Application Data\LimeWire\themes\other_theme\pause_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\other_theme\pause_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\other_theme\play_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\other_theme\play_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\other_theme\question.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\other_theme\rewind_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\other_theme\searching.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\other_theme\splash.png
c:\documents and settings\Charlie\Application Data\LimeWire\themes\other_theme\splashpro.png
c:\documents and settings\Charlie\Application Data\LimeWire\themes\other_theme\stop_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\other_theme\stop_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\other_theme\theme.txt
c:\documents and settings\Charlie\Application Data\LimeWire\themes\other_theme\warning.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme\splash.png
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme\splashpro.png
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\Charlie\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\Charlie\Application Data\LimeWire\ttree.cache
c:\documents and settings\Charlie\Application Data\LimeWire\update.xml
c:\documents and settings\Charlie\Application Data\LimeWire\version.key
c:\documents and settings\Charlie\Application Data\LimeWire\version.xml
c:\documents and settings\Charlie\Application Data\LimeWire\versions.props
c:\documents and settings\Charlie\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\Charlie\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\Charlie\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\Charlie\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\Charlie\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\Charlie\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\Charlie\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\Charlie\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\Charlie\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\Charlie\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\Charlie\Application Data\LimeWire\xml\schemas\video.xsd
c:\program files\Ascentive
c:\program files\LimeWire
c:\program files\LimeWire\hs_err_pid1540.log
c:\program files\LimeWire\hs_err_pid2368.log
c:\program files\LimeWire\hs_err_pid2516.log
c:\program files\LimeWire\hs_err_pid3208.log
c:\program files\LimeWire\hs_err_pid3740.log
c:\program files\LimeWire\hs_err_pid568.log
c:\program files\LimeWire\hs_err_pid5852.log
c:\program files\LimeWire\log.txt

.
((((((((((((((((((((((((( Files Created from 2008-11-19 to 2008-12-19 )))))))))))))))))))))))))))))))
.

2008-12-18 16:29 . 2008-12-18 16:29 <DIR> d-------- c:\program files\Alwil Software
2008-12-18 14:30 . 2008-12-18 14:30 <DIR> d-------- c:\program files\Pando Networks
2008-12-18 14:30 . 2008-12-18 14:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\PMB Files
2008-12-13 02:18 . 2008-12-13 02:18 <DIR> d-------- c:\program files\Trend Micro
2008-11-22 17:49 . 2008-11-22 17:49 <DIR> d-------- c:\program files\Oxigen
2008-11-22 17:45 . 2008-11-22 17:45 <DIR> d-------- c:\program files\OxigenInstall

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-19 00:37 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-18 02:46 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-17 23:56 --------- d-----w c:\program files\BitLord
2008-12-16 02:06 --------- d-----w c:\program files\Spyware Doctor
2008-12-05 06:27 --------- d-----w c:\program files\Tennis Elbow 2009
2008-11-16 22:52 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-14 05:06 --------- d-----w c:\program files\AIM6
2008-11-14 05:06 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-14 05:04 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-14 05:04 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-11-05 02:44 --------- d-----w c:\program files\Norton PC Checkup
2008-11-05 02:25 --------- d-----w c:\documents and settings\Charlie\Application Data\InstallShield
2008-11-05 02:14 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-31 05:12 --------- d-----w c:\program files\CONEXANT
2008-10-25 19:38 --------- d-----w c:\program files\Perfect World Entertainment
2008-10-24 13:40 --------- d-----w c:\documents and settings\Charlie\Application Data\GetRightToGo
2008-10-24 06:12 --------- d-----w c:\program files\Common Files\Sonic Shared
2008-10-24 06:11 --------- d-----w c:\program files\Sonic
2008-10-24 06:00 --------- d-----w c:\program files\My Faster PC
2008-10-24 05:59 --------- d-----w c:\program files\Google
2008-10-24 05:57 --------- d-----w c:\documents and settings\All Users\Application Data\Avg7
2008-10-24 05:54 --------- d--h--w c:\documents and settings\Charlie\Application Data\ijjigame
2008-10-24 05:50 --------- d-----w c:\program files\Shockwave.com
2005-12-28 07:07 670 ----a-w c:\documents and settings\Charlie\Application Data\wklnhst.dat
2007-04-05 19:38 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-15_20.40.31.77 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-26 17:21:30 1,236,208 ----a-w c:\windows\system32\aswBoot.exe
+ 2008-11-26 17:15:10 97,480 ----a-w c:\windows\system32\AvastSS.scr
+ 2008-11-26 17:15:35 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
+ 2008-11-26 17:17:25 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
+ 2008-11-26 17:18:25 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys
+ 2008-11-26 17:18:18 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys
+ 2008-11-26 17:16:29 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
+ 2008-11-26 17:17:36 111,184 ----a-w c:\windows\system32\drivers\aswSP.sys
+ 2008-11-26 17:16:38 50,864 ----a-w c:\windows\system32\drivers\aswTdi.sys
+ 2008-12-19 00:33:53 16,384 ----atw c:\windows\temp\Perflib_Perfdata_704.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"Home Theater SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2005-06-14 106496]
"WINREMOTE"="c:\program files\InterVideo\Common\Bin\WinRemote.exe" [2005-06-14 233472]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-05-30 180269]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-06-23 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-03-02 257088]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"OxigenClientAdmin"="c:\program files\Oxigen\bin\Oxigen.exe" [2007-06-23 887264]
"OxigenTrayIcon"="c:\program files\Oxigen\bin\OxiTray.exe" [2007-06-23 557536]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

c:\documents and settings\Administrator.SHEN\Start Menu\Programs\Startup\
AutoTBar.exe [2003-09-30 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
HP Image Zone Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1133663716\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1133663716\\ee\\aim6.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Nexon\\MapleStory\\MapleStory.exe"=
"c:\\Program Files\\Tennis Elbow 2009\\TennisElbow.exe"=
"c:\\Gamigo Games\\Smash Online\\SmashOnline.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56242:TCP"= 56242:TCP:Pando Media Booster
"56242:UDP"= 56242:UDP:Pando Media Booster

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-18 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-18 20560]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-10-26 356920]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-10-24 24652]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-03-22 200192]
R3 vcddev;VCD VNC Virtual Network Adapter;c:\windows\system32\DRIVERS\vcdvnic.sys [2006-03-09 13312]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c94e5b1-122a-11db-a0f4-0014a51d6749}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Charlie\Application Data\Mozilla\Firefox\Profiles\526uknh5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-18 19:56:23
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????z????|?`???? ???B?????????????hLC? ??????
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-18 20:04:10
ComboFix-quarantined-files.txt 2008-12-19 01:02:36
ComboFix2.txt 2008-12-16 01:46:34
ComboFix3.txt 2007-07-17 23:07:25

Pre-Run: 5,841,457,152 bytes free
Post-Run: 5,805,387,776 bytes free

413 --- E O F --- 2008-10-28 17:52:21

Here is the Kaspersky Report..

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, December 19, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, December 18, 2008 23:03:00
Records in database: 1478175
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 83092
Threat name: 12
Infected objects: 13
Suspicious objects: 0
Duration of the scan: 03:49:48


File name / Threat name / Threats count
C:\Documents and Settings\Charlie\My Documents\filelib\xtrememath359\03 Track 3(1).wma Infected: Trojan-Downloader.WMA.Wimad.l 1
C:\Documents and Settings\Charlie\My Documents\filelib\xtrememath359\03 Track 3.wma Infected: Trojan-Downloader.WMA.Wimad.k 1
C:\Documents and Settings\Charlie\My Documents\filelib\xtrememath359\你最近还好吗 she .wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Charlie\My Documents\filelib\xtrememath359\你最近还好吗 she.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Charlie\My Documents\filelib\xtrememath359\你最近还好吗.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Charlie\My Documents\sdsetup.exe Infected: not-a-virus:Monitor.Win32.KeyLogger.dq 1
C:\Program Files\HijackThis\backups\backup-20061222-173701-382.dll Infected: Trojan.Win32.Obfuscated.ev 1
C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\QooBox\Quarantine\C\Documents and Settings\Charlie\Application Data\gadcom\gadcom.exe.vir Infected: Trojan.Win32.Agent.aumr 1
C:\QooBox\Quarantine\C\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll.vir Infected: not-a-virus:AdWare.Win32.Shopper.v 1
C:\QooBox\Quarantine\C\WINDOWS\system32\aadqsdtd.dll.vir Infected: Trojan.Win32.Monder.acgs 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ltsjxidf.dll.vir Infected: Trojan.Win32.Monder.acfb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ydtlhhax.dll.vir Infected: Trojan.Win32.Monder.acfd 1

The selected area was scanned.

And finally, another HijackThis Log..


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:05 AM, on 12/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Nexon\MapleStory\npkcmsvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Charlie\Local Settings\temp\jkos-Charlie\binaries\ScanningProcess.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [OxigenClientAdmin] "C:\Program Files\Oxigen\bin\Oxigen.exe"
O4 - HKLM\..\Run: [OxigenTrayIcon] C:\Program Files\Oxigen\bin\OxiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6863785656
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9688 bytes
csmvrck
Active Member
 
Posts: 11
Joined: December 12th, 2008, 7:55 pm

Re: Firefox popups & Unknown downloads

Unread postby Axephilic » December 19th, 2008, 3:38 pm

Hello,


Update Java
Your JRE is out of date. The current version is Java Runtime Environment (JRE) 6 Update 11.

  1. Click on Start > Control Panel and double click on Add/Remove Programs. Locate Java(TM) 6 Update 2 and click on Change/Remove to uninstall it.
  2. Click here to visit Java's website.
  3. Select Windows from the drop-down list for Platform.
  4. Select Multi-language from the drop-down list for Language.
  5. Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
  6. Click on jre-6u11-windows-i586-p.exe link to download it and save this to a convenient location.
  7. Run this installation to update your Java.


Update Adobe Reader
Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version. Adobe Reader 9.
Please uninstall all old versions of Adobe Reader and then you can download the newest version from http://www.adobe.com/products/acrobat/readstep2.html
If you already have Adobe Photoshop� Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop� Album Starter Edition.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
File::
C:\Documents and Settings\Charlie\My Documents\sdsetup.exe
C:\Documents and Settings\Charlie\My Documents\filelib\xtrememath359\你最近还好吗.mp3
C:\Documents and Settings\Charlie\My Documents\filelib\xtrememath359\你最近还好吗 she.mp3
C:\Documents and Settings\Charlie\My Documents\filelib\xtrememath359\你最近还好吗 she .wma
C:\Documents and Settings\Charlie\My Documents\filelib\xtrememath359\03 Track 3.wma
C:\Documents and Settings\Charlie\My Documents\filelib\xtrememath359\03 Track 3(1).wma
C:\Program Files\HijackThis\backups\backup-20061222-173701-382.dll


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Please also post a new HijackThis log.
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Firefox popups & Unknown downloads

Unread postby csmvrck » December 20th, 2008, 2:13 am

Adam, I shall be out all day tomorrow. Sorry for the inconvenience. I shall have everything done once I come back.
csmvrck
Active Member
 
Posts: 11
Joined: December 12th, 2008, 7:55 pm

Re: Firefox popups & Unknown downloads

Unread postby Axephilic » December 20th, 2008, 3:31 pm

No problem, I will keep this open then.

Thank you for letting me know. :)
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 278 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware