http://www.WindowsBBS.com/ Problems removing malware/viruses? Get help from our Malware removal experts. en Fri, 20 Nov 2009 21:51:52 GMT vBulletin 60 http://www.windowsbbs.com/images_pb/misc/rss.jpg http://www.WindowsBBS.com/ http://www.WindowsBBS.com/malware-virus-removal/88801-search-engine-redirect-jump.html Fri, 20 Nov 2009 18:04:51 GMT My browser will do a redirect jump anytime i try to go to any search results from a search engine. my security software sweep found something before this calling it malware and supposedly deleted it..but now this. not to savvy about this sort of thing and need help. thank you for your time. My browser will do a redirect jump anytime i try to go to any search results from a search engine. my security software sweep found something before this calling it malware and supposedly deleted it..but now this. not to savvy about this sort of thing and need help. thank you for your time. ]]> Malware and Virus Removal MFapocalypse http://www.WindowsBBS.com/malware-virus-removal/88801-search-engine-redirect-jump.html http://www.WindowsBBS.com/malware-virus-removal/88782-scanning-clean-but-antivirus-warns-viruses.html Thu, 19 Nov 2009 20:29:12 GMT Dear all, Avast updated and Avira updated installed on my PC; Ran scanner and no viruses found; Ran Bitdefender online scan; no viruses found; But suddenly my Avast and Avira (simultanely) warns about viruses which I delete but keep coming back again with the same warning, same viruses. ... Dear all,

Avast updated and Avira updated installed on my PC;
Ran scanner and no viruses found;
Ran Bitdefender online scan; no viruses found;

But suddenly my Avast and Avira (simultanely) warns about viruses which I delete but keep coming back again with the same warning, same viruses.

Pls advise.

Thank you ]]> Malware and Virus Removal joedotm http://www.WindowsBBS.com/malware-virus-removal/88782-scanning-clean-but-antivirus-warns-viruses.html http://www.WindowsBBS.com/malware-virus-removal/88770-active-internet-explorer-redirects-me-different-website.html Thu, 19 Nov 2009 08:18:44 GMT Hello, I am Brugutu. Every time I click on a website. Internet Explorer redirects me to a different website. I dont know what to do, so I was hoping someone will help me. I need Helppppp. I downloaded HijackThis and the logfile is below: Logfile of HijackThis v1.99.1 Scan saved at 07:46:39,... Hello, I am Brugutu. Every time I click on a website. Internet Explorer redirects me to a different website. I dont know what to do, so I was hoping someone will help me. I need Helppppp.

I downloaded HijackThis and the logfile is below:

Logfile of HijackThis v1.99.1
Scan saved at 07:46:39, on 19/11/2009
Platform: Unknown Windows (WinNT 6.00.1906 SP2)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\explorer.exe
C:\Program Files\Safari\Safari.exe
C:\Windows\system32\taskeng.exe
C:\Users\Lovaflex\Desktop\KillBox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.forex-finance-trading.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.forex-finance-trading.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.e xe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.ex e
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) ]]> Malware and Virus Removal Brugutu http://www.WindowsBBS.com/malware-virus-removal/88770-active-internet-explorer-redirects-me-different-website.html http://www.WindowsBBS.com/malware-virus-removal/88769-active-explorer-8-shuts-itself-down-possible-security-problem.html Thu, 19 Nov 2009 05:03:10 GMT I was posting in Windows BBS in regards to a problem with my outlook program. In that discussion I mentioned that my Explorer 8 would shut its self down from time to time because of some security error, but I am not able to remember exactly what it said and it hasn't done in the past couple of day. However, Arie suggested I run a diagnostic and then post the error message in this forum so this is it! I sure hope someone can help. Next time Explorer 8 does this, I will be sure to write down what it says. I am using Windows 7 Home Premium. Just upgraded from Vista last week. However, Explorer was shutting itself down before I upgraded operating systems. I downloaded Explorer 8 a few months before I upgraded to Windows 7. Also, before I ran the following DDS file, it said to turn off scripting files, but I don't understand what that means. Hope this is what is needed. I also can't see how to attach a file, so I have just cut and pasted it here. Again Thank you for any help!
Susan

DDS (Ver_09-10-26.01) - NTFSx86
Run by SueZee at 22:46:40.62 on Wed 11/18/2009
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3007.1738 [GMT -6:00]

AV: F-PROT Antivirus for Windows *On-access scanning disabled* (Outdated) {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PSIService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\Program Files\GetSmile\getsmile.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
c:\program files\windows defender\MpCmdRun.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\SueZee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HT30EDEE\dds[1].scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.ca/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\videod~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [GetSmile] c:\program files\getsmile\getsmile.exe
mRun: [F-PROT Antivirus Tray application] c:\program files\frisk software\f-prot antivirus for windows\FProtTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.geni.com/ImageUploader_5_5.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [2009-8-31 682840]
R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\frisk software\f-prot antivirus for windows\FPAVServer.exe [2009-8-27 75424]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 nvrd32;nvrd32;c:\windows\system32\drivers\nvrd32.sys [2007-10-26 131616]

=============== Created Last 30 ================

2009-11-16 23:45:53 0 d-----w- c:\program files\HowTo-Outlook
2009-11-14 22:07:13 0 d-----w- c:\users\suezee\Tracing
2009-11-14 21:50:17 0 d-----w- c:\program files\Microsoft
2009-11-14 21:49:55 0 d-----w- c:\program files\Windows Live SkyDrive
2009-11-14 21:43:56 0 d-----w- c:\program files\common files\Windows Live
2009-11-14 06:02:49 0 d-----w- C:\Panasonic Camera Software
2009-11-12 23:49:13 0 d-----w- c:\users\suezee\appdata\roaming\Avery
2009-11-11 02:07:39 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-11-10 09:05:07 34816 ----a-w- c:\windows\system32\msasn1.dll
2009-11-10 09:05:03 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-11-10 09:05:03 71168 ----a-w- c:\windows\system32\fontsub.dll
2009-11-10 09:05:03 507568 ----a-w- c:\windows\system32\winload.exe
2009-11-10 09:05:03 442920 ----a-w- c:\windows\system32\winresume.exe
2009-11-10 09:05:03 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-11-10 09:05:03 2613248 ----a-w- c:\windows\explorer.exe
2009-11-10 09:05:03 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2009-11-10 09:05:03 108544 ----a-w- c:\windows\system32\t2embed.dll
2009-11-10 09:05:02 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2009-11-10 04:27:18 0 d-----w- c:\windows\Panther
2009-11-10 04:14:06 0 d--h--w- C:\$WINDOWS.~Q
2009-11-10 04:08:31 0 d--h--w- C:\$INPLACE.~TR
2009-11-10 03:54:37 20 --sh--w- c:\users\suezee\ntuser.ini
2009-11-10 03:54:32 0 d-sh--w- C:\Recovery
2009-11-10 03:25:43 717892 ----a-w- c:\windows\system32\PerfStringBackup.INI
2009-11-10 03:22:50 0 d-----w- c:\windows\system32\wbem\Performance
2009-11-10 03:02:10 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-10 02:33:41 0 d-----w- c:\programdata\HP
2009-11-10 02:32:03 9504 ---ha-w- c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2009-11-10 02:32:03 9504 ---ha-w- c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2009-11-10 02:31:17 0 d-----w- c:\windows\system32\RTCOM
2009-11-10 02:30:42 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-10 01:03:20 1890 ----a-w- c:\windows\diagwrn.xml
2009-11-10 01:03:20 1890 ----a-w- c:\windows\diagerr.xml
2009-11-09 15:18:52 0 d-----w- c:\users\suezee\Email Contacts vcard Nov 2009

==================== Find3M ====================

2009-11-03 02:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 22:47:11.33 =============== ]]> Malware and Virus Removal SueZee http://www.WindowsBBS.com/malware-virus-removal/88769-active-explorer-8-shuts-itself-down-possible-security-problem.html http://www.WindowsBBS.com/malware-virus-removal/88750-active-possible-malware-virus.html Wed, 18 Nov 2009 18:35:37 GMT Something takes control of my mouse sometimes. :eek: Any assistance would be greatly appreciated. :D Log details are below: :) Thank You, Sheila Something takes control of my mouse sometimes. :eek:

Any assistance would be greatly appreciated. :D

Log details are below: :)

Thank You,
Sheila



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/17/2009 at 06:09 PM

Application Version : 4.30.1004

Core Rules Database Version : 4284
Trace Rules Database Version: 2159

Scan type : Complete Scan
Total Scan Time : 02:50:40

Memory items scanned : 219
Memory threats detected : 0
Registry items scanned : 6331
Registry threats detected : 0
File items scanned : 70129
File threats detected : 1

Adware.CouponBar
C:\WINDOWS\SYSTEM32\CPNPRT2.CID



Malwarebytes' Anti-Malware 1.41
Database version: 3192
Windows 5.1.2600 Service Pack 3

11/17/2009 9:50:08 PM
mbam-log-2009-11-17 (21-50-08).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 205057
Time elapsed: 2 hour(s), 39 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



GMER 1.0.15.15227 - http://www.gmer.net
Rootkit scan 2009-11-18 05:01:04
Windows 5.1.2600 Service Pack 3
Running: op1lslmb.exe; Driver: C:\DOCUME~1\Sheila\LOCALS~1\Temp\pxtdipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0xB8F2F1CC]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0xB8F2F206]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0xB8F2F51A]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0xB8F2F3F6]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0xB8F2F292]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0xB8F2F18E]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0xB8F2F64E]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0xB8F2F316]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0xB8F2F34E]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[3080] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 019B5BA0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\WINDOWS\Explorer.EXE[3080] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 019B5250 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip msfwhlpr.sys (OneCare Firewall Helper Driver/Microsoft Corporation)

Device \Driver\ubohci \Device\UBOHCI0 UB1394.SYS (FireAPI® 1394 Class Driver (XP)/Unibrain S.A.)

AttachedDevice \Driver\Tcpip \Device\Tcp msfwhlpr.sys (OneCare Firewall Helper Driver/Microsoft Corporation)

Device \Driver\ubohci \Device\C1394 UB1394.SYS (FireAPI® 1394 Class Driver (XP)/Unibrain S.A.)

AttachedDevice \Driver\Tcpip \Device\Udp msfwhlpr.sys (OneCare Firewall Helper Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp msfwhlpr.sys (OneCare Firewall Helper Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:07:19 AM, on 11/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AGI\core\3.1\AGCoreService.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\system32\dldfcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell AIO Printer 948\dldfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Documents and Settings\Sheila\My Documents\Program Files\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: agcore.AGUtils - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - mscoree.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: agcore.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dldfmon.exe] "C:\Program Files\Dell AIO Printer 948\dldfmon.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-682003330-507921405-854245398-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - S-1-5-21-682003330-507921405-854245398-1004 Startup: Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe (User '?')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/dow...in/actxcab.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\3.1\AGCoreService.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe
O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10319 bytes ]]> Malware and Virus Removal frostie23 http://www.WindowsBBS.com/malware-virus-removal/88750-active-possible-malware-virus.html http://www.WindowsBBS.com/malware-virus-removal/88740-simple-question-system32-exe-need-remove.html Wed, 18 Nov 2009 08:41:08 GMT I know it is a virus and i know how to remove it, but i just don't know will it affect my computer after remove it. Should i remove it?

thanks in advance. ]]> Malware and Virus Removal Hei http://www.WindowsBBS.com/malware-virus-removal/88740-simple-question-system32-exe-need-remove.html http://www.WindowsBBS.com/malware-virus-removal/88734-active-ie8-re-directing-chosen-web-site.html Wed, 18 Nov 2009 03:31:07 GMT :mad: When I use Bing, google, ect to search a query, and then choose a website, I get re-directed to multiple different sites. they're all different, but One comes more than others. They all have a cursive looking 2 in front of the "http" in the address bar first, then it switches to another "type" of search site. I have ran Malwarebytes multiple times. I have also ran IObit Security 360 and Windows Saftey Scanner to no avail. I have Microsoft Security Essentials installed and active. I have also tried uninstalling IE8 and reinstalling. This is on a Dell with XP SP3. ]]> Malware and Virus Removal steveo65 http://www.WindowsBBS.com/malware-virus-removal/88734-active-ie8-re-directing-chosen-web-site.html http://www.WindowsBBS.com/malware-virus-removal/88685-active-msa-exe-b-exe-riuom-exe-infected-computer.html Sun, 15 Nov 2009 19:54:59 GMT First off, I would like to thank the staff for dedicating their time and effort to helping folks with their computer issues.

I have recently gotten my computer infected with msa.exe, b.exe and riuom.exe while attempting to copy an application to a friend's USB thumb drive. I immediately ran a full scan with my Anti-Virus, which did not identify any positive results. After a quick Google search, I realized that this was not a friendly infection and could use some assistance getting it cleaned up.

Per the instructions in the "Do this before posting" thread, here are my DDS logs:

DDS.txt
-------------------------------------------------------------
DDS (Ver_09-10-26.01) - NTFSx86
Run by Stephen at 0:09:16.18 on Mon 11/16/2009
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1965 [GMT 4.5:30]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\msa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Users\Stephen\AppData\Local\Temp\b.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\EVEMon\EVEMon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Stephen\riuom.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Users\Stephen\AppData\Local\Apps\2.0\20P6E2VL.C6G\W0EZGD44.RXW\curs..tio n_eee711038731a406_0004.0000_10385b9745e33e88\CurseClient.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
D:\FDM\fdm.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Stephen\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.msi.com.tw
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.msi.com.tw
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - d:\fdm\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [EVEMon] "d:\evemon\EVEMon.exe" -startMinimized
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [riuom] c:\users\stephen\riuom.exe
uRun: [SSHNAS] rundll32.exe c:\windows\system32\sshnas.dll,DllWork
uRun: [MailBlocker] c:\users\stephen\appdata\local\temp\b.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [PCTAVApp] "c:\program files\pc tools antivirus\PCTAV.exe" /MONITORSCAN
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\stephen\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all with Free Download Manager - file://d:\fdm\dlall.htm
IE: Download selected with Free Download Manager - file://d:\fdm\dlselected.htm
IE: Download video with Free Download Manager - file://d:\fdm\dlfvideo.htm
IE: Download with Free Download Manager - file://d:\fdm\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-7-29 130936]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-4-28 54784]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-5-30 93968]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-9-24 45600]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [2009-5-9 31616]

=============== Created Last 30 ================

2009-11-15 18:18:39 247296 ----a-w- c:\windows\msa.exe
2009-11-15 18:15:54 180736 ----a-w- c:\windows\system32\sshnas.dll
2009-11-15 18:13:31 49152 --sh--r- c:\users\stephen\riuom.exe
2009-11-11 16:08:48 324689495 ----a-w- c:\windows\MEMORY.DMP
2009-11-11 08:11:42 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 08:11:09 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-08 14:10:59 706 ----a-w- c:\windows\client.config.ini
2009-10-30 04:09:28 1239 ----a-w- c:\windows\jmc.ini
2009-10-28 16:19:42 0 d-----w- C:\Downloads
2009-10-28 16:18:02 0 d-----w- c:\users\stephen\appdata\roaming\Free Download Manager
2009-10-28 16:18:00 0 d-----w- c:\programdata\FreeDownloadManager.ORG
2009-10-27 21:54:17 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 21:54:16 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 15:59:30 63 ----a-w- c:\users\stephen\jagex_runescape_preferences2.dat
2009-10-27 15:45:59 38 ----a-w- c:\users\stephen\jagex_runescape_preferences.dat
2009-10-27 15:43:53 0 d-----w- C:\.jagex_cache_32
2009-10-27 15:28:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-26 06:22:36 0 d-----w- c:\windows\Alganon
2009-10-20 04:44:13 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-20 04:44:06 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-20 04:43:59 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-20 04:43:59 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-17 05:48:32 0 d-----w- c:\program files\VideoLAN

==================== Find3M ====================

2009-11-15 19:34:54 49965 ----a-w- c:\programdata\nvModes.dat
2009-11-02 16:12:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-09-15 17:24:45 86016 ----a-w- c:\windows\inf\infstor.dat
2009-09-15 17:24:45 51200 ----a-w- c:\windows\inf\infpub.dat
2009-09-15 17:24:45 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-09-15 17:18:45 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-09-15 17:14:44 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 13:29:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 12:40:58 834048 ----a-w- c:\windows\system32\wininet.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 0:10:31.08 ===============

Attach.txt
--------------------------------------------------

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 5/10/2009 9:47:35 AM
System Uptime: 11/16/2009 12:03:28 AM (0 hours ago)

Motherboard: MSI | | MS-1651
Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz | CPU 1 | 2401/267mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 44 GiB total, 9.361 GiB free.
D: is FIXED (NTFS) - 246 GiB total, 136.781 GiB free.
F: is CDROM (UDF)

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0003
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0003
Service: tunnel

==== System Restore Points ===================

RP208: 11/11/2009 5:18:36 PM - Windows Update
RP209: 11/13/2009 1:31:45 AM - Windows Update
RP210: 11/15/2009 7:18:26 PM - Scheduled Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.6
Agere Systems HDA Modem
Alganon
Bluetooth Stack for Windows by Toshiba
BurnRecovery
CrazyTalk Cam Suite
Curse Client
Dolby Control Center
EVEMon
EverQuest Trilogy
Free Download Manager 3.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Intel® Matrix Storage Manager
Java(TM) 6 Update 17
JMicron JMB38X Flash Media Controller
Microsoft .NET Framework 3.5 SP1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2008 Management Objects
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Works
Motorola SM56 Data Fax Modem
MSI Software Install
MSXML 4.0 SP2 (KB954430)
My POS
NVIDIA Drivers
PC Tools AntiVirus 6.0
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Runes of Magic
Spelling Dictionaries Support For Adobe Reader 8
SQL Server System CLR Types
Station Launcher
TeamSpeak 2 RC2
Ulead Burn.Now 4.5
Ulead Burn.Now 4.5 SE
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
Ventrilo Client
VLC media player 0.9.2
Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
WinRAR archiver
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

11/15/2009 10:40:24 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.24 for the Network Card with network address 00215DEC10B2 has been denied by the DHCP server 172.16.0.6 (The DHCP Server sent a DHCPNACK message).
11/14/2009 9:19:46 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.22 for the Network Card with network address 00215DEC10B2 has been denied by the DHCP server 172.16.0.6 (The DHCP Server sent a DHCPNACK message).
11/14/2009 9:19:43 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 172.16.0.22 with the system having network hardware address 00-21-5C-8B-B6-4F. Network operations on this system may be disrupted as a result.
11/14/2009 8:01:06 AM, Error: netbt [4321] - The name "SMC1 :0" could not be registered on the interface with IP address 172.16.0.150. The computer with the IP address 172.16.1.71 did not allow the name to be claimed by this computer.
11/12/2009 5:26:57 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
11/11/2009 8:49:11 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.21 for the Network Card with network address 00215DEC10B2 has been denied by the DHCP server 172.16.0.3 (The DHCP Server sent a DHCPNACK message).
11/11/2009 8:39:42 PM, Error: EventLog [6008] - The previous system shutdown at 8:37:06 PM on 11/11/2009 was unexpected.
11/11/2009 3:25:57 PM, Error: EventLog [6008] - The previous system shutdown at 3:24:29 PM on 11/11/2009 was unexpected.
11/11/2009 3:11:29 PM, Error: Service Control Manager [7034] - The PC Tools AntiVirus Engine service terminated unexpectedly. It has done this 1 time(s).
11/11/2009 10:25:04 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.23 for the Network Card with network address 00215DEC10B2 has been denied by the DHCP server 10.156.132.1 (The DHCP Server sent a DHCPNACK message).
11/11/2009 10:17:59 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.21 for the Network Card with network address 00215DEC10B2 has been denied by the DHCP server 172.16.0.6 (The DHCP Server sent a DHCPNACK message).
11/11/2009 10:16:09 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.115 for the Network Card with network address 00215DEC10B2 has been denied by the DHCP server 172.16.0.6 (The DHCP Server sent a DHCPNACK message).
11/10/2009 11:37:12 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.102 for the Network Card with network address 00215DEC10B2 has been denied by the DHCP server 172.16.0.3 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

Again, thank you for your assistance. ]]> Malware and Virus Removal Warhead42 http://www.WindowsBBS.com/malware-virus-removal/88685-active-msa-exe-b-exe-riuom-exe-infected-computer.html http://www.WindowsBBS.com/malware-virus-removal/88667-active-iexplore-exe-pop-ups-explorer-problem.html Sat, 14 Nov 2009 21:26:20 GMT hey, i was looking around trying to find a solution, but i'm guessing every case is unique? i wasn't able to find an answer to my issue specifically, and i've done some google searches to see if i could fix the problem myself somehow, and google led me here.

i've seem to have gotten an iexplore.exe problem virus, that's causing internet explorer to give me random pop-ups on my computer. i ran a check with avg, which turned up 'clean', and i ran spybot too, and even after fixing any problems with spybot, the pop-ups still appear! in my processes tab, i get 2 iexplore.exe files that shows. i'm running vista on my computer.

as per someone else's forum post, i too decided to run hijackthis to see what it would give me. here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:02:35, on 14/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PlayPop] "C:\ProgramData\chic sixth sixth.7v4t44"
O4 - HKCU\..\Run: [Amok Mode Dupe Platform] "C:\ProgramData\Glue phone ball.lueyns"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10777 bytes

what exactly am i looking for, and how do i remove this frustrating little imp on my computer?




////

LOGS AFTER RUNNING DDS


DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 14:34:55.61 on 14/11/2009
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3070.1121 [GMT -7:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\Pen_Tablet.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\WINDOWS\System32\notepad.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [PlayPop] "c:\programdata\chic sixth sixth.7v4t44"
uRun: [Amok Mode Dupe Platform] "c:\programdata\Glue phone ball.lueyns"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\d ropbox.lnk - c:\users\owner\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\l ogite~1.lnk - c:\program files\logitech\quickcam\eReg.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: avgrsstx.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\tzdl0uau.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ca&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils 2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils 3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils 35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-3 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-3 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-13 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-13 285392]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-13 1153368]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-4-5 1373480]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-3 24652]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]

=============== Created Last 30 ================

2009-11-14 20:56:53 0 d-----w- c:\program files\Trend Micro
2009-11-14 20:47:30 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-11-14 20:47:06 0 d-----w- c:\program files\Panda Security
2009-11-14 20:41:57 0 d-----w- c:\program files\GiPo@Utilities
2009-11-14 20:41:57 0 d-----w- c:\program files\common files\Gibinsoft Shared
2009-11-14 20:31:19 0 d-----w- c:\users\owner\.housecall6.6
2009-11-14 04:56:46 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-14 04:56:46 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-14 03:46:25 0 d--h--w- C:\$AVG
2009-11-14 03:45:59 0 d-----w- c:\programdata\AVG Security Toolbar
2009-11-14 03:45:08 0 d-----w- c:\programdata\avg9
2009-11-14 03:11:02 0 d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2009-11-14 03:10:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-14 03:10:51 0 d-----w- c:\programdata\Malwarebytes
2009-11-14 03:10:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-14 03:10:50 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-14 02:26:09 0 d---a-w- c:\programdata\TEMP
2009-11-14 01:23:19 0 d-----w- c:\programdata\Hold Trust Amok Mode
2009-11-14 01:23:02 0 d-----w- c:\programdata\Skipdeadcast
2009-11-14 01:22:35 0 d-----w- c:\program files\Circle Developemen
2009-11-13 11:00:17 0 d-----w- c:\program files\CDisplay
2009-11-12 04:00:21 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-12 03:54:05 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-10-30 00:20:59 0 d-----w- c:\program files\iPod
2009-10-27 19:07:28 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 19:07:25 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-21 06:57:03 0 d-----w- c:\windows\system32\eu-ES
2009-10-21 06:57:03 0 d-----w- c:\windows\system32\ca-ES
2009-10-21 06:57:01 0 d-----w- c:\windows\system32\vi-VN
2009-10-21 06:41:44 0 d-----w- c:\windows\system32\EventProviders
2009-10-21 04:11:48 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-21 04:11:26 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-21 04:11:18 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-21 04:11:18 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-21 03:34:58 1216000 ----a-w- c:\windows\system32\AuxiliaryDisplayCpl.dll
2009-10-21 03:33:59 87040 ----a-w- c:\windows\system32\mssitlb.dll
2009-10-21 03:32:59 1671680 ----a-w- c:\windows\system32\wlanpref.dll
2009-10-21 03:31:51 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-10-21 03:31:51 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-10-21 03:31:51 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-10-21 03:31:51 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-10-21 03:31:50 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-10-21 03:31:50 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-10-21 03:31:50 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-10-21 03:31:46 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-10-21 03:31:39 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-10-21 03:31:39 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-10-21 03:31:22 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-10-18 21:26:59 58792 ------w- c:\windows\system32\wbload.dll
2009-10-18 21:26:58 42672 ------w- c:\windows\system32\wbsys.dll
2009-10-18 21:26:57 0 d-----w- c:\program files\Stardock
2009-10-17 10:23:30 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-17 10:23:30 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-17 10:22:24 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-17 10:22:24 0 d-----w- c:\program files\iTunes

==================== Find3M ====================

2009-11-14 19:12:27 27839 ----a-w- c:\programdata\nvModes.dat
2009-11-14 03:46:07 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-14 03:46:07 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-14 03:46:00 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-03 03:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-21 07:03:30 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-21 07:03:30 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-21 07:03:30 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-21 06:56:55 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-21 06:50:53 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-09-22 07:34:01 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 23:32:30 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 01:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 13:29:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 12:40:58 834048 ----a-w- c:\windows\system32\wininet.dll
2009-08-18 05:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 14:35:09.56 =============== ]]> Malware and Virus Removal mostlyyetlikely http://www.WindowsBBS.com/malware-virus-removal/88667-active-iexplore-exe-pop-ups-explorer-problem.html http://www.WindowsBBS.com/malware-virus-removal/88658-active-iexplore-exe.html Sat, 14 Nov 2009 17:53:39 GMT I've been looking around for hours now, and can't seem to find any one solution, but my machine has fallen victim to having iexplore open all the time using alot of memory and when a legit internet explorer is opened, two process come up. Here are my logs:


DDS (Ver_09-10-26.01) - NTFSx86
Run by Chris at 12:46:48.23 on Sat 11/14/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.492 [GMT -5:00]

AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WebWatcherV5\atisvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Documents and Settings\All Users\Application Data\Seekdns\seekdns121.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\WebWatcherV5\atisvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\NETGEAR\WPNT121\WPNT121.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Seekdns\seekdns.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WebWatcherV5\atisvc.exe
svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chris\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mWinlogon: Shell=Explorer.exe rundll32.exe nhni.goo mgxaig
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: GigagetIEHelper Class: {111caa23-6f4f-42ac-8555-b48c1d87bbab} - c:\windows\system32\gigagetbho_v10.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Camera Detector] c:\progra~1\acdsys~1\devdet~1\DEVDET~1.EXE -autorun
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: c:\docume~1\chris\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\chris\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpnt121\WPNT121.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: &Download All by Gigaget - c:\program files\giganology\gigaget\getallurl.htm
IE: &Download by Gigaget - c:\program files\giganology\gigaget\geturl.htm
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170886903470
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170887013642
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: dkjlmo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chris\applic~1\mozilla\firefox\profiles\m8mi9s2r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - component: c:\program files\mozilla firefox\components\1357468.dll
FF - component: c:\program files\mozilla firefox\components\GigagetComponent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HotbarSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 atisvc;atisvc;c:\program files\webwatcherv5\atisvc.exe [2009-11-13 454263]
R2 Seekdns Service;Seekdns Service;c:\documents and settings\all users\application data\seekdns\seekdns121.exe [2009-11-5 58720]
R2 srenum;srenum;c:\windows\system32\drivers\srenum.sys [2009-11-7 36480]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-15 24652]
R3 Airgo3U;NETGEAR RangeMax(TM) 240 Wireless USB 2.0 Adapter WPNT121;c:\windows\system32\drivers\TMIMO31U.sys [2006-3-6 722432]
R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2009-11-7 20480]

=============== Created Last 30 ================

2009-11-14 17:41:56 0 d-----w- C:\SDFix
2009-11-14 17:36:11 0 d-----w- C:\HJT
2009-11-14 17:20:29 244 ---ha-w- C:\sqmnoopt16.sqm
2009-11-14 17:20:29 232 ---ha-w- C:\sqmdata16.sqm
2009-11-14 17:07:03 0 d-----w- c:\program files\Trend Micro
2009-11-14 12:14:42 0 d-----w- c:\docume~1\chris\applic~1\AVG8
2009-11-14 11:48:30 232 ---ha-w- C:\sqmdata15.sqm
2009-11-14 11:48:29 244 ---ha-w- C:\sqmnoopt15.sqm
2009-11-13 15:14:25 244 ---ha-w- C:\sqmnoopt14.sqm
2009-11-13 15:14:25 232 ---ha-w- C:\sqmdata14.sqm
2009-11-13 15:06:57 13696 ----a-w- c:\windows\system32\drivers\wpsnuio.sys
2009-11-13 15:06:57 0 d-----w- c:\program files\Skyhook Wireless
2009-11-13 15:06:52 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-11-13 15:06:52 402 ----a-w- c:\windows\system32\msxml4.inf
2009-11-13 15:06:37 0 d-----w- c:\program files\WebWatcherV5
2009-11-13 11:27:10 244 ---ha-w- C:\sqmnoopt13.sqm
2009-11-13 11:27:10 232 ---ha-w- C:\sqmdata13.sqm
2009-11-12 21:33:18 244 ---ha-w- C:\sqmnoopt12.sqm
2009-11-12 21:33:18 232 ---ha-w- C:\sqmdata12.sqm
2009-11-12 17:12:52 244 ---ha-w- C:\sqmnoopt11.sqm
2009-11-12 17:12:52 232 ---ha-w- C:\sqmdata11.sqm
2009-11-12 03:51:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Sony Corporation
2009-11-11 09:26:55 0 d-----w- c:\program files\MixMeister BPM Analyzer
2009-11-10 01:25:50 56228 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-07 12:57:48 232 ---ha-w- C:\sqmdata10.sqm
2009-11-07 12:57:47 244 ---ha-w- C:\sqmnoopt10.sqm
2009-11-07 12:55:39 36480 ----a-w- c:\windows\system32\drivers\srenum.sys
2009-11-07 12:54:40 20480 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2009-11-07 12:54:28 27648 ----a-w- c:\windows\system32\nhni.goo
2009-11-06 02:14:42 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-06 01:17:41 232 ---ha-w- C:\sqmdata09.sqm
2009-11-06 01:17:40 244 ---ha-w- C:\sqmnoopt09.sqm
2009-11-03 15:43:10 0 d-----w- c:\program files\iPod
2009-10-30 20:19:33 0 d-----w- c:\program files\ASIO4ALL v2
2009-10-30 20:19:15 225280 ----a-w- c:\windows\system32\rewire.dll
2009-10-30 20:18:40 1554944 ----a-w- c:\windows\system32\vorbis.acm
2009-10-30 20:18:16 0 d-----w- c:\program files\VstPlugins
2009-10-30 20:18:10 0 d-----w- c:\program files\Outsim
2009-10-30 20:14:05 0 d-----w- c:\program files\Image-Line
2009-10-28 21:37:07 232 ---ha-w- C:\sqmdata08.sqm
2009-10-28 21:37:06 244 ---ha-w- C:\sqmnoopt08.sqm
2009-10-28 04:11:01 244 ---ha-w- C:\sqmnoopt07.sqm
2009-10-28 04:11:01 232 ---ha-w- C:\sqmdata07.sqm
2009-10-26 03:20:48 0 d-----w- c:\program files\common files\DivX Shared
2009-10-22 20:35:30 244 ---ha-w- C:\sqmnoopt06.sqm
2009-10-22 20:35:30 232 ---ha-w- C:\sqmdata06.sqm
2009-10-22 14:05:03 0 d-----w- c:\docume~1\chris\applic~1\Hotbar
2009-10-20 18:41:39 244 ---ha-w- C:\sqmnoopt05.sqm
2009-10-20 18:41:39 232 ---ha-w- C:\sqmdata05.sqm
2009-10-19 21:49:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Seekdns
2009-10-19 21:49:30 0 d-----w- c:\program files\Seekdns
2009-10-19 21:49:10 0 d-----w- c:\docume~1\alluse~1\applic~1\HotbarSA
2009-10-17 18:50:47 244 ---ha-w- C:\sqmnoopt04.sqm
2009-10-17 18:50:47 232 ---ha-w- C:\sqmdata04.sqm
2009-10-17 00:47:07 244 ---ha-w- C:\sqmnoopt03.sqm
2009-10-17 00:47:07 232 ---ha-w- C:\sqmdata03.sqm

==================== Find3M ====================

2009-08-28 23:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-25 22:30:55 196608 ----a-w- C:\{EE7253A7-0D2C-4563-9F48-A64343459199}.dll
2009-08-25 22:30:55 196608 ----a-w- C:\{DB819BC5-6B6A-4ED2-ABC1-C8BED08FFF08}.dll
2009-08-25 22:30:55 196608 ----a-w- C:\{B17AEC53-5C76-4AAA-A069-CFBC3BBD5186}.dll
2009-08-25 22:30:55 196608 ----a-w- C:\{A9DBD395-0E85-4F25-9ABC-52DC55AB1B38}.dll
2009-08-25 22:30:55 196608 ----a-w- C:\{7FF30AB7-EF5A-4CC6-B367-5BF36028929E}.dll
2009-08-25 22:30:55 196608 ----a-w- C:\{044CB556-4BAE-4FCF-B9AC-B1EC155BE9AA}.dll
2009-08-25 22:30:39 192512 ----a-w- C:\{4D7CA135-CF94-49BF-B149-2A2F4516ED5C}.dll
2009-08-25 22:30:35 118784 ----a-w- C:\{1CBD4EC1-4187-4AAC-B8D5-CAFAB0504257}.dll
2009-08-25 22:30:31 86016 ----a-w- C:\{C2F84D37-734F-416E-BA9A-A842A3E46C07}.dll
2009-08-25 22:30:29 77824 ----a-w- C:\{77F6F136-522D-4967-9613-1CD5D961D873}.dll
2009-04-19 02:56:09 2713 --sh--w- c:\windows\system32\dakekeja.exe
2009-04-04 02:50:09 2713 --sh--w- c:\windows\system32\foyomiwe.exe
2009-02-24 16:34:05 129024 --sha-w- c:\windows\system32\fuzayubi.dll
2009-04-05 14:51:53 2713 --sh--w- c:\windows\system32\gikoluyi.exe
2009-05-18 14:38:00 2713 --sh--w- c:\windows\system32\hawinigi.exe
2009-05-20 02:39:05 2713 --sh--w- c:\windows\system32\hohazami.exe
2009-05-19 08:38:34 2713 --sh--w- c:\windows\system32\kahitepi.exe
2009-05-21 14:40:16 2713 --sh--w- c:\windows\system32\nuwijoti.exe
2009-05-23 20:42:06 2713 --sh--w- c:\windows\system32\papesezi.exe
2009-05-13 08:25:29 2713 --sh--w- c:\windows\system32\rahebono.exe
2009-05-20 20:39:40 2713 --sh--w- c:\windows\system32\refajako.exe
2009-05-24 14:42:44 2713 --sh--w- c:\windows\system32\rukigiwi.exe
2009-05-22 08:40:51 2713 --sh--w- c:\windows\system32\susejewe.exe
2009-05-26 02:43:57 2713 --sh--w- c:\windows\system32\tomesitu.exe
2009-05-25 08:43:20 2713 --sh--w- c:\windows\system32\vukikudi.exe
2009-05-23 02:41:28 2713 --sh--w- c:\windows\system32\wararezu.exe
2009-04-04 20:51:02 2713 --sh--w- c:\windows\system32\yayihoge.exe

============= FINISH: 12:47:04.20 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/7/2007 10:20:04 AM
System Uptime: 11/14/2009 12:19:11 PM (0 hours ago)

Motherboard: MICRO-STAR INC. | | MS-6580
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | FC-478 | 2672/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 6.035 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 233 GiB total, 119.525 GiB free.
H: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Wireless-G PCI Adapter
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00131737&REV_02\4&1A671D0C&0&00F0
Manufacturer: Linksys, A Division of Cisco Systems, Inc.
Name: Wireless-G PCI Adapter
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00131737&REV_02\4&1A671D0C&0&00F0
Service: BCM43XX

==== System Restore Points ===================

RP960: 8/14/2009 8:42:59 PM - System Checkpoint
RP961: 8/15/2009 9:42:58 PM - System Checkpoint
RP962: 8/16/2009 10:43:00 PM - System Checkpoint
RP963: 8/17/2009 11:42:59 PM - System Checkpoint
RP964: 8/19/2009 12:43:00 AM - System Checkpoint
RP965: 8/26/2009 7:05:25 PM - System Checkpoint
RP966: 9/1/2009 2:27:44 AM - System Checkpoint
RP967: 9/2/2009 3:22:16 AM - System Checkpoint
RP968: 9/3/2009 4:22:16 AM - System Checkpoint
RP969: 9/4/2009 5:22:16 AM - System Checkpoint
RP970: 9/5/2009 6:22:16 AM - System Checkpoint
RP971: 9/6/2009 7:22:16 AM - System Checkpoint
RP972: 9/7/2009 8:22:16 AM - System Checkpoint
RP973: 9/8/2009 9:22:18 AM - System Checkpoint
RP974: 9/9/2009 10:22:17 AM - System Checkpoint
RP975: 9/10/2009 11:22:17 AM - System Checkpoint
RP976: 9/11/2009 12:22:17 PM - System Checkpoint
RP977: 9/12/2009 1:22:16 PM - System Checkpoint
RP978: 9/13/2009 2:22:16 PM - System Checkpoint
RP979: 9/14/2009 3:22:17 PM - System Checkpoint
RP980: 9/15/2009 4:22:16 PM - System Checkpoint
RP981: 9/16/2009 5:22:17 PM - System Checkpoint
RP982: 9/17/2009 6:22:17 PM - System Checkpoint
RP983: 9/18/2009 7:22:17 PM - System Checkpoint
RP984: 9/19/2009 8:22:17 PM - System Checkpoint
RP985: 9/20/2009 9:22:17 PM - System Checkpoint
RP986: 9/21/2009 10:22:17 PM - System Checkpoint
RP987: 9/22/2009 11:22:18 PM - System Checkpoint
RP988: 9/24/2009 12:22:17 AM - System Checkpoint
RP989: 9/25/2009 1:22:16 AM - System Checkpoint
RP990: 9/26/2009 2:22:21 AM - System Checkpoint
RP991: 9/27/2009 3:22:17 AM - System Checkpoint
RP992: 10/1/2009 6:29:26 PM - System Checkpoint
RP993: 10/2/2009 9:21:45 PM - System Checkpoint
RP994: 10/3/2009 10:10:11 PM - System Checkpoint
RP995: 10/6/2009 5:24:00 PM - Installed iTunes
RP996: 10/7/2009 5:31:23 PM - System Checkpoint
RP997: 10/8/2009 6:31:26 PM - System Checkpoint
RP998: 10/9/2009 7:31:27 PM - System Checkpoint
RP999: 10/9/2009 10:38:39 PM - Unsigned driver install
RP1000: 10/13/2009 8:23:31 PM - System Checkpoint
RP1001: 10/17/2009 12:07:35 PM - System Checkpoint
RP1002: 10/20/2009 11:57:47 AM - System Checkpoint
RP1003: 10/22/2009 10:37:58 AM - System Checkpoint
RP1004: 10/28/2009 12:39:42 PM - System Checkpoint
RP1005: 11/11/2009 10:44:38 PM - Removed Sony Picture Utility
RP1006: 11/11/2009 10:45:04 PM - Removed VideoConversion
RP1007: 11/11/2009 10:45:29 PM - Removed Shared
RP1008: 11/11/2009 10:47:02 PM - Removed PMBCore
RP1009: 11/11/2009 10:49:24 PM - Removed VideoUtility
RP1010: 11/11/2009 10:52:14 PM - Installed Sony Picture Utility
RP1011: 11/11/2009 10:52:45 PM - Installed PMBCore
RP1012: 11/11/2009 10:53:56 PM - Installed VideoUtility
RP1013: 11/11/2009 10:55:17 PM - Installed DirectX

==== Installed Programs ======================

ACDSee for PENTAX
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.2
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
ATI Display Driver
Audiosurf Beta
AviSynth 2.5
Azureus
Boilsoft Video Joiner 4.92
Bonjour
Compatibility Pack for the 2007 Office system
Creative Audio Console
DivX Web Player
Download Updater (AOL LLC)
DVD Decrypter (Remove Only)
Express Burn
FL Studio 9
Gigaget
GreedyTorrent v1.01 beta build 170
Half-Life
Half-Life 2: Jaykin' Bacon Source
Hardcore
HijackThis 2.0.2
Hotbar
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
Hotfix for Windows XP (KB952287)
IL Download Manager
Intel(R) PRO Ethernet Adapter and Software
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 11
Last.fm 1.5.2.38918
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Xbox 360 Accessories 1.1
mIRC
MixMeister BPM Analyzer 1.0
MobileMe Control Panel
Mozilla Firefox (3.0.15)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
NCH Toolbox Uninstall
NETGEAR RangeMax(TM) 240 Wireless USB 2.0 Adapter WPNT121
PDF Settings
PeerGuardian 2.0
PoiZone
Primo
QuickTime
Real Lives 2007
Safari
Sawer
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Seekdns 1.0 build 121
Sid Meier's Civilization 4
SoftV92 Data Fax Modem
Sonic UDF Reader
Sony Picture Utility
Sony USB Driver
Steam
System Requirements Lab
Team Fortress Classic
The Ship
The Ship Tutorial
The Sims™ 2 Double Deluxe
Toxic Biohazard
Unity Web Player
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
VC80CRTRedist - 8.0.50727.762
VideoLAN VLC media player 0.8.6h
Videora iPod classic Converter 3.07
Viewpoint Media Player
WebFldrs XP
WebWatcher V5 Demo
Windows Communication Foundation
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
Xfire (remove only)
XML Paper Specification Shared Components Pack 1.0
Xvid 1.1.3 final uninstall

==== Event Viewer Messages From Past Week ========

11/7/2009 8:57:29 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SCDEmu
11/14/2009 12:13:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/14/2009 12:13:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip
11/14/2009 12:13:20 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
11/14/2009 12:13:20 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/14/2009 12:13:20 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/14/2009 12:13:20 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/14/2009 12:13:20 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/14/2009 12:13:20 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/14/2009 12:13:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/13/2009 10:10:04 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
11/11/2009 10:28:49 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/10/2009 8:02:23 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer JOYGREENWAY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{504FBA7B-5943. The master browser is stopping or an election is being forced.

==== End Of File =========================== ]]> Malware and Virus Removal skvermillion13 http://www.WindowsBBS.com/malware-virus-removal/88658-active-iexplore-exe.html http://www.WindowsBBS.com/malware-virus-removal/88653-active-antiviruses-stop-searching-cant-clean.html Sat, 14 Nov 2009 15:10:28 GMT Hi,
I have a virus problem with my pc. Avira stopped scanning at "ezdgjg.sys" file.
Spyware Cleaner 2009, MalwareBytes and RootkitRevealer couldn't finish the scan, too.
F-Secure found "Trojan.Generic.IS" and "Rootkit: W32/TDSS.gen!C", but couldn't delete them.

Help, please.
Stefan ]]> Malware and Virus Removal Stefan B http://www.WindowsBBS.com/malware-virus-removal/88653-active-antiviruses-stop-searching-cant-clean.html http://www.WindowsBBS.com/malware-virus-removal/88648-active-browsers-being-hijacked-intermittently.html Sat, 14 Nov 2009 09:40:09 GMT Hello there all of you very very nice people, Today I contracted some relatively nasty scareware I assume from a site I visited that was less than reputable. I got rid of that program (and all of the other Trojans and nasty things that were associated with it) with Malwarebytes, ran CCleaner,... Hello there all of you very very nice people,

Today I contracted some relatively nasty scareware I assume from a site I visited that was less than reputable. I got rid of that program (and all of the other Trojans and nasty things that were associated with it) with Malwarebytes, ran CCleaner, Spybot S&D and Avast! and they all gave me a clean bill of health. The problem is I'm still getting randomly redirected to ad sites.
It'll randomly happen when I click links, open new tabs, or even just enter a new address.
Some of the sites I'm being redirected to are:
httx://xxx.createyourfirstwebsiteforbeginners.com/
httx://xxx.ourstage.com/
httx://xxx.ppcblinks.com/promo/ (a site advertising "American Satellite" and/or Dish Network)
httx://search0.info.com/searchw?qkw=asj&cmp=4063&affiliate=231_1448635102

and various other useless search engines that I can only assume would invariably redirect me to the other pages in this malware's cache of adscam websites.

I have done everything that I can with my limited computer repairing abilities and I am at my wits end. I come to you all now and ask for your help.

Here are my logs as per the instructions:


DDS.txt

DDS (Ver_09-10-26.01) - NTFSx86
Run by Beck at 3:32:06.41 on Sat 11/14/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1790.823 [GMT -6:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PokerStars.NET\PokerStars.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Beck\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Vidalia] "c:\program files\vidalia bundle\vidalia\vidalia.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\beck\appdata\roaming\mozilla\firefox\profiles\trwj9tew.default\
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom .dll
FF - component: c:\users\beck\appdata\roaming\mozilla\firefox\profiles\trwj9tew.default\ext ensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-11 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-11 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-11-11 53328]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-22 193840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]

=============== Created Last 30 ================

2009-11-14 09:02:18 0 d-----w- c:\program files\Trend Micro
2009-11-14 08:53:17 0 d-----w- c:\program files\CCleaner
2009-11-14 07:37:13 0 d-----w- c:\program files\PokerStars.NET
2009-11-14 00:22:10 0 d-----w- c:\users\beck\appdata\roaming\Malwarebytes
2009-11-14 00:22:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-14 00:22:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-14 00:22:04 0 d-----w- c:\programdata\Malwarebytes
2009-11-14 00:22:04 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-12 09:40:29 0 d-----w- c:\program files\JDownloader
2009-11-12 08:13:29 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-12 04:16:06 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-12 04:16:06 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-12 04:04:28 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-12 03:29:13 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-11-12 03:28:51 351232 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-04 11:08:51 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2009-10-30 18:21:05 0 d-----w- C:\FUSION
2009-10-30 12:26:47 0 d-----w- c:\programdata\Digsby
2009-10-30 12:21:08 0 d-----w- c:\users\beck\appdata\roaming\Digsby
2009-10-30 12:03:44 0 d-----w- c:\program files\Digsby
2009-10-27 20:09:09 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 20:09:04 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-25 23:42:25 822 ----a-w- c:\users\beck\appdata\roaming\wklnhst.dat
2009-10-24 09:00:01 0 d-----w- c:\users\beck\.jnlp-applet
2009-10-23 06:57:35 0 d-----w- c:\program files\Firaxis Games
2009-10-23 06:30:10 0 d-----w- c:\users\beck\appdata\roaming\GrabPro
2009-10-23 06:30:10 0 d-----w- C:\downloads
2009-10-23 06:29:42 0 d-----w- c:\program files\Orbitdownloader
2009-10-22 05:55:08 33021 ----a-w- c:\windows\scunin.dat
2009-10-22 05:54:57 967 ----a-w- c:\windows\ScUnin.pif
2009-10-22 05:54:57 94208 ----a-w- c:\windows\ScUnin.exe
2009-10-22 05:54:47 0 d-----w- c:\program files\Starcraft
2009-10-20 06:08:57 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-10-20 06:07:07 0 d--h--w- c:\windows\msdownld.tmp
2009-10-20 06:07:01 0 d-----w- c:\windows\system32\directx
2009-10-17 11:23:58 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2009-10-17 11:22:05 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-10-17 11:19:21 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2009-10-17 11:19:20 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2009-10-17 11:19:19 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-10-17 11:19:18 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-10-17 11:18:22 0 d-----w- c:\windows\system32\xlive
2009-10-17 11:18:21 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-10-17 10:50:51 0 d-----w- c:\programdata\DAEMON Tools Lite
2009-10-17 10:50:07 0 d-----w- c:\program files\DAEMON Tools Toolbar
2009-10-17 10:49:38 0 d-----w- c:\program files\DAEMON Tools Lite
2009-10-17 10:42:22 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-17 10:41:54 0 d-----w- c:\users\beck\appdata\roaming\DAEMON Tools Lite
2009-10-17 03:47:05 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-10-16 09:10:50 3599960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-16 09:10:48 3547736 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-16 08:54:59 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-16 08:33:18 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-10-16 08:33:10 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-16 08:33:02 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

==================== Find3M ====================

2009-11-14 00:42:15 27744 ----a-w- c:\programdata\nvModes.dat
2009-11-12 03:41:08 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-11-12 03:41:08 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-12 03:41:08 51200 ----a-w- c:\windows\inf\infpub.dat
2009-09-29 07:43:18 353840 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-29 07:43:17 505392 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-29 07:43:17 1066544 ----a-w- c:\windows\system32\MFC71.dll
2009-09-29 07:43:17 1053232 ----a-w- c:\windows\system32\MFC71u.dll
2009-09-29 07:37:03 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-09-29 07:31:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-29 05:56:20 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_Presario CQ60 Notebook PC_Y5335KV_0U_Q2CE9139BY0_E508164-001_4A_I303C_SWistron_V08.49_F.35_T090217_WV2-1_L409_M1790_J160_7AMD_8F31_92.00_#090929_N168C001C;10DE0760_(ZY226UA#ABA)_ XMOBILE_CN10_Z_2F.35.MRK
2009-09-04 22:44:40 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 22:44:40 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 22:29:34 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 22:29:34 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 22:29:32 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 22:29:32 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 22:29:30 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-08-29 00:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 12:39:07 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 13:32:41 833024 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:29:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 10:58:58 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2008-10-23 06:05:00 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-10-23 06:05:00 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 3:35:05.43 ===============



And the Attach.txt
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 9/29/2009 2:28:56 AM
System Uptime: 11/13/2009 6:36:03 PM (9 hours ago)

Motherboard: Wistron | | 303C
Processor: AMD Athlon Dual-Core QL-62 | Socket A | 1000/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 139 GiB total, 12.985 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.726 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

µTorrent
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9
Adobe Shockwave Player
Age of Empires III
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Atheros Driver Installation Program
avast! Antivirus
Bonjour
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink DVD Suite
DAEMON Tools Toolbar
Digsby
ESU for Microsoft Vista
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Quick Launch Buttons 6.40 H2
HP Total Care Advisor
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPTCSSetup
iTunes
Java(TM) 6 Update 7
JDownloader
JEOPARDY! Deluxe (remove only)
Juno Preloader
LabelPrint
Magic Video Converter Trial Version (English) 8.0.2.18
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Live Search Toolbar
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.5.5)
MSXML 4.0 SP2 (KB954430)
muvee Reveal
My HP Games
NetWaiting
NetZero Preloader
NVIDIA Drivers
Opera 10.00
Orbit Downloader
PokerStars.net
Power2Go
PowerDirector
Project64 1.6
QuickTime
Realtek USB 2.0 Card Reader
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 - Warlords
SPORE Creature Creator Trial Edition
Spybot - Search & Destroy
Starcraft
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934528)
VLC media player 1.0.2
WinRAR archiver

==== End Of File =========================== ]]> Malware and Virus Removal UpRise http://www.WindowsBBS.com/malware-virus-removal/88648-active-browsers-being-hijacked-intermittently.html http://www.WindowsBBS.com/malware-virus-removal/88629-active-malware-affecting-wan-miniport.html Fri, 13 Nov 2009 15:57:19 GMT Hi, I have a problem my Network connection is gone when y check the device manager all my adapter are with yellow exclamations Realtek RTL8139/810X Family Fas Ethernet NIC Realtek RTL8139/810X Family Fas Ethernet NIC - Minipuerto del administrador de paquetes Realtek RTL8139/810X Family Fas... Hi,

I have a problem my Network connection is gone when y check the device manager all my adapter are with yellow exclamations

Realtek RTL8139/810X Family Fas Ethernet NIC
Realtek RTL8139/810X Family Fas Ethernet NIC - Minipuerto del administrador de paquetes
Realtek RTL8139/810X Family Fas Ethernet NIC - Teefer2 Miniport
Minipuerto WAN (IP)
Minipuerto WAN (IP) - Miniport del administrador de paquetes
Minipuerto WAN (L2TP)
Minipuerto WAN (PPPOE)
Minipuerto WAN (PPTP)
Paralelo directo

My anti virus detect cutwail.h Trojan and was removed

I have installed Symantec Endpoint Protection SEP, superantispyware, malware bytes, ROOTrepeal

any help fixing the network will be greatly appreciated


here are the logs

superantispyware

detect nothing

Malware bytes
Malwarebytes' Anti-Malware 1.41
Versión de la Base de Datos: 2775
Windows 5.1.2600 Service Pack 3

12/11/2009 13:15:54
mbam-log-2009-11-12 (13-15-54).txt

Tipo de examen : Examen Rápido
Objetos examinados: 126415
Tiempo transcurrido: 13 minute(s), 54 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 1
Elementos de Datos del Registro Infectados: 1
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explor er\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Elementos de Datos del Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explor er\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)


root repeal

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/01/13 11:16
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: PCI_NTPNP1068
Image Path: \Driver\PCI_NTPNP1068
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8B49000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x8ae38e90

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x8ae5c748

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x8ae2d5d8

#: 041 Function Name: NtCreateKey
Status: Hooked by "sptd.sys" at address 0xba6be0d0

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x8af03930

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x8a9651d0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xba6c3fb2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xba6c4340

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x8ad54da0

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x8ad2ba48

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x8addb8d0

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x8ad43108

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x8adb75f0

#: 119 Function Name: NtOpenKey
Status: Hooked by "sptd.sys" at address 0xba6be0b0

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x8af04b18

#: 129 Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x8ad435b8

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xba6c4418

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "sptd.sys" at address 0xba6c4298

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x8ae632d8

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8ade5d78

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x8af47330

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x8ad1f058

#: 247 Function Name: NtSetValueKey
Status: Hooked by "sptd.sys" at address 0xba6c44aa

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8aecc0d0

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8ae588e0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.sys" at address 0xa94aa0b0

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x8ae38650

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x8af05c98

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8aaaf9f0

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8aff81e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8aff81e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8aff81e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8aff81e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8aff81e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8aff81e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8aff81e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8aff81e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8aff81e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8aff81e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8aff81e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8aff81e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8aff81e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8aff81e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8aff81e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8aff81e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8aff81e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8aff81e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8aff81e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8aff81e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8aff81e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8aff81e8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x8a8661e8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x8a8661e8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x8a8661e8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x8a8661e8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a8661e8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a8661e8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a8661e8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x8a8661e8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a8661e8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a8661e8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a8661e8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a8661e8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a8661e8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8661e8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a8661e8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a8661e8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x8a8661e8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x8a8661e8 Size: 121

Object: Hidden Code [Driver: CDRom, IRP_MJ_CREATE]
Process: System Address: 0x8adae1e8 Size: 121

Object: Hidden Code [Driver: CDRom, IRP_MJ_CLOSE]
Process: System Address: 0x8adae1e8 Size: 121

Object: Hidden Code [Driver: CDRom, IRP_MJ_READ]
Process: System Address: 0x8adae1e8 Size: 121

Object: Hidden Code [Driver: CDRom, IRP_MJ_WRITE]
Process: System Address: 0x8adae1e8 Size: 121

Object: Hidden Code [Driver: CDRom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8adae1e8 Size: 121

Object: Hidden Code [Driver: CDRom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8adae1e8 Size: 121

Object: Hidden Code [Driver: CDRom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8adae1e8 Size: 121

Object: Hidden Code [Driver: CDRom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8adae1e8 Size: 121

Object: Hidden Code [Driver: CDRom, IRP_MJ_POWER]
Process: System Address: 0x8adae1e8 Size: 121

Object: Hidden Code [Driver: CDRom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8adae1e8 Size: 121

Object: Hidden Code [Driver: CDRom, IRP_MJ_PNP]
Process: System Address: 0x8adae1e8 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_CREATE]
Process: System Address: 0x8a9fd790 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_CLOSE]
Process: System Address: 0x8a9fd790 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_READ]
Process: System Address: 0x8a9fd790 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_WRITE]
Process: System Address: 0x8a9fd790 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a9fd790 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a9fd790 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_POWER]
Process: System Address: 0x8a9fd790 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a9fd790 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_PNP]
Process: System Address: 0x8a9fd790 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x8af871e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x8af871e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x8af871e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x8af871e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8af871e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8af871e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8af871e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8af871e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x8af871e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8af871e8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x8af871e8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x8ae28338 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x8ae28338 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ae28338 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ae28338 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x8ae28338 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ae28338 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x8ae28338 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8affa1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8affa1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8affa1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8affa1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8affa1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8affa1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8affa1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8affa1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8affa1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8affa1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8affa1e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8ae22790 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8ae22790 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ae22790 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ae22790 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8ae22790 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ae22790 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8ae22790 Size: 121

Object: Hidden Code [Driver: MA, IRP_MJ_CREATE]
Process: System Address: 0x8a833790 Size: 121

Object: Hidden Code [Driver: MA, IRP_MJ_CLOSE]
Process: System Address: 0x8a833790 Size: 121

Object: Hidden Code [Driver: MA, IRP_MJ_READ]
Process: System Address: 0x8a833790 Size: 121

Object: Hidden Code [Driver: MA, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a833790 Size: 121

Object: Hidden Code [Driver: MA, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a833790 Size: 121

Object: Hidden Code [Driver: MA, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a833790 Size: 121

Object: Hidden Code [Driver: MA, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a833790 Size: 121

Object: Hidden Code [Driver: MA, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a833790 Size: 121

Object: Hidden Code [Driver: MA, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a833790 Size: 121

Object: Hidden Code [Driver: MA, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a833790 Size: 121

Object: Hidden Code [Driver: MA, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a833790 Size: 121

Object: Hidden Code [Driver: MA, IRP_MJ_CLEANUP]
Process: System Address: 0x8a833790 Size: 121

Object: Hidden Code [Driver: MA, IRP_MJ_PNP]
Process: System Address: 0x8a833790 Size: 121

Shadow SSDT
-------------------
#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "<unknown>" at address 0x8a23fa10

==EOF== ]]> Malware and Virus Removal carlosvj http://www.WindowsBBS.com/malware-virus-removal/88629-active-malware-affecting-wan-miniport.html http://www.WindowsBBS.com/malware-virus-removal/88625-active-start-up-errors-can-not-run-any-malware-antivirus-programs.html Fri, 13 Nov 2009 13:43:35 GMT Hey guys, after noticing new processes such as b.exe and deleteing them i cannot run any programs that will scan my drives. My anti virus will not start neither will any online scans, spybot will not install and malwarebytes terminates just before it tries to scan. ive tried to run DDS a... Hey guys,

after noticing new processes such as b.exe and deleteing them i cannot run any programs that will scan my drives. My anti virus will not start neither will any online scans, spybot will not install and malwarebytes terminates just before it tries to scan.

ive tried to run DDS a few times, it either does nothing for 10 minutes, or just comes up with application error.

Any Suggestions? ]]> Malware and Virus Removal kiranp http://www.WindowsBBS.com/malware-virus-removal/88625-active-start-up-errors-can-not-run-any-malware-antivirus-programs.html http://www.WindowsBBS.com/malware-virus-removal/88615-active-renos-ji-malware-system-severely-limited.html Fri, 13 Nov 2009 05:25:48 GMT I believe I downloaded a trojan a few days ago. My browser started acted weird - I'd try to go to one site and it would redirect me to another. Then Windows Defender popped up saying it had found a trojan win/32/renos.ji. But when I cllicked on remove, I got a message that Defender could not remove it and then it shut down and wouldn't start again. The browser began to work only intermittently. The next day I was able to download Microsoft Safety scanner but after sitting for awhile trying to initialize the scan, it just shut down. Then while I was trying to update windows, I got a message from my McAfee virus software that an attempt was being made to alter one of the files in documents and settings\...\temp/b.exe. I blocked it several times but the windows update was stuck on 0% so I let the change take place. Now, a few days later, Intern Explorer does not work at all so I can't try to download anything to help, the system says I don't have any printers installed so I am unable to print, it doesn't recognize USB devices when I plug them in so I am unable to copy my files off the system, virus software is totally disabled, when I boot up to the desktop I get several program error messages, and I have no system tray or start menu on the desktop so the only way I know how to shut down the system is to hit the power button. I tried system restore but it wont work even in safe mode. Virus scanning won't work even in safe mode.

At this point I'd be happy to be able to copy all my data off the machine and just buy a new computer. Is there anything that can be done to fix this or am I *******? ]]> Malware and Virus Removal L99 http://www.WindowsBBS.com/malware-virus-removal/88615-active-renos-ji-malware-system-severely-limited.html