Inactive Open File Security Waring (c:WINDOWS/System32/system_check)

D3c14n17 · 2010/02/19

[Inactive] Open File Security Waring (c:WINDOWS/System32/system_check)

Here are the logs for my computer

DDS

DDS (Ver_09-12-01.01) - NTFSx86
Run by declan at 13:03:08.43 on 19/02/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.68 [GMT 0:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Belkin\F5D8053\v6\WifiSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Belkin\F5D8053\v6\Belkinwcui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Documents and Settings\declan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=hxxp://www-cache.freeserve.net:8080;ftp=http://www-cache.freeserve.net:8080
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant = hxxp://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDODB5xmjBn4fFgCYV3ewg5di8Nz6b9VHAk06+fjDTayFoZeNBJI4+ljeZF8axUa1U3JJ4Lrwijg33nqNd0HnFEuaufoUaqtf4XTn6sZwprOdWVU0R3/ucI4PQ6pW3az5iF8G/FrsO52qAeRvK+UPmqnPDIymoikjq
mURLSearchHooks: H - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [InstantTray] c:\program files\pinnacle\shared files\instantcddvd\PCLETray.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe "
uRun: [360desktop]
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [HKCU] c:\windows\system32\system_check\system32.exe
mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
mRun: [CARPService] carpserv.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HKLM] c:\windows\system32\system_check\system32.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uExplorerRun: [Policies] c:\windows\system32\system_check\system32.exe
mExplorerRun: [Policies] c:\windows\system32\system_check\system32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d8053\v6\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm302YYGB
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
Trusted Zone: getmirar.com\click
Trusted Zone: mirarsearch.com\click
Trusted Zone: mirarsearch.com\redirect
Trusted Zone: net-nucleus.com\awbeta
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2E4A92AB-F2C0-456A-9935-B715439790D7} - hxxps://www.permissionresearch.com/Config/packages/pr/prsetup.cab
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www-cdn.freerealms.com/gamedata/plugins/1.0.3.83/FreeRealmsInstaller.cab?v=1032
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1011992482421
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1011992445515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxp://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
mASetup: {R631V07I-67R6-VCV6-4I5E-USMFTOV4X625} - c:\windows\system32\system_check\system32.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\declan\applic~1\mozilla\firefox\profiles\w10usdpw.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2009-11-5 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2002-1-25 161800]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2004-6-7 89749]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2004-2-16 77056]
R0 VOBID;VOBID;c:\windows\system32\drivers\vobid.sys [2003-8-1 29239]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2002-1-25 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2002-1-25 28424]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2002-1-25 360584]
R1 vobcom;vobcom;c:\windows\system32\drivers\vobcom.sys [2001-10-4 9728]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [2003-8-29 187392]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-2-16 14336]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-5 906520]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-5 285392]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2009-11-9 2304192]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2009-11-5 5832712]
R2 Belkin Wifi Service;Belkin Wifi Service;c:\program files\belkin\f5d8053\v6\WifiSvc.exe [2009-10-27 274432]
R2 LogWatch;Event Log Watch;c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [2002-9-19 53248]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2002-1-25 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-11-5 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-11-5 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2009-11-5 25736]
R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [2002-12-13 64000]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2009-10-27 584832]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2002-1-25 30104]
S3 CA_LIC_CLNT;CA License Client;c:\program files\ca\sharedcomponents\ca_lic\lic98rmt.exe [2002-9-19 77824]
S3 CA_LIC_SRVR;CA License Server;c:\program files\ca\sharedcomponents\ca_lic\lic98rmtd.exe [2002-9-19 77824]
S3 CA500AI;Easy Pix Sv Still Image Capture;c:\windows\system32\drivers\BULK2NM.sys [2004-8-29 11117]
S3 CA500AV;Easy Pix Sv WDM Video Capture;c:\windows\system32\drivers\ca500av.SYS [2004-8-29 492619]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\gpotato\flyff\gameguard\dump_wmimmc.sys --> c:\program files\gpotato\flyff\gameguard\dump_wmimmc.sys [?]
S3 GarenaPEngine;GarenaPEngine;c:\docume~1\declan\locals~1\temp\PQTEE.tmp [2010-1-24 25616]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-10-21 33792]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2010-02-19 11:59:41 142 ----a-w- c:\windows\system32\spupdsvc.inf
2010-02-18 18:47:08 33869 ----a-w- c:\docume~1\declan\applic~1\SQLite3.dll
2010-02-16 16:42:27 0 d-----w- c:\program files\ijji
2010-02-16 15:32:33 0 ----a-w- C:\FCM15E.tmp
2010-02-16 15:32:33 0 ----a-w- C:\FCM15D.tmp
2010-02-16 15:32:33 0 ----a-w- C:\FCM15C.tmp
2010-02-16 15:32:33 0 ----a-w- C:\FCM15B.tmp
2010-02-16 15:32:33 0 ----a-w- C:\FCM15A.tmp
2010-02-16 15:32:23 0 ----a-w- C:\FCM159.tmp
2010-02-16 15:32:23 0 ----a-w- C:\FCM158.tmp
2010-02-16 15:32:23 0 ----a-w- C:\FCM157.tmp
2010-02-16 15:32:23 0 ----a-w- C:\FCM156.tmp
2010-02-16 15:32:23 0 ----a-w- C:\FCM155.tmp
2010-02-16 13:45:17 0 d-----w- c:\program files\Uniblue
2010-02-16 13:22:15 0 d-----w- c:\docume~1\declan\applic~1\Uniblue
2010-02-16 13:18:28 617472 ----a-w- c:\windows\system32\_entreelist.dll
2010-02-16 13:18:26 714752 ----a-w- c:\windows\system32\_enviewlist.dll
2010-02-15 21:36:59 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2010-02-15 21:36:55 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2010-02-15 21:36:50 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2010-02-15 21:36:50 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2010-02-15 21:36:48 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2010-02-15 21:36:44 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2010-02-15 21:36:32 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2010-02-15 21:36:32 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2010-02-15 21:36:30 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2010-02-15 21:36:30 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2010-02-15 21:36:22 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-02-15 21:35:48 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-02-15 21:35:22 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2010-02-15 21:35:22 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2010-02-15 20:25:37 94208 ----a-w- C:\temp1843770.tm0
2010-02-15 20:25:37 0 ----a-w- C:\CDW131.tmp
2010-02-09 20:32:31 0 d-----w- c:\docume~1\alluse~1\applic~1\AA3DeployClient
2010-02-08 19:09:25 0 d-----w- c:\docume~1\alluse~1\applic~1\SpeedBit
2010-02-08 19:08:57 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2010-02-08 19:08:55 0 d-----w- c:\program files\DAP
2010-02-06 21:55:42 0 d-----w- c:\program files\WolfQuest
2010-02-06 17:23:04 0 d-----w- c:\docume~1\declan\applic~1\Participatory Culture Foundation
2010-02-03 18:17:49 0 d-----w- c:\program files\Microsoft
2010-02-03 18:16:39 0 d-----w- c:\program files\Windows Live SkyDrive
2010-01-25 20:42:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Souptoys
2010-01-25 20:42:18 0 d-----w- c:\program files\Souptoys
2010-01-21 16:53:46 0 d-----w- c:\program files\BitTorrent
2010-01-20 18:29:19 0 d-----w- c:\program files\Gpotato

==================== Find3M ====================

2010-02-18 20:21:53 7019 ---ha-w- c:\docume~1\declan\applic~1\logs.dat
2010-02-18 18:22:34 41 ----a-w- c:\documents and settings\declan\jagex_runescape_preferences.dat
2010-02-18 18:22:23 69 ----a-w- c:\documents and settings\declan\jagex_runescape_preferences2.dat
2010-02-16 15:08:24 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-16 15:08:24 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-31 13:24:03 140692 ----a-w- c:\windows\hpoins14.dat
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 18:18:54 75264 ----a-w- c:\windows\system32\uc_holybeast_launching.dll
2009-12-17 17:48:49 50984 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-15 17:21:32 427008 ----a-w- c:\windows\system32\uc_wepic_launching.dll
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26:15 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:51 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-09 20:25:45 886569287 ----a-w- c:\program files\B4BF88163D42CFD9C0410522D6E15814.kms
2009-11-09 20:25:45 884628 ----a-w- c:\program files\B4BF88163D42CFD9C0410522D6E15814.kmt
2009-10-10 20:13:52 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-10-10 20:13:52 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009101020091011\index.dat
2006-07-31 10:20:54 774144 --sh--r- c:\windows\system32\system_check\system32.exe

============= FINISH: 13:06:51.29 ===============

Attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 17/06/2004 15:12:46
System Uptime: 19/02/2010 11:39:18 (2 hours ago)

Motherboard: ASUSTeK Computer INC. | | A7NVM400
Processor: AMD Athlon(tm) XP 2800+ | Socket A | 2074/166mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 73 GiB total, 40.174 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce MCP Networking Controller
Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_80A71043&REV_A1\3&267A616A&0&20
Manufacturer: Nvidia
Name: NVIDIA nForce MCP Networking Controller
PNP Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_80A71043&REV_A1\3&267A616A&0&20
Service: NVENET

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\4120CF10DC00
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\4120CF10DC00
Service: NIC1394

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: PCI SoftV92 Modem
Device ID: PCI\VEN_14F1&DEV_2F00&SUBSYS_200414F1&REV_01\4&2C03473B&0&3840
Manufacturer: CXT
Name: PCI SoftV92 Modem
PNP Device ID: PCI\VEN_14F1&DEV_2F00&SUBSYS_200414F1&REV_01\4&2C03473B&0&3840
Service: Modem

==== System Restore Points ===================

RP372: 21/11/2009 13:57:30 - Avg8 Update
RP373: 21/11/2009 14:00:24 - Avg8 Update
RP374: 25/11/2009 20:40:41 - Avg8 Update
RP375: 25/11/2009 20:53:33 - Installed Google SketchUp 7
RP376: 28/11/2009 13:38:08 - Avg8 Update
RP377: 28/11/2009 14:14:18 - Software Distribution Service 3.0
RP378: 28/11/2009 14:42:04 - Software Distribution Service 3.0
RP379: 28/11/2009 17:54:45 - Software Distribution Service 3.0
RP380: 30/11/2009 19:29:13 - Removed Google SketchUp 7
RP381: 01/12/2009 17:44:16 - Installed Steam
RP382: 05/12/2009 10:10:02 - Avg8 Update
RP383: 05/12/2009 10:16:06 - Avg8 Update
RP384: 05/12/2009 11:59:50 - Installed iTunes
RP385: 08/12/2009 20:11:22 - Removed Steam
RP386: 08/12/2009 20:16:54 - Removed Quake Live Internet Explorer Plugin
RP387: 08/12/2009 20:18:57 - Removed Pivot Stickfigure Animator
RP388: 08/12/2009 21:15:16 - Software Distribution Service 3.0
RP389: 09/12/2009 19:06:15 - Installed Steam
RP390: 09/12/2009 20:39:21 - Software Distribution Service 3.0
RP391: 10/12/2009 18:00:39 - Avg8 Update
RP392: 10/12/2009 20:02:56 - Avg8 Update
RP393: 10/12/2009 20:49:27 - Software Distribution Service 3.0
RP394: 11/12/2009 18:07:00 - Installed HPSU306Stub
RP395: 11/12/2009 20:50:08 - Installed DarkSteam Project
RP396: 12/12/2009 13:50:14 - Avg8 Update
RP397: 12/12/2009 16:44:29 - Software Distribution Service 3.0
RP398: 12/12/2009 20:32:11 - Software Distribution Service 3.0
RP399: 13/12/2009 10:58:23 - Printer Driver Microsoft XPS Document Writer Installed
RP400: 14/12/2009 18:03:00 - Software Distribution Service 3.0
RP401: 15/12/2009 16:38:35 - Software Distribution Service 3.0
RP402: 16/12/2009 18:22:41 - Avg8 Update
RP403: 19/12/2009 14:25:55 - Avg8 Update
RP404: 19/12/2009 17:26:21 - Removed DarkSteam Project
RP405: 20/12/2009 18:47:43 - Installed Belkin N Wireless USB Adapter Setup
RP406: 20/12/2009 20:14:45 - Installed Belkin N Wireless USB Adapter Setup
RP407: 21/12/2009 11:58:40 - Removed Safari
RP408: 26/12/2009 14:23:16 - Avg8 Update
RP409: 30/12/2009 13:30:17 - Avg8 Update
RP410: 31/12/2009 11:52:21 - Avg8 Update
RP411: 11/01/2010 14:41:28 - Avg8 Update
RP412: 14/01/2010 17:34:39 - Avg8 Update
RP413: 14/01/2010 18:23:14 - Avg8 Update
RP414: 15/01/2010 22:11:15 - Software Distribution Service 3.0
RP415: 16/01/2010 20:16:09 - Removed Apple Mobile Device Support
RP416: 16/01/2010 20:25:24 - Removed Steam
RP417: 16/01/2010 21:17:47 - Installed Microsoft DirectX 9.0 SDK Update (Summer 2004)
RP418: 16/01/2010 21:34:08 - Installed DirectX for Managed Code Update (Summer 2004)
RP419: 17/01/2010 20:11:16 - Removed Ask Toolbar.
RP420: 23/01/2010 16:51:59 - Software Distribution Service 3.0
RP421: 23/01/2010 17:09:21 - Avg8 Update
RP422: 27/01/2010 17:49:15 - Avg8 Update
RP423: 30/01/2010 16:15:15 - Avg8 Update
RP424: 03/02/2010 20:34:26 - Removed Google Earth.
RP425: 04/02/2010 17:09:39 - Avg8 Update
RP426: 05/02/2010 16:35:44 - Avg8 Update
RP427: 06/02/2010 21:55:37 - Installed WolfQuest
RP428: 07/02/2010 13:59:51 - Removed WolfQuest
RP429: 12/02/2010 18:47:29 - Avg8 Update
RP430: 12/02/2010 21:24:01 - Software Distribution Service 3.0
RP431: 14/02/2010 20:41:02 - Software Distribution Service 3.0
RP432: 15/02/2010 13:42:10 - Removed Ask Toolbar.
RP433: 15/02/2010 13:50:53 - Removed Boots - Photo Lifeguard
RP434: 15/02/2010 21:33:48 - Installed DirectX
RP435: 16/02/2010 15:07:38 - Installed Microsoft Visual C++ 2005 Redistributable
RP436: 16/02/2010 16:42:06 - Installed ijji REACTOR
RP437: 17/02/2010 11:57:51 - Removed ijji REACTOR
RP438: 19/02/2010 11:58:03 - Software Distribution Service 3.0

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 7.0
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Apple Application Support
Apple Software Update
ArcSoft Software Suite
AVG 9.0
BBC iPlayer Desktop
Belkin N Wireless USB Adapter Setup
BitTorrent
Bonjour
BufferChm
CA Licensing
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DirectX for Managed Code Update (Summer 2004)
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
DNA
Download Accelerator Plus (DAP)
Esay Pix Sv
eSupportQFolder
F2100
F2100_doccd
F2100_Help
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Solution Center 9.0
HP Update
hph_readme
hph_software_req
HPProductAssistant
HPSSupply
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 8
Java(TM) 6 Update 16
Junk Mail filter update
Macromedia Shockwave Player
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Data Access Components KB870669
Microsoft DirectX 9.0 SDK Update (Summer 2004)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! for Windows XP
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Journal Viewer
Microsoft Works 7.0
Mozilla Firefox (3.6)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My DSC
NVIDIA Display Driver
NVIDIA Drivers
NVIDIA Ethernet Driver
NVIDIA nForce Drivers
OpenAL
Pando Media Booster
PCI SoftV92 Modem
PCLink for GSM Ver.1.0
Pinnacle InstantCD/DVD Suite
PSSWCORE
PunkBuster Services
QuickTime
Related Page
Replay Music
SAGEM F@st 800-840
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
SoftK56 Data Fax Voice Speakerphone CARP
SolutionCenter
Spotify
Status
Toolbox
TrayApp
Uniblue RegistryBooster 2010
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Uptown Engine
USB MP3 Driver v1.17r014
VideoToolkit01
VLC media player 1.0.1
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Live Writer
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Service Pack 3
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

19/02/2010 12:34:39, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
18/02/2010 18:29:42, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f8b6fa15, parameter3 f52976d8, parameter4 00000000.
18/02/2010 18:29:40, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8070194f, parameter3 f2e9baf8, parameter4 00000000.
18/02/2010 18:29:37, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8070194f, parameter3 f8d4daf8, parameter4 00000000.
18/02/2010 18:29:34, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8070194f, parameter3 f2dccaf8, parameter4 00000000.
18/02/2010 18:28:57, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8070194f, parameter3 f2edfaf8, parameter4 00000000.
18/02/2010 18:28:06, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8070194f, parameter3 f472cb18, parameter4 00000000.
18/02/2010 18:26:24, error: System Error [1003] - Error code 100000d1, parameter1 faa09000, parameter2 00000002, parameter3 00000000, parameter4 f871a826.
16/02/2010 20:23:29, error: Dhcp [1002] - The IP address lease 192.168.1.34 for the Network Card with network address 002275AA7F88 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
16/02/2010 11:00:56, error: PSched [14103] - QoS [Adapter {651BCC37-C619-4F6C-947A-48A6ADF9A3A1}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
15/02/2010 13:42:33, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
15/02/2010 13:37:26, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
15/02/2010 13:37:26, error: Service Control Manager [7000] - The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: The system cannot find the file specified.
15/02/2010 11:56:05, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
15/02/2010 11:56:05, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
14/02/2010 10:58:03, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

==== End Of File ===========================

PeteC · 2010/02/19

Please do not Double Post. As a new member with less than 10 posts any post you make which contains a URL requires approval (moderation) before it is visible.

Your duplicate thread has been deleted.

Admin. · 2010/02/19

I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them,

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

D3c14n17 · 2010/02/19

Sorry but I have never used that at all I was going to but I got told not to so I didn't I forgot to uninstall that but that isn't the cause because I have never used that.

D3c14n17 · 2010/02/19

Ok I have uninstalled it now but I made sure I used the trusted websites they say on the Install program so I don't think that is the problem.

P.S
uExplorerRun: [Policies] c:\windows\system32\system_check\system32.exe
mExplorerRun: [Policies] c:\windows\system32\system_check\system32.exe
mASetup: {R631V07I-67R6-VCV6-4I5E-USMFTOV4X625} - c:\windows\system32\system_check\system32.exe

This is what my computer wants to start up every time so its got to be one of these and they are found in the HJT Report.

Admin. · 2010/02/19

Yes, that's the MARI Virus Trojan. Please wait for a Malware expert to assist you.

crunchie · 2010/02/19

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Download the update from here if you have problems.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Make sure that you restart the computer.

==============

Download HijackThis Executable from here. Save it to your desktop.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and then go to the format Tab and make sure that wordwrap is unchecked. Copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.

D3c14n17 · 2010/02/20

One question and that is if the Malwarebytes finishes the scan do I need the windows CD installer for things that it has taken off wrongly in other words could the programme do something like that.

D3c14n17 · 2010/02/20

Forget about the last post after i saw the results im ok now.

D3c14n17 · 2010/02/20

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20/02/2010 20:13:40
mbam-log-2010-02-20 (20-13-40).txt

Scan type: Full Scan (C:\|)
Objects scanned: 232099
Time elapsed: 2 hour(s), 39 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 73
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 67

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{r631v07i-67r6-vcv6-4i5e-usmftov4x625} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\csetup.setup (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/prsetup.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0156ca3c-89c4-4d1d-8eb1-aaf4588b929b} (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e24e145-d17c-4343-bb61-83b515f3cf53} (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2e4a92ab-f2c0-456a-9935-b715439790d7} (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2e4a92ab-f2c0-456a-9935-b715439790d7} (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2e4a92ab-f2c0-456a-9935-b715439790d7} (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2e4a92ab-f2c0-456a-9935-b715439790d7} (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\csetup.setup.1 (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fis.amo (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fis.amo.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fis.momo (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fis.momo.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fis.ohb (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fis.ohb.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nn_bar_dummy.nn_bardummy (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nn_bar_dummy.nn_bardummy.1 (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1037b06c-84b7-4240-8d80-485810a0497d} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{54b287f9-fd90-4457-b65e-cb91560c021d} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8a0dcbda-6e20-489c-9041-c1e8a0352e75} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5015bf9d-173c-474b-9af3-77d4d23a4135} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5ed7d3de-6dbe-4516-8712-01b1b64b7057} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{85e0b171-04fa-11d1-b7da-00a0c90348a7} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{85e0b171-04fa-11d1-b7da-00a0c90348d7} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{92c3f342-45da-4511-853a-b3836aaff5f5} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8a0dcbda-6e20-489c-9041-c1e8a0352e75} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\upmedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\prsetup.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Adware.Starware) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\system_check\system32.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\prsetup.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP421\A0226285.DLL (Adware.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0230675.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0230684.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0230685.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0230707.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0230691.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0230692.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0230694.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0230695.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0230698.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0230699.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0230700.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0230701.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0230702.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0230703.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0230704.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0230705.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0230706.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0230708.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0230709.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0230710.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0230711.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0230712.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0230713.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0230714.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0231650.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0231651.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0231652.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP423\A0231653.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP404\A0201059.dll (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP411\A0208788.DLL (Adware.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP411\A0208789.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213006.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213015.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213016.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213022.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213023.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213025.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213026.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213029.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213030.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213031.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213032.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213033.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213034.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213035.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213036.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213037.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213039.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213040.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213041.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213042.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213043.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213044.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213045.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213979.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213980.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213981.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213982.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0213038.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP414\A0214023.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UpMedia\uninstallSE.exe (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\declan\Application Data\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\declan\Local Settings\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\declan\Local Settings\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

D3c14n17 · 2010/02/20

HijackThis results:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:39, on 20/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Belkin\F5D8053\v6\Belkinwcui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Belkin\F5D8053\v6\WifiSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\declan\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.net:8080;ftp=http://www-cache.freeserve.net:8080
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HKLM] C:\WINDOWS\system32\system_check\system32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe "
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [HKCU] C:\WINDOWS\system32\system_check\system32.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\system_check\system32.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\system_check\system32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F5D8053\v6\Belkinwcui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} (SonyOnlineInstallerX) - http://www-cdn.freerealms.com/gamedata/plugins/1.0.3.83/FreeRealmsInstaller.cab?v=1032
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1011992482421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1011992445515
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Belkin Wifi Service - Unknown owner - C:\Program Files\Belkin\F5D8053\v6\WifiSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 11004 bytes

crunchie · 2010/02/20

The latest definitions file for MBA-M is 3768, which shows that you did not update it as requested.
Please update MBA-M and follow the instructions again as above.

D3c14n17 · 2010/02/21

Could I just ask why do I have to update it when the programme has gone because nothing comes up any more but ill do it again if I must.

crunchie · 2010/02/21

I do not understand the question. Where has the program gone? All of these tools need to be updated before they are run so that they have the latest database installed. Hence the instruction in my first post to update it immediately after downloading and installing it.
It may not find anything else either, but at least we are giving it every chance to do so.

D3c14n17 · 2010/02/21

I mean the Virus it doesn't want to run at start up and my computer doesn't turn slower with time.

crunchie · 2010/02/21

You still have entries that need removing, showing in your log. It would have been a lot easier and quicker, to just follow the requests.
If you are happy to just do half the job, then so be it.
If you decide to update and re-run MBA-M, post the logs and I will check it when I wake up, as I am now off to bed .

D3c14n17 · 2010/02/21

Malwarebytes' Anti-Malware 1.44
Database version: 3769
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21/02/2010 13:45:23
mbam-log-2010-02-21 (13-45-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 239270
Time elapsed: 3 hour(s), 25 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{2C502657-49AF-4D52-BE5C-D5FA6D579313}\RP410\A0208392.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

D3c14n17 · 2010/02/21

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:56:06, on 21/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Belkin\F5D8053\v6\Belkinwcui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Belkin\F5D8053\v6\WifiSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\MsiExec.exe
C:\Documents and Settings\declan\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.net:8080;ftp=http://www-cache.freeserve.net:8080
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe "
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\system_check\system32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F5D8053\v6\Belkinwcui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} (SonyOnlineInstallerX) - http://www-cdn.freerealms.com/gamedata/plugins/1.0.3.83/FreeRealmsInstaller.cab?v=1032
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1011992482421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1011992445515
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Belkin Wifi Service - Unknown owner - C:\Program Files\Belkin\F5D8053\v6\WifiSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9951 bytes

crunchie · 2010/02/21

Can you please do the following.

===============

Scan with HijackThis and then place a check next to all the following, if present:

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\system_check\system32.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)

Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked ".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\WINDOWS\system32\system_check

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log.

==

Please do an online scan with Kaspersky WebScanner

It's best to disable real time protection applications as they sometimes interfere with the scan.

Check this link for any applicable programs you may have (check under How to Temporarily Disable your Anti-virus).

Click on Accept If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.

Windows Vista users you must open the web browser using the Run as Administrator command - accessible from the right-click menu from the browser shortcut.

The program will launch and then begin downloading the latest definition files.

When completed, under Scan on the left side, click on My Computer.

This will start the scan of your system.

The scan will take a while so be patient and let it run.

Once the scan is complete it will display if your system has been infected.

Click Report on the left side.

Click the Save Report button, and in the Save dialog box, type a name for the scan report file that you want to create and select its type as Text file. Click OK to save the file.

Copy and paste that information in your next post.

Please post the Kaspersky results.

D3c14n17 · 2010/02/26

Ok I deleted system_check with out safe mode should I do another hyjack this scan like you say or should i just go to kaspersky scan.

Log in or Sign up

Inactive Open File Security Waring (c:WINDOWS/System32/system_check)

D3c14n17 Inactive Thread Starter

PeteC SuperGeek Staff

Admin. Administrator Administrator Staff

D3c14n17 Inactive Thread Starter

D3c14n17 Inactive Thread Starter

Admin. Administrator Administrator Staff

crunchie Inactive

D3c14n17 Inactive Thread Starter

D3c14n17 Inactive Thread Starter

D3c14n17 Inactive Thread Starter

D3c14n17 Inactive Thread Starter

crunchie Inactive

D3c14n17 Inactive Thread Starter

crunchie Inactive

D3c14n17 Inactive Thread Starter

crunchie Inactive

D3c14n17 Inactive Thread Starter

D3c14n17 Inactive Thread Starter

crunchie Inactive

D3c14n17 Inactive Thread Starter

Share This Page

Log in or Sign up

Inactive Open File Security Waring (c:WINDOWS/System32/system_check)

D3c14n17 Inactive Thread Starter

PeteC SuperGeek Staff

Admin. Administrator Administrator Staff

D3c14n17 Inactive Thread Starter

D3c14n17 Inactive Thread Starter

Admin. Administrator Administrator Staff

crunchie Inactive

D3c14n17 Inactive Thread Starter

D3c14n17 Inactive Thread Starter

D3c14n17 Inactive Thread Starter

D3c14n17 Inactive Thread Starter

crunchie Inactive

D3c14n17 Inactive Thread Starter

crunchie Inactive

D3c14n17 Inactive Thread Starter

crunchie Inactive

D3c14n17 Inactive Thread Starter

D3c14n17 Inactive Thread Starter

crunchie Inactive

D3c14n17 Inactive Thread Starter

Share This Page

Useful Searches