Esore

Members
  • Content Count

    6
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Esore

  • Rank
    Newbie
  1. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:04:32 PM, on 8/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\LTMSG.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\iTunes\iTunesHelper.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hphmon05.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HJThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-ca10.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-ca10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca10.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [sunkist2k] "C:\Program Files\Multimedia Card Reader\shwicon2k.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD05] "c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM') O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214518403609 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 13159 bytes Note: My computer now is having a tendency to "lock up" and forces me to shut down and restart by using the power button and is being a bit slower. EDIT: It has gotten worse and now freezes within 10 minutes or so when i boot it regularly and again forces me to shutdown using the power button on my PC but it works great in safe mode.
  2. Malwarebytes log Malwarebytes' Anti-Malware 1.40 Database version: 2564 Windows 5.1.2600 Service Pack 3 8/5/2009 2:37:47 PM mbam-log-2009-08-05 (14-37-47).txt Scan type: Quick Scan Objects scanned: 129510 Time elapsed: 11 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 2 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\NetPumper (Adware.NetPumper) -> Quarantined and deleted successfully. C:\Program Files\NetPumper\ZM (Adware.NetPumper) -> Quarantined and deleted successfully. Files Infected: (No malicious items detected) Nothing was detected in kaspersky, but heres the log just in case -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Wednesday, August 5, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Wednesday, August 05, 2009 20:45:39 Records in database: 2583659 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ L:\ M:\ N:\ O:\ Scan statistics: Files scanned: 282209 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 00:09:39 No malware has been detected. The scan area is clean. The selected area was scanned.
  3. While it was running, a window with this message popped up, I don't know how relevant it is but I thought I'd post it anyways. "Rootkit!! Combofix has detected the presence of rootkit activity and needs to reboot the machine. Kindly note down on paper, the name of each file. We may need it later." I'll BOLD the 3 files which were mentioned in the log. ComboFix 09-08-04.02 - Owner 08/04/2009 20:08.1.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.598 [GMT -4:00] Running from: c:\documents and settings\Owner.LISASRD.000\Desktop\Combo-Fix.exe AV: BitDefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Owner.LISASRD.000\Application Data\inst.exe c:\program files\Common Files\mantec~1 c:\program files\outlook c:\program files\video activex object c:\program files\video activex object\ot.ico c:\program files\video activex object\Thumbs.db c:\program files\video activex object\ts.ico c:\recycler\S-1-5-21-3549890506-1931367347-539747161-1007 c:\windows\a3kebook.ini c:\windows\akebook.ini c:\windows\ANS2000.INI c:\windows\BM4794470a.txt c:\windows\BM4794470a.xml c:\windows\cookies.ini c:\windows\Installer\11d152.msi c:\windows\Installer\127a9629.msi c:\windows\Installer\140d713.msi c:\windows\Installer\1423a7e.msi c:\windows\Installer\14c08.msi c:\windows\Installer\159e31.msi c:\windows\Installer\160bb0.msi c:\windows\Installer\160bb1.msp c:\windows\Installer\160bb2.msp c:\windows\Installer\160bb3.msp c:\windows\Installer\160bb4.msp c:\windows\Installer\160bb5.msp c:\windows\Installer\160bb6.msp c:\windows\Installer\160bb7.msp c:\windows\Installer\160bb8.msp c:\windows\Installer\160bb9.msp c:\windows\Installer\16a9f.msi c:\windows\Installer\174659.msi c:\windows\Installer\174671.msi c:\windows\Installer\174677.msi c:\windows\Installer\174b53.msi c:\windows\Installer\1e106.msi c:\windows\Installer\21f306.msi c:\windows\Installer\222eff3.msi c:\windows\Installer\292b03.msi c:\windows\Installer\2947e53.msi c:\windows\Installer\2ecc7f.msi c:\windows\Installer\2eccc6.msp c:\windows\Installer\2ecd26.msp c:\windows\Installer\2ecd2d.msi c:\windows\Installer\2f8d49a.msi c:\windows\Installer\3a925.msi c:\windows\Installer\3d176c.msi c:\windows\Installer\4d78cb.msi c:\windows\Installer\55c36.msi c:\windows\Installer\5b1a87.msi c:\windows\Installer\5fa5cd.msi c:\windows\Installer\66ca8.msi c:\windows\Installer\66d2b.msi c:\windows\Installer\66fd4.msi c:\windows\Installer\670f2.msi c:\windows\Installer\677c61.msi c:\windows\Installer\677c67.msi c:\windows\Installer\6bbe8.msi c:\windows\Installer\73ada.msi c:\windows\Installer\73af6.msi c:\windows\Installer\7cdfab.msi c:\windows\Installer\7cdfb3.msi c:\windows\Installer\8fb52.msi c:\windows\Installer\8fb67.msi c:\windows\Installer\a526c8.msi c:\windows\Installer\ab175.msi c:\windows\Installer\bb65d.msi c:\windows\Installer\c849a.msi c:\windows\Installer\ca660.msi c:\windows\Installer\ca66a.msi c:\windows\Installer\ca674.msi c:\windows\Installer\d990eb.msi c:\windows\Installer\d99115.msi c:\windows\Installer\d99139.msi c:\windows\Installer\e80223.msi c:\windows\Installer\e8730.msi c:\windows\Installer\e8741.msi c:\windows\Installer\WMEncoder.msi c:\windows\pskt.ini c:\windows\sks~1 c:\windows\system32\1134Vwds.exe.a_a c:\windows\system32\drivers\ESQULmlidwqbmudpjoehbabwrubqhlxwndruj.sys c:\windows\system32\ESQULlxbownsrrfwugrvimxinfeycfrxfrqpx.dll c:\windows\system32\ESQULsqqoqhyxrrovvwqndyimiompjeypshxq.dll c:\windows\system32\ESQULzcounter c:\windows\system32\ubm7a7wY.exe.a_a c:\windows\wnsxs~1 c:\recycler\S-1-5-21-3549890506-1931367347-539747161-1003 . . . . failed to delete . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ESQULserv.sys -------\Service_ESQULserv.sys ((((((((((((((((((((((((( Files Created from 2009-07-05 to 2009-08-05 ))))))))))))))))))))))))))))))) . 2009-08-04 16:48 . 2009-08-04 16:48 -------- d-----w- c:\program files\Trend Micro 2009-08-04 16:47 . 2009-08-04 16:47 -------- d-----w- c:\program files\ERUNT 2009-07-29 17:18 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-07-29 16:50 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-07-29 16:49 . 2009-07-29 16:49 -------- dc-h--w- c:\docume~1\ALLUSE~1\APPLIC~1\{EF63305C-BAD7-4144-9208-D65528260864} 2009-07-29 16:49 . 2009-07-29 16:49 -------- d-----w- c:\program files\Lavasoft 2009-07-28 14:34 . 2009-07-28 14:34 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\NOS 2009-07-28 14:34 . 2009-07-28 14:34 -------- d-----w- c:\program files\NOS 2009-07-28 14:34 . 2009-07-14 18:37 32456 ----a-w- c:\documents and settings\Owner.LISASRD.000\Application Data\Mozilla\Firefox\Profiles\k7fh8hvc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll 2009-07-28 14:34 . 2009-07-14 18:37 22848 ----a-w- c:\documents and settings\Owner.LISASRD.000\Application Data\Mozilla\Firefox\Profiles\k7fh8hvc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe 2009-07-28 14:34 . 2009-07-14 18:37 18776 ----a-w- c:\documents and settings\Owner.LISASRD.000\Application Data\Mozilla\Firefox\Profiles\k7fh8hvc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe 2009-07-28 14:30 . 2009-07-28 14:30 -------- d-----w- c:\documents and settings\Owner.LISASRD.000\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2009-07-28 14:30 . 2008-05-29 06:03 37176 ----a-w- c:\documents and settings\Owner.LISASRD.000\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-07-26 01:39 . 2009-08-05 00:36 81984 ----a-w- c:\windows\system32\bdod.bin 2009-07-26 01:30 . 2009-07-26 01:30 -------- d-----w- c:\documents and settings\Owner.LISASRD.000\Application Data\BitDefender 2009-07-26 01:30 . 2009-07-26 01:30 -------- d-----w- C:\Binaries 2009-07-26 01:29 . 2009-07-26 03:20 -------- d-----w- c:\program files\BitDefender 2009-07-26 00:27 . 2009-07-26 00:30 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\BitDefender 2009-07-24 23:50 . 2009-07-24 23:50 -------- d-----w- c:\windows\system32\logs 2009-07-24 23:47 . 2009-07-26 01:30 -------- d-----w- c:\program files\Common Files\BitDefender 2009-07-24 19:50 . 2009-07-24 19:50 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Sunbelt 2009-07-24 18:23 . 2009-07-24 19:14 -------- d-----w- c:\documents and settings\Owner.LISASRD.000\Application Data\Auslogics 2009-07-24 18:22 . 2009-07-24 18:23 -------- d-----w- c:\program files\Auslogics 2009-07-24 18:13 . 2009-07-24 18:13 -------- d-----w- c:\documents and settings\LocalService\Application Data\Webroot 2009-07-24 18:13 . 2008-01-05 00:34 23920 ----a-w- c:\windows\system32\drivers\sskbfd.sys 2009-07-24 18:13 . 2008-01-05 00:34 21872 ----a-w- c:\windows\system32\drivers\sshrmd.sys 2009-07-24 18:13 . 2008-01-05 00:34 20336 ----a-w- c:\windows\system32\drivers\SSFS0BB9.sys 2009-07-24 18:13 . 2008-01-05 00:34 163696 ----a-w- c:\windows\system32\drivers\ssidrv.sys 2009-07-24 18:12 . 2009-07-24 18:12 -------- d-----w- c:\program files\Webroot 2009-07-24 18:12 . 2009-07-24 18:12 -------- d-----w- c:\documents and settings\Owner.LISASRD.000\Application Data\Webroot 2009-07-24 18:12 . 2009-07-24 18:12 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Webroot 2009-07-24 18:12 . 2008-01-05 00:56 1526640 ----a-w- c:\windows\WRSetup.dll 2009-07-24 01:57 . 2009-07-24 01:57 41872 ----a-w- c:\windows\system32\xfcodec.dll 2009-07-23 22:34 . 2009-07-24 16:04 4212 ---h--w- c:\windows\system32\zllictbl.dat 2009-07-20 18:35 . 2009-07-20 18:35 -------- d-----w- c:\program files\Nero 2009-07-20 18:34 . 2009-07-20 18:35 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Nero 2009-07-20 18:34 . 2009-07-20 18:37 -------- d-----w- c:\program files\Common Files\Nero 2009-07-20 17:47 . 2009-07-21 17:12 47360 ----a-w- c:\documents and settings\Owner.LISASRD.000\Application Data\pcouffin.sys 2009-07-20 17:47 . 2009-07-20 17:47 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2009-07-20 17:47 . 2009-07-21 17:12 -------- d-----w- c:\documents and settings\Owner.LISASRD.000\Application Data\Vso 2009-07-08 02:53 . 2009-07-08 02:53 45056 ----a-r- c:\documents and settings\Owner.LISASRD.000\Application Data\Microsoft\Installer\{193428D8-940D-4351-88F6-0AFA7D1E3CB8}\MapleStory.exe1_193428D8940D435188F60AFA7D1E3CB8.exe 2009-07-08 02:53 . 2009-07-08 02:53 45056 ----a-r- c:\documents and settings\Owner.LISASRD.000\Application Data\Microsoft\Installer\{193428D8-940D-4351-88F6-0AFA7D1E3CB8}\MapleStory.exe_193428D8940D435188F60AFA7D1E3CB8.exe 2009-07-08 02:53 . 2009-07-08 02:53 10134 ----a-r- c:\documents and settings\Owner.LISASRD.000\Application Data\Microsoft\Installer\{193428D8-940D-4351-88F6-0AFA7D1E3CB8}\ARPPRODUCTICON.exe 2009-07-08 02:41 . 2009-07-08 02:41 -------- d-----w- C:\Nexon 2009-07-08 01:16 . 2009-07-08 06:22 -------- d-----w- c:\documents and settings\Owner.LISASRD.000\Local Settings\Application Data\PMB Files 2009-07-08 01:16 . 2009-07-08 01:18 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PMB Files . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-05 00:37 . 2009-03-19 22:02 -------- d-----w- c:\documents and settings\Owner.LISASRD.000\Application Data\WTablet 2009-08-04 06:37 . 2009-01-02 17:12 -------- d-----w- c:\documents and settings\Owner.LISASRD.000\Application Data\Xfire 2009-08-03 18:31 . 2006-08-07 16:51 -------- d-s---w- c:\program files\Xfire 2009-08-02 17:45 . 2009-03-01 06:10 -------- d-----w- c:\documents and settings\Owner.LISASRD.000\Application Data\uTorrent 2009-07-30 01:23 . 2008-07-02 00:22 139904 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-07-30 01:23 . 2008-07-02 00:22 189744 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-07-29 16:50 . 2007-06-11 01:37 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft 2009-07-24 19:45 . 2006-03-11 00:45 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2009-07-22 01:07 . 2009-06-22 01:39 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\FLEXnet 2009-07-21 19:57 . 2008-06-28 14:48 133704 -c--a-w- c:\documents and settings\Owner.LISASRD.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-21 18:58 . 2006-09-07 21:58 -------- d-----w- c:\program files\VirtualDJ 2009-07-15 19:47 . 2009-07-02 04:28 139152 ----a-w- c:\documents and settings\Owner.LISASRD.000\Application Data\PnkBstrK.sys 2009-07-15 19:47 . 2009-07-02 04:28 139152 ----a-w- c:\documents and settings\Owner.LISASRD.000\Application Data\PnkBstrK.sys 2009-07-15 07:12 . 2009-06-10 02:25 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help 2009-07-10 14:37 . 2006-08-20 00:29 -------- d-----w- c:\program files\VideoLAN 2009-07-02 04:28 . 2009-07-02 04:28 794408 ----a-w- c:\windows\system32\pbsvc.exe 2009-07-02 04:28 . 2008-07-02 00:21 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-07-01 01:14 . 2009-07-01 01:14 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\ALM 2009-07-01 01:11 . 2005-02-15 23:27 -------- d-----w- c:\program files\Common Files\Adobe 2009-06-29 18:45 . 2009-06-29 18:45 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Last.fm 2009-06-29 18:44 . 2009-06-29 18:44 -------- d-----w- c:\program files\Last.fm 2009-06-25 13:48 . 2009-06-25 13:48 -------- d-----w- c:\program files\Realtek AC97 2009-06-25 13:27 . 2006-12-08 23:35 -------- d-----w- c:\program files\DAEMON Tools 2009-06-21 17:15 . 2009-06-21 17:15 -------- d-----w- c:\program files\Adobe Media Player 2009-06-21 17:10 . 2009-06-21 17:10 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-06-21 16:56 . 2009-06-21 16:56 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-06-21 15:34 . 2009-06-21 15:34 -------- d-----w- c:\program files\7-Zip 2009-06-21 15:19 . 2009-06-21 15:19 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\DAEMON Tools Lite 2009-06-21 15:19 . 2009-06-21 15:19 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2009-06-21 15:12 . 2009-06-21 15:11 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-06-21 15:10 . 2009-06-21 15:10 -------- d-----w- c:\documents and settings\Owner.LISASRD.000\Application Data\DAEMON Tools Lite 2009-06-20 18:25 . 2007-11-11 03:56 -------- d-----w- c:\program files\Continuum 2009-06-20 17:38 . 2009-06-20 17:38 -------- d-----w- c:\program files\Common Files\Gibinsoft Shared 2009-06-20 17:38 . 2009-06-20 17:38 -------- d-----w- c:\program files\[email protected] 2009-06-16 14:36 . 2004-02-12 20:45 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2004-02-12 20:23 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-10 02:37 . 2004-01-21 03:38 -------- d-----w- c:\program files\Microsoft Works 2009-06-10 02:33 . 2009-06-10 02:33 -------- d-----w- c:\program files\Microsoft.NET 2009-06-10 02:31 . 2004-01-21 03:41 -------- d-----w- c:\program files\Microsoft ActiveSync 2009-06-09 02:20 . 2007-12-31 01:44 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory 2009-06-06 14:54 . 2008-06-28 18:04 -------- d-----w- c:\documents and settings\Owner.LISASRD.000\Application Data\Apple Computer 2009-06-03 19:09 . 2003-05-31 00:00 1291264 ----a-w- c:\windows\system32\quartz.dll 2009-05-29 17:36 . 2009-03-17 22:52 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-05-29 17:36 . 2008-06-28 18:00 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-05-29 15:49 . 2009-05-29 15:49 152576 -c--a-w- c:\documents and settings\Owner.LISASRD.000\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-05-23 05:05 . 2004-01-21 01:15 80795 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2009-05-07 15:32 . 2004-02-12 20:45 345600 ----a-w- c:\windows\system32\localspl.dll 2009-07-15 20:30 . 2009-07-23 06:14 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll 2009-03-05 22:08 . 2009-07-26 01:35 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 135168] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-04 221184] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736] "HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152] "HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328] "HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-26 188416] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216] "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-08 778240] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536] "LTMSG"="LTMSG.exe" - c:\windows\ltmsg.exe [2003-07-15 40960] "AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344] c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ AutoTBar.exe [2003-11-14 32768] c:\documents and settings\Default User\Start Menu\Programs\Startup\ AutoTBar.exe [2003-11-14 32768] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Qtracker\\qtracker.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9521:TCP"= 9521:TCP:BitComet 9521 TCP "9521:UDP"= 9521:UDP:BitComet 9521 UDP "5353:TCP"= 5353:TCP:Adobe CSI CS4 "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server "57647:TCP"= 57647:TCP:Pando Media Booster "57647:UDP"= 57647:UDP:Pando Media Booster R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/29/2009 12:50 PM 64160] R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [10/6/2008 6:16 PM 82696] R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [3/19/2009 6:04 PM 2749736] R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [9/18/2008 12:09 PM 111112] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2/12/2009 4:52 PM 104328] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016] S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [1/20/2009 7:16 PM 172032] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [7/28/2009 10:34 AM 66056] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456] S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?] S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [3/19/2009 6:04 PM 15656] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . - - - - ORPHANS REMOVED - - - - HKLM-Run-WinsysMon - c:\windows\system32\Socks.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://ca10.hpwis.com/ uDefault_Search_URL = hxxp://srch-ca10.hpwis.com/ mStart Page = hxxp://ca10.hpwis.com/ mSearch Bar = hxxp://srch-ca10.hpwis.com/ uInternet Settings,ProxyOverride = *.local IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 LSP: SpSubLSP.dll FF - ProfilePath - c:\docume~1\OWNERL~1.000\APPLIC~1\Mozilla\Firefox\Profiles\k7fh8hvc.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll FF - plugin: c:\documents and settings\Owner.LISASRD.000\Application Data\Mozilla\Firefox\Profiles\k7fh8hvc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-04 20:38 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1020) c:\windows\system32\WRLogonNTF.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll - - - - - - - > 'lsass.exe'(1076) c:\windows\system32\SpSubLSP.dll - - - - - - - > 'explorer.exe'(8056) c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe c:\program files\BitDefender\BitDefender 2009\vsserv.exe c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\program files\BitDefender\BitDefender 2009\seccenter.exe c:\windows\system32\PnkBstrB.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\WTablet\Pen_TabletUser.exe c:\program files\Webroot\Spy Sweeper\SpySweeper.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Completion time: 2009-08-05 20:58 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-05 00:58 Pre-Run: 20,680,888,320 bytes free Post-Run: 25,733,128,192 bytes free 412 --- E O F --- 2009-07-15 07:12 Sorry for the late reply.
  4. Hello, My computer is having multiple problems, I'll list them in numerical order so it'll be easier to understand and read. 1. When I'm on Google and I search something up, I'll click a link (usually the first one that comes up) it redirects me using different ips to a different website. (randomly) It happens about 90% of the times and I do make sure that the google I'm visiting is authentic. Ip 117.scrobble.com 67.29.139.253 75.102.7.226 Browser Mozilla Firefox 3.5.1 2. Vimax ads are always in all advertising spots no matter what website(s) I visit. 3. When running virus/spyware/malware/adware scans it would hit a certain point and restart my computer automatically. It has quite annoying and only happens when I do a "full system" scan. Anti-spy/virus/malware/adware I'm using Bit Defender Total Security 2009 Webroot Spy Sweeper Lavasoft Ad-aware Free/Anniversary addition Auslogics Boostspeed HijackThis Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:03:14 PM, on 8/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\LTMSG.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hphmon05.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Xfire\Xfire.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Trend Micro\HijackThis\HJThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-ca10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-ca10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-ca10.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-ca10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-ca10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-ca10.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca10.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [sunkist2k] "C:\Program Files\Multimedia Card Reader\shwicon2k.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD05] "c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WinsysMon] C:\WINDOWS\system32\Socks.exe O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM') O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214518403609 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F2D8797C-DC86-411D-8A33-80C3B6FE462E}: NameServer = 85.255.112.201,85.255.112.144 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.201,85.255.112.144 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.201,85.255.112.144 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 14051 bytes Thank you
  5. hello, My computer has multiple problems right now, but in order to fix them I need to be able to post a hijackthis log. The problem is that I've downloaded hijackthis and it is not opening. I've deleted and re-downloaded it multiple times but it is still not opening. Any help would be appreciated. Windows Version: XP Home; Service Pack 3 Computer Specifications; Hp pavilion a520n 3200+(2.20-GHz) AMD athlon XP Processor 960mb PC2700 DDR SDRAM memory 160 GB 7200RPM Ultra DMA Hard drive Thank you