+ Reply to Thread
Page 1 of 3 1 2 3 LastLast
Results 1 to 10 of 27
  1. #1
    Member
    Join Date
    Dec 2008
    Location
    Montreal, Canada
    Posts
    15
    Points
    0

    Default I cannot install any Antivirus software!

    Checked

    Hi...I had AVG 8.0 free edition running on my computer for some time now and for some reason it just started acting very weird...(crashing etc...) I tried to install another antivirus software but it would stop somewhere into the installation...i tried others and same problem!!


    Please help me!

    Thank You!


    Anywhere heres my HJT log...hope it helps



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:40:43 AM, on 12/4/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\mmc.exe
    C:\WINDOWS\system32\mspaint.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Seekeen\seekeen.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Seekeen\seekeen.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\RelevantKnowledge\rlvknlg.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Seekeen\seekeen.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Breaking News Headlines. MyFreeze News. Get up to Date!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1036
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn3\yt.dll
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
    O2 - BHO: Smart-Shopper - {4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
    O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
    O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn3\yt.dll
    O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll (file missing)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [RelevantKnowledge] C:\Program Files\RelevantKnowledge\rlvknlg.exe -boot
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-21-1037202297-1914450345-1709162666-1012\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Martine')
    O4 - HKUS\S-1-5-21-1037202297-1914450345-1709162666-1012\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h (User 'Martine')
    O4 - HKUS\S-1-5-21-1037202297-1914450345-1709162666-1012\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'Martine')
    O4 - HKUS\S-1-5-21-1037202297-1914450345-1709162666-1012\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Martine')
    O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
    O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZJfox000
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?a0defbd52c6c47f7908743d1907d8640
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?a0defbd52c6c47f7908743d1907d8640
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
    O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Martine.ROBERT\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/...sb_regular.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1113582214890
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
    O18 - Filter hijack: text/html - (no CLSID) - (no file)
    O20 - Winlogon Notify: RelevantKnowledge - C:\Program Files\RelevantKnowledge\rlls.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\windows\system32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Distributed - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\ServerNet.exe
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Print Spooler Service (meqeesyecn) - Unknown owner - C:\WINDOWS\system32\pymmliie.exe (file missing)
    O23 - Service: Seekeen Service - Seekeen.com - C:\Program Files\Seekeen\seekeen.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 14511 bytes
    Last edited by Canuck; 12-06-2008 at 11:36 AM.

  2. #2
    Moderator Forum Moderator evilfantasy's Avatar
    Join Date
    Jan 2008
    Location
    Tulsa, OK
    Posts
    4,500
    Points
    627

    Default

    Hello Martine.

    You certainly have a whole lot going in here, and not in a good way

    Before you begin the SDFix instructions you should copy these instructions in a Notepad file and save them to your desktop or print them for easy reference. Much of SDFix will be done in Safe mode and you will be unable to access this web page after booting into Safe mode.

    Download SDFix by AndyManchesta and save it to your desktop.

    When using this tool, you must use the Administrator's account or an account with Administrative rights

    • Double click SDFix.exe and it will extract the files to %systemdrive%
    • (this is the drive that contains the Windows Directory, typically C:\SDFix).
    • DO NOT use it just yet.

    Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

    Open the SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
    • Copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log (from normal boot mode).
    .


    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you, Please Donate to the Forum

  3. #3
    Member
    Join Date
    Dec 2008
    Location
    Montreal, Canada
    Posts
    15
    Points
    0

    Default

    ok so i did everything you told me and heres the report and following that my new HJT log....(hope its good!)


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*isabled:LimeWire swarmed installer"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*isabled:LimeWire"
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*isabled:Internet Explorer"
    "C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe:*:Enabled:RealPlayer"
    "C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"="C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE:*:Enabled:Firefox"
    "C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*isabled:Opera Internet Browser"
    "C:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"="C:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe:*:Enabled:PlayOnline Viewer"
    "C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
    "C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"="C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe:*:Enabled:Nero MediaHome"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*isabled:Ares p2p for windows"
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*isabled:Veoh Client"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Documents and Settings\\P‚ralte\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"="C:\\Documents and Settings\\P‚ralte\\Application Data\\Macromedia\\Flash Player\\http://www.macromedia.com\\bin\\octo...bled:Octoshape add-in for Adobe Flash Player"
    "C:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"="C:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe:*:Enabled:Media Manager for PSP 3.0"
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Documents and Settings\\P‚ralte\\Local Settings\\Temp\\~os2.tmp\\ossproxy.exe"="C:\\Documents and Settings\\P‚ralte\\Local Settings\\Temp\\~os2.tmp\\ossproxy.exe:*:Enabledssproxy.exe"
    "c:\\program files\\relevantknowledge\\rlvknlg.exe"="c:\\program files\\relevantknowledge\\rlvknlg.exe:*:Enabled:rlvknlg.exe"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Sun 16 Sep 2007 613,888 ...HR --- "C:\ServerNet.exe"
    Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
    Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
    Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
    Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Sun 16 Sep 2007 613,888 ..SH. --- "C:\windows\system32\_ServerNet.exe"
    Tue 13 Jun 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\drm\DRMv1.bak"
    Mon 21 Apr 2008 228 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti1.tmp"
    Tue 13 Sep 2005 1,847,296 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\LAUNCHER.EXE"
    Sat 25 Jun 2005 62,464 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\MNYINSTA.DLL"
    Fri 22 Apr 2005 95,232 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\RMVSUITE.EXE"
    Thu 18 Aug 2005 36,864 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\SETUPLNG.DLL"
    Wed 5 Jan 2005 20,480 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\UNREGWTR.EXE"
    Wed 21 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\drm\Cache\Indiv02.tmp"
    Sun 16 Sep 2007 613,888 ..SH. --- "C:\Program Files\Common Files\Microsoft Shared\MSInfo\ServerNet.exe"
    Fri 5 Sep 2003 1,176,917 ...H. --- "C:\Program Files\Simple Star\My Mix\data\My Mix.exe"

    Finished!









    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:04:18 AM, on 12/7/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\mmc.exe
    C:\WINDOWS\system32\mspaint.exe
    C:\Program Files\RelevantKnowledge\rlvknlg.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Seekeen\seekeen.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Seekeen\seekeen.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1036
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn3\yt.dll
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
    O2 - BHO: Smart-Shopper - {4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
    O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn3\yt.dll
    O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [RelevantKnowledge] C:\Program Files\RelevantKnowledge\rlvknlg.exe -boot
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
    O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
    O8 - Extra context menu item: &Search - ?p=ZJfox000
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?a0defbd52c6c47f7908743d1907d8640
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?a0defbd52c6c47f7908743d1907d8640
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
    O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Martine.ROBERT\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://download.windowsupdate.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1113582214890
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
    O18 - Filter hijack: text/html - (no CLSID) - (no file)
    O20 - Winlogon Notify: RelevantKnowledge - C:\Program Files\RelevantKnowledge\rlls.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\windows\system32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Distributed - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\ServerNet.exe
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Seekeen Service - Unknown owner - C:\Program Files\Seekeen\seekeen.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 13605 bytes

  4. #4
    Moderator Forum Moderator evilfantasy's Avatar
    Join Date
    Jan 2008
    Location
    Tulsa, OK
    Posts
    4,500
    Points
    627

    Default

    Can you please re-post the SDFix log. The top of it is cut off.
    .


    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you, Please Donate to the Forum

  5. #5
    Member
    Join Date
    Dec 2008
    Location
    Montreal, Canada
    Posts
    15
    Points
    0

    Default

    oops sorry about that heres the report






    SDFix: Version 1.240
    Run by Administrator on Sun 12/07/2008 at 04:47 AM

    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\autorun.inf - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-07 04:58:45
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*isabled:LimeWire swarmed installer"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*isabled:LimeWire"
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*isabled:Internet Explorer"
    "C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe:*:Enabled:RealPlayer"
    "C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"="C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE:*:Enabled:Firefox"
    "C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*isabled:Opera Internet Browser"
    "C:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"="C:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe:*:Enabled:PlayOnline Viewer"
    "C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
    "C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"="C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe:*:Enabled:Nero MediaHome"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*isabled:Ares p2p for windows"
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*isabled:Veoh Client"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Documents and Settings\\P‚ralte\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"="C:\\Documents and Settings\\P‚ralte\\Application Data\\Macromedia\\Flash Player\\http://www.macromedia.com\\bin\\octo...bled:Octoshape add-in for Adobe Flash Player"
    "C:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"="C:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe:*:Enabled:Media Manager for PSP 3.0"
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Documents and Settings\\P‚ralte\\Local Settings\\Temp\\~os2.tmp\\ossproxy.exe"="C:\\Documents and Settings\\P‚ralte\\Local Settings\\Temp\\~os2.tmp\\ossproxy.exe:*:Enabledssproxy.exe"
    "c:\\program files\\relevantknowledge\\rlvknlg.exe"="c:\\program files\\relevantknowledge\\rlvknlg.exe:*:Enabled:rlvknlg.exe"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Sun 16 Sep 2007 613,888 ...HR --- "C:\ServerNet.exe"
    Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
    Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
    Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
    Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Sun 16 Sep 2007 613,888 ..SH. --- "C:\windows\system32\_ServerNet.exe"
    Tue 13 Jun 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\drm\DRMv1.bak"
    Mon 21 Apr 2008 228 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti1.tmp"
    Tue 13 Sep 2005 1,847,296 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\LAUNCHER.EXE"
    Sat 25 Jun 2005 62,464 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\MNYINSTA.DLL"
    Fri 22 Apr 2005 95,232 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\RMVSUITE.EXE"
    Thu 18 Aug 2005 36,864 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\SETUPLNG.DLL"
    Wed 5 Jan 2005 20,480 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\UNREGWTR.EXE"
    Wed 21 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\drm\Cache\Indiv02.tmp"
    Sun 16 Sep 2007 613,888 ..SH. --- "C:\Program Files\Common Files\Microsoft Shared\MSInfo\ServerNet.exe"
    Fri 5 Sep 2003 1,176,917 ...H. --- "C:\Program Files\Simple Star\My Mix\data\My Mix.exe"

    Finished!

  6. #6
    Moderator Forum Moderator evilfantasy's Avatar
    Join Date
    Jan 2008
    Location
    Tulsa, OK
    Posts
    4,500
    Points
    627

    Default

    Create An Uninstall List
    • Start HijackThis
    • Click on the Open the Misc Tools section
    • Click on the Open Uninstall Manager button.
    • Click on the Save list button and specify where you would like to save this file and click Save.
      • When you press Save button a notepad will open with the contents of that file.
    • Copy and paste that list in your reply.
    .


    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you, Please Donate to the Forum

  7. #7
    Member
    Join Date
    Dec 2008
    Location
    Montreal, Canada
    Posts
    15
    Points
    0

    Default

    ok here it goes!





    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player ActiveX
    Adobe Reader 8.1.2
    Adobe Shockwave Player
    Apple Software Update
    Assistant Internet
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Control Panel
    ATI Display Driver
    ATI HYDRAVISION
    Bonjour
    DAO
    DivX Codec
    DivX Content Uploader
    DivX Converter
    DivX Player
    DivX Web Player
    Efficient Networks SpeedStream DSL
    FLV Player
    FLV Player 2.0 (build 25)
    Freecorder Toolbar 3.0 Application
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    High Definition Audio Driver Package - KB835221
    Highlight Viewer (Windows Live Toolbar)
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    HijackThis 2.0.2
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB952287)
    Intel Application Accelerator RAID Edition
    Intel Processor Frequency ID Utility
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Adapters and Drivers
    InterActual Player
    InterVideo WinDVD 4
    iTunes
    J2SE Runtime Environment 5.0 Update 3
    Java 2 Runtime Environment, SE v1.4.2_01
    Java 2 Runtime Environment, SE v1.4.2_06
    Java(TM) 6 Update 3
    Java(TM) 6 Update 7
    Khi3 - Universal Scientific Calculator
    LimeWire 4.18.8
    Map Button (Windows Live Toolbar)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Digital Image Standard 2006
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Location Finder
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Standard 2007
    Microsoft Office Standard 2007 Trial
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Tool Web Package:WntIpcfg.exe
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Windows Journal Viewer
    Microsoft Works
    Microsoft Works Suite 2006 Setup Launcher
    Mozilla Firefox (3.0.4)
    MSXML 4.0 SP2 (KB936181)
    Nero Suite
    Norton Security Scan
    Opera 9.0
    ParetoLogic Data Recovery
    PlayStation(R)Network Downloader
    PlayStation(R)Store
    Popup Blocker (Windows Live Toolbar)
    QuickTime
    RealPlayer
    Realtek AC'97 Audio
    Realtek High Definition Audio Driver
    RelevantKnowledge
    Replay Media Catcher
    Rhapsody Player Engine
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for 2007 Microsoft Office System (KB955936)
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB955470)
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)
    Security Update for Microsoft Office system 2007 (KB951808)
    Security Update for Microsoft Office system 2007 (KB954326)
    Security Update for Microsoft Office Word 2007 (KB950113)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Media Encoder (KB954156)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB939653)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB942615)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944338)
    Security Update for Windows XP (KB944533)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB947864)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Seekeen 1.0 build 128
    Services de sécurité Freedom
    Shockwave
    SigmaTel AC97 Audio Drivers
    Singles
    Smart Menus (Windows Live Toolbar)
    SmartShopper
    Sony Media Manager for PSP 3.0
    SoundMAX
    Spybot - Search & Destroy
    SweetIM For Internet Explorer 3.0b
    Tabbed Browsing (Windows Live Toolbar)
    TBS WMP Plug-in
    The Weather Channel Desktop
    Update for Microsoft Office Outlook 2007 (KB952142)
    Update for Office 2007 (KB946691)
    Update for Outlook 2007 Junk Email Filter (kb957829)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB942840)
    Update for Windows XP (KB946627)
    Update for Windows XP (KB951072-v2)
    Weather Services
    Windows Defender Signatures
    Windows Installer 3.1 (KB893803)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live Favorites for Windows Live Toolbar
    Windows Live installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Safety Scanner
    Windows Live Sign-in Assistant
    Windows Live Toolbar
    Windows Live Toolbar
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Media Encoder 9 Series
    Windows Media Encoder 9 Series
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows Messenger 5.0
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    Windows XP Service Pack 2
    XMLinst
    Yahoo! Extras
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Messenger
    Yahoo! Toolbar

  8. #8
    Moderator Forum Moderator evilfantasy's Avatar
    Join Date
    Jan 2008
    Location
    Tulsa, OK
    Posts
    4,500
    Points
    627

    Default

    Uninstall malware

    Go to Add/Remove Programs and uninstall:
    • RelevantKnowledge
    • Seekeen 1.0 build 128
    • SmartShopper
    • Weather Services
    Restart the computer when finished.

    ----------

    Download the Norton Removal Tool (SymNRT) to your Desktop.

    Once downloaded please close ALL open browsers, also save any work because this may require a restart.
    • Go to your desktop and double click on the removal tool and then click Setup.
    • Once open Click Next
    • Accept the license agreement and click Next
    • Type in the letters/numbers that you see into the text box then click Next.
    • Then click Next and the tool will start running.
    • Once finished restart the PC and run the tool again to ensure everything has been removed.
    • Delete Nortonremoval tool from your Desktop.


    ----------

    Download CCleaner Slim and save it to your Desktop.
    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.
    Complete the installation then:

    • Double-click the CCleaner shortcut on the desktop to start the program.
    • Click on the Options block on the left, then choose Cookies.
      • Under Cookies to Delete, highlight any cookies you would like to retain permanently
      • Click the right arrow > to move them to the Cookies to Keep window.

    • Go into Options > Advanced uncheck Only delete files in Windows Temp folders older than 48 hours
    • Click Cleaner on the left then Run Cleaner on the right to run the program.
    • Important: Make sure that ALL browser windows are closed before selecting Run Cleaner
    • Caution: It is not recommended that you use the 'Registry' feature unless you are very familiar with the registry.
    • Exit CCleaner after it has completed its process.


    ----------

    Download Malwarebytes' Anti-Malware (MBAM)

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and Paste the entire report in your next reply.


    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

    Note: Save the log to your Desktop so you can post it with the ComboFix log.

    ----------

    Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

    Link #1
    Link #2

    **Note: It is important that it is saved directly to your Desktop

    Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

    Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

    Double click combofix.exe & follow the prompts.

    For Windows XP Systems install the Recovery Console:

    - If you are using Windows XP and do not already have the Recovery Console installed, please ensure your Internet connection is active (if possible) and click Yes.
    - If for some reason your Internet is not working click No.
    - If you are not using Windows XP, you will not be prompted.
    - When prompted to accept the EULA click OK.
    - Accept Microsoft's EULA (Click Yes).
    - When you are told that the RC is installed correctly click YES to continue scanning for malware.

    When finished ComboFix will produce a log for you.
    Post the ComboFix log and a new HijackThis log in your next reply.

    Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

    Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

    ----------

    Next post please add:
    • MBAM log
    • ComboFix log
    • New HijackThis log
    ----------

    Your Java is out of date.

    Older versions have vulnerabilities that malicious sites can use to infect your system.

    First install the new Sun Java Runtime Environment

    Be sure to close all browser windows before beginning the install.

    Remove the old version(s)

    Download JavaRa
    • Unzip the file and open the JavaRa.exe
    • Click Remove Older Versions
    • JavaRa will search for and remove any outdated version of Java and remove any that are found.
    • Click Additional Tasks
    • Place a check next to Remove Useless JRE Files and click Go
    • Exit JavaRa
    • Delete the JavaRa files from the Desktop
    .


    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you, Please Donate to the Forum

  9. #9
    Member
    Join Date
    Dec 2008
    Location
    Montreal, Canada
    Posts
    15
    Points
    0

    Default

    alright here are in order the: MBAM log
    ComboFix log
    New HijackThis log




    Malwarebytes' Anti-Malware 1.31
    Database version: 1471
    Windows 5.1.2600 Service Pack 2

    12/7/2008 6:19:53 PM
    mbam-log-2008-12-07 (18-19-53).txt

    Scan type: Quick Scan
    Objects scanned: 61011
    Time elapsed: 3 minute(s), 20 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 12
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 9
    Files Infected: 33

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.SoftMate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.SoftMate) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{53e0b6e8-a51d-448b-b692-40b67b285543} (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{53e0b6e8-a51d-448b-b692-40b67b285543} (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
    C:\Program Files\Screensavers.com\Wallpaper (Adware.Comet) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Martine.TINYMITE\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Martine.TINYMITE\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\contexts (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\buttons (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\images (Adware.Starware) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Program Files\Screensavers.com\Wallpaper\swpstart.exe (Adware.Comet) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\contexts\related.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\screensaver.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\games.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafe.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware\images\walertXP.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\windows\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\windows\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.






    ComboFix 08-12-06.06 - P‚ralte 2008-12-07 18:23:57.1 - FAT32x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.214 [GMT -5:00]
    Running from: c:\documents and settings\P‚ralte\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Martine.TINYMITE\Application Data\FunWebProducts
    C:\install.exe
    c:\program files\INSTALL.LOG
    c:\program files\Seekmo Programs
    c:\windows\cdmxtras
    c:\windows\system32\cache329
    c:\windows\system32\cache329\B_329_0_0_106800.htm
    c:\windows\system32\cache329\B_329_0_0_107400.htm
    c:\windows\system32\cache329\B_329_1_0_449200.gif
    c:\windows\system32\cache329\B_329_1_0_449600.gif
    c:\windows\system32\cache329\B_329_1_0_454300.gif
    c:\windows\system32\cache329\B_329_2_0_106800.htm
    c:\windows\system32\cache329\B_329_2_0_107400.htm
    c:\windows\system32\cache329\B_329_3_0_106800.htm
    c:\windows\system32\cache329\B_329_3_0_107400.htm
    c:\windows\system32\cache329\B_329_4_0_111600.htm
    c:\windows\system32\cache329\B_329_4_0_152400.htm
    c:\windows\system32\cache329\B_329_4_0_155300.htm
    c:\windows\system32\cache329\B_329_4_0_164100.htm
    c:\windows\system32\cache329\t_B_329_0_0_106800.htm
    c:\windows\system32\cache329\t_B_329_0_0_107400.htm
    c:\windows\system32\cache329\t_B_329_2_0_106800.htm
    c:\windows\system32\cache329\t_B_329_2_0_107400.htm
    c:\windows\system32\cache329\t_B_329_3_0_106800.htm
    c:\windows\system32\cache329\t_B_329_3_0_107400.htm
    c:\windows\system32\cache329\t_B_329_4_0_111600.htm
    c:\windows\system32\cache329\t_B_329_4_0_152400.htm
    c:\windows\system32\cache329\t_B_329_4_0_155300.htm
    c:\windows\system32\cache329\t_B_329_4_0_164100.htm

    .
    ((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
    .

    2008-12-07 18:14 . 2008-12-07 18:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-12-07 18:14 . <DIR> c:\documents and settings\Péralte\Application Data\Malwarebytes
    2008-12-07 18:14 . 2008-12-07 18:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-07 18:14 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-07 18:14 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-12-07 18:07 . 2008-12-07 18:07 <DIR> d-------- c:\program files\CCleaner
    2008-12-07 17:48 . 2008-12-07 17:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
    2008-12-07 04:58 . <DIR> c:\documents and settings\Péralte\Application Data\WinRAR
    2008-12-07 04:43 . 2008-12-07 04:43 <DIR> d-------- c:\windows\ERUNT
    2008-12-07 04:40 . 2008-12-07 04:40 <DIR> d-------- c:\documents and settings\Administrator
    2008-12-07 04:09 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
    2008-12-06 20:47 . 2008-12-06 20:47 <DIR> d-------- C:\P‚ralte
    2008-12-04 21:33 . 2008-12-04 21:33 <DIR> d-------- c:\program files\Microsoft Silverlight
    2008-12-04 16:12 . 2008-12-04 16:13 <DIR> d-------- c:\program files\Spybot - Search & Destroy
    2008-12-04 16:12 . 2008-12-04 16:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-04 15:12 . 2008-12-04 15:12 <DIR> d--hs---- C:\FOUND.066
    2008-12-04 10:54 . 2008-12-04 10:54 <DIR> d--hs---- C:\FOUND.065
    2008-12-04 02:48 . 2007-09-16 14:40 613,888 ---hs---- c:\windows\system32\_ServerNet.exe
    2008-12-04 01:27 . <DIR> c:\documents and settings\Péralte\.housecall6.6
    2008-12-04 01:07 . 2008-11-30 21:17 51,437,912 --a------ C:\bitdefender_free_v10.exe
    2008-12-03 17:01 . 2008-12-03 17:01 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
    2008-12-03 16:42 . 2008-12-03 16:42 <DIR> d--hs---- C:\FOUND.064
    2008-12-02 13:09 . 2008-12-02 13:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Winferno
    2008-12-02 13:04 . 2008-12-02 13:04 <DIR> d-------- c:\program files\Mixxx
    2008-11-30 21:38 . 2008-11-30 21:39 <DIR> d-------- c:\program files\Softwin
    2008-11-30 18:25 . 2008-11-30 18:25 <DIR> d--hs---- C:\FOUND.063
    2008-11-25 15:39 . 2008-11-25 15:39 <DIR> d--hs---- C:\FOUND.062
    2008-11-24 15:14 . 2008-11-24 15:14 <DIR> d--hs---- C:\FOUND.061
    2008-11-24 02:28 . 2007-09-16 14:40 613,888 -r-h----- C:\ServerNet.exe
    2008-11-23 02:41 . 2008-11-23 02:41 <DIR> d--hs---- C:\FOUND.060
    2008-11-22 17:40 . 2008-11-22 17:40 <DIR> d--hs---- C:\FOUND.059
    2008-11-21 00:40 . 2008-11-21 00:40 <DIR> d-------- c:\program files\ParetoLogic
    2008-11-21 00:38 . 2008-11-21 00:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Cached Installations
    2008-11-18 18:57 . 2008-11-18 18:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2008-11-17 22:55 . 2008-11-17 22:55 <DIR> d--hs---- C:\FOUND.058
    2008-11-16 16:24 . 2008-11-16 16:24 <DIR> d-------- c:\windows\system32\Adobe
    2008-11-16 12:56 . 2008-11-16 12:56 <DIR> d--hs---- C:\FOUND.057
    2008-11-11 15:12 . 2008-11-11 15:12 <DIR> d--hs---- C:\FOUND.056
    2008-11-09 23:08 . 2008-11-09 23:08 <DIR> d-------- c:\program files\iTunes
    2008-11-09 23:08 . 2008-11-09 23:08 <DIR> d-------- c:\program files\iPod
    2008-11-09 23:08 . 2008-11-09 23:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-11-09 23:01 . 2008-11-09 23:01 <DIR> d-------- c:\program files\Bonjour
    2008-11-09 17:10 . <DIR> c:\documents and settings\Péralte\Application Data\ATI
    2008-11-09 03:37 . 2008-11-09 03:37 <DIR> d--hs---- C:\FOUND.055
    2008-11-07 01:54 . <DIR> c:\documents and settings\Péralte\Application Data\LimeWire

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-05 00:56 81,984 ----a-w c:\windows\system32\bdod.bin
    2008-11-06 20:05 --------- d-----w c:\program files\Microsoft.NET
    2008-11-06 20:02 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2008-11-06 19:47 --------- d-----w c:\documents and settings\Péralte\Application Data\GetRightToGo
    2008-11-06 19:11 --------- d-----w c:\documents and settings\Péralte\Application Data\Sony
    2008-11-06 19:11 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
    2008-11-05 08:26 --------- d-----w c:\program files\Common Files\Sony Shared
    2008-11-05 07:53 --------- d-----w c:\program files\Sony
    2008-11-05 07:53 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
    2008-11-04 23:02 --------- d-----w c:\program files\Sony Setup
    2008-11-04 23:02 --------- d-----w c:\documents and settings\Péralte\Application Data\Sony Setup
    2008-11-04 23:00 --------- d-----w c:\program files\Trend Micro
    2008-11-04 22:38 --------- d-----w c:\documents and settings\Péralte\Application Data\DivX
    2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
    2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
    2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
    2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
    2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
    2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
    2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
    2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
    2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-15 16:57 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
    2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
    2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
    2008-09-15 11:57 1,846,016 ------w c:\windows\system32\dllcache\win32k.sys
    2007-11-11 20:14 2,293,712 ----a-w c:\program files\FLV PlayerFCSetup.exe
    2007-11-11 20:13 3,928,264 ----a-w c:\program files\FLV PlayerRCATSetup.exe
    2007-11-11 20:11 411,248 ----a-w c:\program files\FLV PlayerRCSetup.exe
    2007-09-16 19:40 613,888 --sh--w c:\windows\system32\_ServerNet.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
    "Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-25 68856]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-03-20 774144]
    "IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-06-06 155648]
    "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-06-06 118784]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "Motive SmartBridge"="c:\progra~1\NETASS~1\SMARTB~1\MotiveSB.exe" [2004-10-22 393216]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-04-07 180269]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "Freedom"="c:\program files\Zero Knowledge\Freedom\Freedom.exe" [2004-07-23 163894]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "SoundMan"="SOUNDMAN.EXE" [2004-06-17 c:\windows\SoundMan.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2004-11-25 32768]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Assistant Internet.lnk - c:\program files\NetAssistant\bin\matcli.exe [2006-04-07 217088]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
    backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
    --a------ 2004-11-25 00:27 32768 c:\program files\ATI Technologies\ATI.ACE\CLI.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    --a------ 2004-11-24 21:10 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2004-08-04 00:56 15360 c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
    --a------ 2004-06-17 18:43 2550272 c:\windows\ALCWZRD.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
    --------- 2004-03-17 15:10 61952 c:\windows\system32\Hdaudpropshortcut.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\StubInstaller.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
    "c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\Opera\\Opera.exe"=
    "c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "c:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\DRIVERS\si3112r.sys [2002-10-10 84529]
    S2 Distributed;Distributed;c:\program files\Common Files\Microsoft Shared\MSINFO\ServerNet.exe [2008-11-24 613888]
    S3 TNET1130;802.11 WLAN;c:\windows\system32\DRIVERS\TNET1130.sys []

    *Newly Created Service* - PROCEXP90
    .
    Contents of the 'Scheduled Tasks' folder

    2008-12-05 c:\windows\Tasks\Norton Security Scan.job
    - c:\program files\Norton Security Scan\Nss.exe [2007-09-18 23:42]

    2008-12-07 c:\windows\Tasks\McAfee.com Update Check (DEFAULT-HOME-EN-DEFAULT).job
    - c:\progra~1\mcafee.com\agent\mcupdate.exe []

    2008-12-07 c:\windows\Tasks\McAfee.com Update Check (DEFAULT-HOME-EN-DEFAULT).job
    - c:\progra~1\mcafee.com\agent []

    2008-12-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

    2008-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2008-12-06 c:\windows\Tasks\ParetoLogic Update Version2.job
    - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 12:25]

    2008-12-07 c:\windows\Tasks\ParetoLogic Registration.job
    - c:\windows\system32\rundll32.exe [2004-08-04 00:56]
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
    HKLM-Run-StandardInstall - (no file)
    HKLM-Run-POINTER - point32.exe
    MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
    MSConfigStartUp-POINTER - point32.exe


    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*Yahoo! SearchBar Home Page
    uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1036
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Search - ?p=ZJfox000
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - Add to Windows Live Favorites
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
    IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?a0defbd52c6c47f7908743d1907d8640
    IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?a0defbd52c6c47f7908743d1907d8640
    IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Martine.ROBERT\Start Menu\Programs\IMVU\Run IMVU.lnk
    IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Martine.ROBERT\Start Menu\Programs\IMVU\Run IMVU.lnk -

    O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-07 18:25:25
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(680)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2008-12-07 18:26:12
    ComboFix-quarantined-files.txt 2008-12-07 23:26:12

    Pre-Run: 197,649,727,488 bytes free
    Post-Run: 197,726,863,360 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

    264 --- E O F --- 2008-12-03 22:01:14





    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:30:38 PM, on 12/7/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\mmc.exe
    C:\WINDOWS\system32\mspaint.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1036
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn3\yt.dll
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn3\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'Default user')
    O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
    O8 - Extra context menu item: &Search - ?p=ZJfox000
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?a0defbd52c6c47f7908743d1907d8640
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?a0defbd52c6c47f7908743d1907d8640
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Martine.ROBERT\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://download.windowsupdate.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1113582214890
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\windows\system32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Distributed - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\ServerNet.exe
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 12082 bytes

  10. #10
    Moderator Forum Moderator evilfantasy's Avatar
    Join Date
    Jan 2008
    Location
    Tulsa, OK
    Posts
    4,500
    Points
    627

    Default

    Disable Spybot's TeaTimer

    While TeaTimer is an excellent tool for the prevention of spyware, it can also interfere with HijackThis fixes. Please disable TeaTimer for now until you are clean.

    1. Right click Spybot in the System Tray (looks like a calendar with a padlock symbol). Choose Exit Spybot S&D Resident
    2. Run Spybot S&D
    3. Go to the Mode menu, and make sure Advanced Mode is selected.
    4. On the left hand side, choose Tools > Resident
    uncheck Resident TeaTimer and OK any prompt and Restart your computer.

    Note:
    If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

    If TeaTimer will not turn off then uninstall Spybot until we are done cleaning.

    ----------

    Download the McAfee Consumer Product Removal Tool to your Desktop.
    Using McAfee Consumer Product Removal tool:

    • Double click the MCPR.exe
    • A Command Line window will be displayed, and then close automatically.
    • Wait for a second Command Line window to be displayed.
      • Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear.
    • After the second window appears, the program will begin the cleanup.
    • Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window: The machine must reboot to complete the un-installation. Reboot now? [y.n]
    • Press Y on the keyboard.
    • Wait for the computer to restart.
    • All McAfee products are now removed from your computer.


    ----------

    Open HijackThis and select Do a system scan only.

    Place a check mark next to the following entries: (if there)

    - O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    - O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    - O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Martine.ROBERT\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)


    Important: Close all windows except for HijackThis and then click Fix checked.

    Exit HijackThis.

    ----------

    Download the OTMoveIt3 by OldTimer

    Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator.

    * Save it to your Desktop.
    * Double-click OTMoveIt3.exe to run it.
    * Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

    Code:
    :Processes
    explorer.exe
    
    :files
    C:\FOUND.066
    C:\FOUND.065
    C:\FOUND.064
    C:\FOUND.063
    C:\FOUND.062
    C:\FOUND.061
    C:\FOUND.060
    C:\FOUND.059
    C:\FOUND.058
    C:\FOUND.057
    C:\FOUND.056
    C:\FOUND.055
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
    
    * Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    * Click the red Moveit! button.
    * Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    Close OTMoveIt3

    Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.
    .


    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you, Please Donate to the Forum