Solved Computer Freezes after 15 minutes of use!

Giovanna · 2009/05/11

[Resolved] Computer Freezes after 15 minutes of use!

Hi,
My name is Giovanna and I have recently been having problems with my computer. I think it might be a virus but I'm not sure. I have Trend Micro Pro 2009 and the other day it found 3 Trojans...Can't remember the names, I just deleted them. After that the computer has been freezes every 15 minutes or so. At first I thought maybe the computer was just "Thinking" so I'd try to leave it alone for 10 minutes or so, but I found that the computer freezes indefinately and the only way to fix it is by switching the computer off by the power switch. I have no idea what to do and was considering just reformatting the computer but I've done it once and it was an absolute nightmare to get everything back, drivers E.t.c. If anyone could help that would be good. I'm not sure what kind of information you need,so if anyone responds I will post it then. Thanx

Oh and also when the comp starts to slow down and just before it freezes in task manager it says Protoolbarcomm.exe 99% and then the comp dies

DDS:
DS (Ver_09-03-16.01) - NTFSx86
Run by GIOVANNA & ENRICO at 1:06:44.04 on Tue 05/12/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.68 [GMT 10:00]

AV: Trend Micro Internet Security Pro *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\WINDOWS\system32\kdfmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\GIOVANNA & ENRICO\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
BHO: CescrtHlpr Object: {8b396b36-809f-4ed8-aa8c-928754c6df9b} - c:\program files\zapu.com\zaputoolbar\1.0.27.0\escort.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Zapu Toolbar: {b4d0108a-eae4-4ef4-b6f9-f5a990f9ab0d} - c:\program files\zapu.com\zaputoolbar\1.0.27.0\escorTlbr.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [DSLSTATEXE] c:\program files\d-link\dsl-200\dslstat.exe icon
mRun: [DSLAGENTEXE] c:\program files\d-link\dsl-200\dslagent.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe "
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
StartupFolder: c:\docume~1\giovan~1\startm~1\programs\startup\roller~1.lnk - c:\documents and settings\giovanna & enrico\local settings\temp\{36f5453d-75c3-4b25-bb14-d7c9781d1a2f}\{907b4640-266b-4a21-92fb-cd1a86cd0f63}\ATR1.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://aol.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228997650593
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229382685234
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
TCP: {50EF653E-34A3-4B6C-B862-569170B9B3E3} = 203.12.160.35 203.12.160.36
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\trend micro\trendsecure\securityactivitydashboard\tmarsvc.exe [2009-3-30 181584]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-3-30 50192]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-3-30 497008]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-8-15 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-3-30 677128]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-8-15 335376]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2008-12-29 18432]
S3 ZMGHPAudioSrv;ZOOM G Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmghpau.sys [2008-8-11 91136]

=============== Created Last 30 ================

2009-05-10 17:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DivoGames
2009-05-10 17:19 <DIR> --d----- c:\windows\Be Rich
2009-05-10 17:19 <DIR> --d----- c:\program files\Be Rich
2009-05-05 00:03 <DIR> --d----- c:\windows\Virtual Families
2009-05-04 19:38 <DIR> --d----- c:\docume~1\giovan~1\applic~1\TikGames
2009-05-04 19:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TikGames
2009-05-04 19:37 <DIR> --d----- c:\windows\Wild Tribe
2009-05-04 00:15 <DIR> --d----- c:\docume~1\giovan~1\applic~1\Ubisoft
2009-05-04 00:14 <DIR> --d----- c:\windows\CSI - NY
2009-05-03 14:19 <DIR> --d----- c:\docume~1\giovan~1\applic~1\ShinyTales
2009-05-03 14:18 <DIR> --d----- c:\windows\Wonderburg
2009-05-01 18:42 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-05-01 18:40 <DIR> --d----- c:\windows\system32\LogFiles
2009-04-30 00:02 <DIR> --d----- c:\docume~1\giovan~1\applic~1\YoudaGames
2009-04-20 18:58 <DIR> --d----- c:\docume~1\giovan~1\applic~1\VTExtra
2009-04-20 18:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Microgaming
2009-04-20 18:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MGS
2009-04-20 18:12 <DIR> --d----- C:\MicroGaming
2009-04-15 16:21 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 16:21 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-15 16:21 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-15 16:21 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 16:21 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-15 16:21 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 16:21 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-15 16:21 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-15 16:21 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 16:20 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 16:20 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 16:20 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-14 11:07 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-04-14 11:06 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-04-14 06:55 <DIR> --d----- c:\windows\system32\scripting
2009-04-14 06:54 <DIR> --d----- c:\windows\l2schemas
2009-04-14 06:54 <DIR> --d----- c:\windows\system32\en
2009-04-14 05:40 <DIR> --d----- c:\windows\network diagnostic

==================== Find3M ====================

2009-05-12 00:12 192,512 a------- c:\windows\system32\kdfvmgr.exe
2009-05-12 00:12 77,824 a------- c:\windows\system32\kdfapi.dll
2009-05-12 00:12 387,288 a------- c:\windows\system32\kdfmgr.exe
2009-05-12 00:12 53,248 a------- c:\windows\system32\Kdfhok.dll
2009-05-04 10:35 2,794 a------- c:\docume~1\giovan~1\applic~1\wklnhst.dat
2009-04-14 07:55 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-03 09:08 50,192 a------- c:\windows\system32\drivers\tmactmon.sys
2009-04-03 09:08 50,192 a------- c:\windows\system32\drivers\tmevtmgr.sys
2009-04-03 09:08 153,104 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-21 09:04 475,872 a------- c:\windows\system32\kdfinj.dll
2009-03-19 18:54 2,892 a------- c:\windows\system32\audcon.sys
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-07 00:22 284,160 a------- c:\windows\system32\pdh.dll
2008-12-12 00:17 87,608 ac------ c:\docume~1\giovan~1\applic~1\inst.exe
2008-12-12 00:17 47,360 ac------ c:\docume~1\giovan~1\applic~1\pcouffin.sys

============= FINISH: 1:07:37.68 ===============

Attach Files:

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/10/2008 5:04:33 AM
System Uptime: 5/12/2009 12:09:57 AM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | Puffer
Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | CPU 1 | 3066/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 126.026 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP153: 3/21/2009 2:38:54 PM - System Checkpoint
RP154: 3/22/2009 4:35:42 AM - System Checkpoint
RP155: 3/23/2009 4:51:02 AM - System Checkpoint
RP156: 3/24/2009 5:19:57 AM - System Checkpoint
RP157: 3/25/2009 6:10:01 AM - System Checkpoint
RP158: 3/25/2009 3:21:13 PM - Restore Operation
RP159: 3/25/2009 3:24:50 PM - Restore Operation
RP160: 3/26/2009 5:21:48 AM - Uniblue RegistryBooster 2009
RP161: 3/26/2009 2:03:09 PM - Installed RegClean
RP162: 3/26/2009 2:09:49 PM - Removed RegClean
RP163: 3/26/2009 2:10:35 PM - Removed RegClean
RP164: 3/28/2009 6:33:09 PM - System Checkpoint
RP165: 3/28/2009 10:00:17 AM - System Checkpoint
RP166: 3/28/2009 2:44:45 PM - Installed SPYWAREfighter.
RP167: 3/29/2009 5:53:55 PM - System Checkpoint
RP168: 3/31/2009 8:57:20 AM - System Checkpoint
RP169: 3/29/2009 10:01:14 PM - System Checkpoint
RP170: 3/30/2009 10:14:31 AM - Installed Trend Micro Internet Security
RP171: 3/31/2009 3:00:22 AM - Software Distribution Service 3.0
RP172: 4/2/2009 4:27:44 PM - System Checkpoint
RP173: 4/1/2009 9:30:32 AM - System Checkpoint
RP174: 4/2/2009 10:01:47 AM - System Checkpoint
RP175: 4/3/2009 6:00:19 PM - System Checkpoint
RP176: 4/3/2009 8:54:15 AM - System Checkpoint
RP177: 4/4/2009 11:23:46 AM - System Checkpoint
RP178: 4/5/2009 12:09:53 PM - System Checkpoint
RP179: 4/11/2009 10:20:38 PM - System Checkpoint
RP180: 4/12/2009 4:13:28 AM - Restore Operation
RP181: 4/5/2009 9:07:38 PM - System Checkpoint
RP182: 4/6/2009 9:07:11 AM - Installed Java(TM) 6 Update 13
RP183: 4/7/2009 2:21:14 PM - System Checkpoint
RP184: 4/8/2009 3:11:36 PM - System Checkpoint
RP185: 4/9/2009 1:36:55 AM - Installed Windows Media Player 11
RP186: 4/10/2009 2:34:54 AM - System Checkpoint
RP187: 4/11/2009 3:04:17 AM - System Checkpoint
RP188: 4/11/2009 10:26:08 AM - Software Distribution Service 3.0
RP189: 4/11/2009 10:38:25 AM - Installed Windows Internet Explorer 8.
RP190: 4/12/2009 10:47:57 AM - System Checkpoint
RP191: 4/13/2009 11:38:45 AM - System Checkpoint
RP192: 4/14/2009 1:20:50 AM - Software Distribution Service 3.0
RP193: 4/14/2009 10:55:40 AM - Installed Windows XP KB957097.
RP194: 4/14/2009 11:44:38 AM - Software Distribution Service 3.0
RP195: 4/15/2009 11:54:09 AM - System Checkpoint
RP196: 4/15/2009 6:20:29 PM - Software Distribution Service 3.0
RP197: 4/16/2009 6:59:22 PM - System Checkpoint
RP198: 4/17/2009 8:04:29 PM - System Checkpoint
RP199: 4/18/2009 8:25:23 PM - System Checkpoint
RP200: 4/19/2009 11:11:06 PM - System Checkpoint
RP201: 4/20/2009 6:53:32 PM - Installed Go Casino
RP202: 4/21/2009 7:17:59 PM - System Checkpoint
RP203: 4/22/2009 8:49:50 PM - System Checkpoint
RP204: 4/23/2009 9:49:12 PM - System Checkpoint
RP205: 4/24/2009 11:13:39 PM - System Checkpoint
RP206: 4/26/2009 1:38:30 AM - System Checkpoint
RP207: 4/27/2009 2:05:21 AM - System Checkpoint
RP208: 4/28/2009 2:30:47 AM - System Checkpoint
RP209: 4/29/2009 2:37:28 AM - System Checkpoint
RP210: 4/30/2009 2:51:44 AM - System Checkpoint
RP211: 5/1/2009 5:15:03 AM - System Checkpoint
RP212: 5/1/2009 6:39:27 PM - Installed Windows Media Player 11
RP213: 5/1/2009 6:40:10 PM - Installed Windows XP Wudf01000.
RP214: 5/1/2009 6:43:00 PM - Installed Windows XP MSCompPackV1.
RP215: 5/2/2009 6:54:35 PM - System Checkpoint
RP216: 5/3/2009 3:00:16 AM - Software Distribution Service 3.0
RP217: 5/4/2009 3:54:37 AM - System Checkpoint
RP218: 5/5/2009 4:52:54 AM - System Checkpoint
RP219: 5/9/2009 2:07:46 PM - System Checkpoint
RP220: 5/20/2009 4:21:14 PM - Installed RollerCoaster Tycoon® 3
RP221: 5/20/2009 5:14:32 PM - Removed RollerCoaster Tycoon® 3
RP222: 5/6/2009 12:32:38 PM - System Checkpoint
RP223: 5/6/2009 8:56:02 AM - System Checkpoint
RP224: 5/8/2009 10:50:09 PM - System Checkpoint
RP225: 5/10/2009 1:37:22 AM - System Checkpoint
RP226: 5/13/2009 7:54:45 AM - System Checkpoint
RP227: 5/8/2009 7:03:13 PM - System Checkpoint
RP228: 5/13/2009 11:52:50 PM - System Checkpoint
RP229: 5/15/2009 11:38:18 AM - System Checkpoint
RP230: 5/10/2009 12:07:46 AM - System Checkpoint
RP231: 5/11/2009 1:57:22 AM - System Checkpoint

==== Installed Programs ======================

2600
2600_Help
2600Trb
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Adobe Shockwave Player
Agere Systems PCI Soft Modem
AiO_Scan
AiOSoftware
AnyDVD
Apple Mobile Device Support
Apple Software Update
Be Rich
BitTorrent
Bonjour
BufferChm
CloneDVD2
ConvertXtoDVD 3.3.0.96
Copy
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
D-Link DSL-200 ADSL Modem
Destinations
Director
DNA
DocProc
DocumentViewer
Fax
Fish Tycoon
Go Casino
Google Toolbar for Internet Explorer
Guitar Pro 5.0
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP LCD Monitor Driver Software 2.00
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Software Update
HPSystemDiagnostics
InfraRecorder
InstantShare
iPod for Windows 2006-03-23
iTunes
Java(TM) 6 Update 13
K-Lite Codec Pack 2.10 Basic
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB954430)
NVIDIA Drivers
PanoStandAlone
PhotoGallery
PowerDVD
ProductContext
QFolder
QuickTime
Readme
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Skateboard Park
SkinsHP1
Steinberg Cubase LE 4
Syncrosoft License Control
TrayApp
Trend Micro Internet Security Pro
Unload
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Virtual Villagers 3 - The Secret City Fixed
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Zapu toolbar powered by Ask.com
ZOOM G Series Audio Driver

==== Event Viewer Messages From Past Week ========

5/8/2009 7:41:26 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -169152 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|123.243.206.49:123->207.46.197.32:123) is working properly.
5/8/2009 6:28:10 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -169151 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|123.243.206.49:123->207.46.197.32:123) is working properly.

==== End Of File ===========================

broni · 2009/05/14

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

STEP 1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under Configuration and Preferences, click the Preferences button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* Back on the main screen, under Scan for Harmful Software click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under Complete Scan, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.
NOTE: Tracking cookies may be omitted from the log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4. Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackThis log.
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Giovanna · 2009/05/21

Thanx you your reply.Here's the first log you asked for.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/21/2009 at 07:58 PM

Application Version : 4.26.1002

Core Rules Database Version : 3904
Trace Rules Database Version: 1849

Scan type : Complete Scan
Total Scan Time : 01:29:12

Memory items scanned : 206
Memory threats detected : 0
Registry items scanned : 5027
Registry threats detected : 0
File items scanned : 63975
File threats detected : 31

Adware.Tracking Cookie
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@adbrite[2].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@zedo[2].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@ads.gamesbannernet[1].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@doubleclick[1].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@statcounter[1].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@videoegg.adbureau[1].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@stat.youku[1].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@ad.harrenmedianetwork[2].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@insightexpressai[2].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@ad.yieldmanager[1].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@ads.adap[2].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@partypoker[2].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@adserving.cpxinteractive[1].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@www.googleadservices[1].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@ads.infinisource[2].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@serving-sys[2].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@iacas.adbureau[2].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@sensismediasmart.com[1].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@lstat.youku[2].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@atdmt[1].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@tribalfusion[1].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@ads.widgetbucks[1].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@media.sensis.com[1].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@ad.zanox[1].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@bs.serving-sys[2].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@cgm.adbureau[2].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@statse.webtrendslive[2].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@stgeorge.122.2o7[1].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@imrworldwide[2].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@optus.112.2o7[1].txt
C:\Documents and Settings\GIOVANNA & ENRICO\Cookies\giovanna_&_enrico@adserver.easyad[1].txt

Giovanna · 2009/05/21

malwarebytes anti-malware log

Second Log requested.

Malwarebytes' Anti-Malware 1.36
Database version: 2162
Windows 5.1.2600 Service Pack 3

5/22/2009 1:24:47 AM
mbam-log-2009-05-22 (01-24-47).txt

Scan type: Full Scan (C:\|)
Objects scanned: 163048

Time elapsed: 44 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Giovanna · 2009/05/21

Third step:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-22 03:51:22
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT 82402BE0 ZwCreateKey
SSDT 824020E0 ZwCreateProcess
SSDT 824023A0 ZwCreateProcessEx
SSDT 82403A40 ZwCreateThread
SSDT 82403160 ZwDeleteKey
SSDT 82403420 ZwDeleteValueKey
SSDT 82403BE0 ZwLoadDriver
SSDT 82402660 ZwOpenProcess
SSDT 82402EA0 ZwSetValueKey
SSDT 82402920 ZwTerminateProcess
SSDT 824038A0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? system32\Drivers\neokdss.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 00BD9315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00CB4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 00DCE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 00DCDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 00DCDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 00DCDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 00DCDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 00DCE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 00DCDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3836] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 00BD9315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3836] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00CADBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3836] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 00CADD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3836] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00CB4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3836] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00C11CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3836] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 00DCE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3836] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 00DCDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3836] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 00DCDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3836] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 00DCDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3836] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 00DCDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3836] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 00DCE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3836] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 00DCDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3836] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00CB488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[3836] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [003E18FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

---- EOF - GMER 1.0.15 ----

Giovanna · 2009/05/21

Last log you asked for

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:09 AM, on 5/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\WINDOWS\system32\kdfmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\GIOVANNA & ENRICO\Local Settings\Temp\{581CA8B0-FD09-430B-BC6C-B492BA4BC45C}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://aol.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1228997650593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229382685234
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{50EF653E-34A3-4B6C-B862-569170B9B3E3}: NameServer = 203.12.160.35 203.12.160.36
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 11030 bytes

broni · 2009/05/21

All logs look perfectly clean, so you must have some other issues.
I strongly recommend, you uninstall Uniblue RegistryBooster 2009. Playing with registry brings no gain, and may end up with un-bootable computer.

Please re-post your issue at regular Windows section, and add a note, that your computer was declared malware free.

Giovanna · 2009/05/21

Thx for your help

But.. I have no idea what Uniblue RegistryBooster 2009 is and if its there I didnt knowingly put it there. how do I uninstall it?

broni · 2009/05/21

Start>Control Panel>Add\Remove
It should be listed there.

Giovanna · 2009/05/21

Its not in there. Not under uniblue and not even under registry booster.

broni · 2009/05/22

That's fine. It must be just registry leftover.

Disable TeaTimer, as it'll interfere with the cleaning process:
Right click Spybot's TeaTimer System Tray Icon.
Click Exit Spybot-S&D Resident.
TeaTimer closes.

Open HJT, and checkmark:
- O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
Click "Fix checked" button, and you're done.

BTW, Protoolbarcomm.exe is part of TrendSecure, so you may consider reinstalling TrendMicro Internet Security suite.

To double check, if that's the issue, try this:

Go Start>Run (Start Search in Vista), type in:
msconfig
Click OK (hit Enter in Vista).

Click on Startup tab.
Click Disable all

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Same problem?

Log in or Sign up

Solved Computer Freezes after 15 minutes of use!

Giovanna Inactive Thread Starter

broni Moderator Malware Analyst

Giovanna Inactive Thread Starter

Giovanna Inactive Thread Starter

Giovanna Inactive Thread Starter

Giovanna Inactive Thread Starter

broni Moderator Malware Analyst

Giovanna Inactive Thread Starter

broni Moderator Malware Analyst

Giovanna Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Computer Freezes after 15 minutes of use!

Giovanna Inactive Thread Starter

broni Moderator Malware Analyst

Giovanna Inactive Thread Starter

Giovanna Inactive Thread Starter

Giovanna Inactive Thread Starter

Giovanna Inactive Thread Starter

broni Moderator Malware Analyst

Giovanna Inactive Thread Starter

broni Moderator Malware Analyst

Giovanna Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches