Jump to content

seeking help :(

leafs

By leafs
in Resolved Malware Removal Logs

 Share

Recommended Posts

  • Replies 50
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

leafs

leafs

Posted
  • Author
Posted

k,,updated and scanned

log

Malwarebytes' Anti-Malware 1.25

Database version: 1062

Windows 5.1.2600 Service Pack 2

1:21:15 PM 8/20/2008

mbam-log-08-20-2008 (13-21-15).txt

Scan type: Quick Scan

Objects scanned: 46485

Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites
leafs

leafs

Posted
  • Author
Posted

It seems a bit slow on startup,takes about a minute or so longer then usual to be able to open ie or run anything,other then that it seems ok

HJT Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:28:27 PM, on 8/20/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\ESET\bak\nod32kui.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.ca/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"

O4 - HKCU\..\Run: [itfy] C:\WINDOWS\system32\??rvices.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O16 - DPF: {23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4} (DHCPConfiguration Class) - http://eserv.sympatico.ca/netassistant/con...adaPortalAX.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--

End of file - 3719 bytes

Link to post
Share on other sites
1972vet

1972vet

Posted
Posted

Your HijackThis log indicates crash issues you've had. Having more than one antivirus application running can certainly contribute to an unstable environment. I believe we already removed one of the antivirus programs (Symantec) but there is another driver file that is running from an old McAfee installation here:

C:\WINDOWS\system32\drivers\SGuard.sys

Uninstall your McAfee product using Add/Remove Programs in the Windows Control Panel...if you don't find anything listed there, then use the McAfee Consumer Product Removal tool (MCPR.exe).

Please open a blank Notepad by clicking start-->run

Then, in the run box type Notepad.exe and click "OK".

Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated along with a fresh HijackThis log. Thanks!

File::

C:\WINDOWS\system\actualspystart.lnk

C:\WINDOWS\system32\??rvices.exe

Folder::

C:\Documents and Settings\All Users\Application Data\Soulseek

C:\Program Files\2SoulseekNS

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire

C:\Documents and Settings\damageplan.BEYOND\Application Data\Azureus

D:\Program Files\Azureus

D:\Program Files\Soulseek

D:\Program Files\1Soulseek

D:\Program Files\SoulseekNS

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\Program Files\LimeWire\LimeWire.exe"=-

"D:\Program Files\Azureus\Azureus.exe"=-

"D:\Program Files\Soulseek\slsk.exe"=-

"D:\Program Files\1Soulseek\slsk.exe"=-

"D:\Program Files\SoulseekNS\slsk.exe"=-

Link to post
Share on other sites
leafs

leafs

Posted
  • Author
Posted

ComboFix 08-08-18.05 - damageplan 2008-08-20 22:15:10.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.756 [GMT -4:00]

Running from: C:\Documents and Settings\damageplan.BEYOND\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\damageplan.BEYOND\Desktop\CFScript.txt

* Created a new restore point

* Resident AV is active

FILE ::

C:\WINDOWS\system\actualspystart.lnk

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\410splashfree.png

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\414splashfree.png

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\createtimes.cache

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\fileurns.cache

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\filters.props

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\gnutella.net

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\installation.props

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\library.dat

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\limewire.props

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\mojito.props

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\pub1.key

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\public.key

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\questions.props

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\responses.cache

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\simpp.xml

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\spam.dat

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\tables.props

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme.lwtp

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\01_star.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\02_star.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\03_star.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\04_star.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\05_star.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\chat.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\dir_closed.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\dir_open.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\forward_dn.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\forward_up.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\kill.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\kill_on.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\lime.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\logo.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\notsearching.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\pause_dn.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\pause_up.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\play_dn.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\play_up.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\question.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\rewind_dn.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\rewind_up.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\searching.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\splash.png

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\stop_dn.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\stop_up.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\theme.txt

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\black_theme\warning.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme.lwtp

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\01_star.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\02_star.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\03_star.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\04_star.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\05_star.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\chat.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\dir_closed.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\dir_open.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\forward_dn.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\forward_up.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\kill.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\logo.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\notsearching.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\pause_dn.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\pause_up.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\play_dn.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\play_up.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\question.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\rewind_up.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\search.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\searching.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\splash.png

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\stop_dn.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\stop_up.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\theme.txt

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\classic_theme\warning.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme.lwtp

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\01_star.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\02_star.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\03_star.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\04_star.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\05_star.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\chat.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\dir_open.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\forward_up.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\kill.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\kill_on.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\lime.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\logo.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\notsearching.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\pause_up.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\play_dn.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\play_up.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\question.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\searching.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\splash.png

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\stop_up.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\theme.txt

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\limewire_theme\warning.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme.lwtp

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\01_star.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\02_star.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\03_star.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\04_star.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\05_star.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\chat.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\forward_dn.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\forward_up.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\kill.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\kill_on.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\logo.png

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\notsearching.png

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\pause_dn.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\pause_up.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\play_dn.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\play_up.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\question.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\rewind_dn.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\rewind_up.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\searching.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\splash.png

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\stop_dn.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\stop_up.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\theme.txt

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\other_theme\warning.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme.lwtp

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\01_star.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\02_star.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\03_star.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\04_star.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\05_star.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\chat.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\forward_dn.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\forward_up.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\kill.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\kill_on.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\logo.png

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\notsearching.png

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\pause_dn.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\pause_up.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\play_dn.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\play_up.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\question.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\rewind_up.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\searching.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\splash.png

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\splashpro.png

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\stop_dn.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\stop_up.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\theme.txt

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\version.txt

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\themes\windows_theme\warning.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\ttree.cache

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\ttrees.cache

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\ttroot.cache

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\update.xml

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\version.key

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\version.xml

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\data\delete_me

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\misc\application.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\misc\audio.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\misc\document.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\misc\image.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\misc\video.gif

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\schemas\application.xsd

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\schemas\audio.xsd

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\schemas\document.xsd

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\schemas\image.xsd

C:\Documents and Settings\damageplan.BEYOND\Application Data\LimeWire\xml\schemas\video.xsd

C:\WINDOWS\system\actualspystart.lnk

.

((((((((((((((((((((((((( Files Created from 2008-07-21 to 2008-08-21 )))))))))))))))))))))))))))))))

.

2008-08-20 19:25 . 2008-08-20 19:25 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-08-20 19:25 . 2008-08-20 19:25 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2008-08-20 19:21 . 2008-08-20 19:30 <DIR> d-------- C:\Documents and Settings\damageplan.BEYOND\Application Data\PC Suite

2008-08-20 19:21 . 2008-08-20 20:14 <DIR> d-------- C:\Documents and Settings\damageplan.BEYOND\Application Data\Nokia

2008-08-20 19:21 . 2008-08-20 19:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite

2008-08-20 19:20 . 2008-08-20 19:20 <DIR> d-------- C:\Program Files\DIFX

2008-08-20 19:20 . 2008-08-20 19:20 <DIR> d-------- C:\Program Files\Common Files\PCSuite

2008-08-20 19:20 . 2008-08-20 19:20 <DIR> d-------- C:\Program Files\Common Files\Nokia

2008-08-20 19:19 . 2008-08-20 19:19 <DIR> d-------- C:\Program Files\PC Connectivity Solution

2008-08-20 19:19 . 2008-08-20 19:20 <DIR> d-------- C:\Program Files\Nokia

2008-08-20 19:19 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll

2008-08-20 19:19 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2008-08-20 19:19 . 2008-05-07 07:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2008-08-20 19:19 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys

2008-08-20 19:19 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys

2008-08-20 19:19 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys

2008-08-20 19:19 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys

2008-08-20 19:18 . 2008-08-20 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations

2008-08-20 15:17 . 2008-08-20 18:15 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-08-19 11:16 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-08-19 11:15 . 2008-08-19 11:16 <DIR> d-------- C:\Program Files\Java

2008-08-19 11:08 . 2008-08-19 11:08 <DIR> d-------- C:\Program Files\Windows Installer Clean Up

2008-08-19 11:08 . 2008-08-19 11:08 <DIR> d-------- C:\Program Files\MSECACHE

2008-08-18 19:32 . 2008-08-18 19:32 <DIR> d-------- C:\Program Files\Trend Micro

2008-08-17 13:26 . 2008-08-20 13:16 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-08-17 13:26 . 2008-08-17 13:26 <DIR> d-------- C:\Documents and Settings\damageplan.BEYOND\Application Data\Malwarebytes

2008-08-17 13:26 . 2008-08-17 13:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-08-17 13:26 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-08-17 13:26 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-08-16 21:20 . 2008-08-16 21:20 <DIR> d-------- C:\Program Files\Panda Security

2008-08-16 21:20 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys

2008-08-16 20:20 . 2008-08-16 20:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue

2008-08-13 17:30 . 2008-05-01 10:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

2008-08-11 00:41 . 2008-08-20 20:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-08-11 00:41 . 2008-08-11 00:41 1,409 --a------ C:\WINDOWS\QTFont.for

2008-07-24 14:15 . 2008-07-24 14:15 <DIR> d-------- C:\Cakewalk Projects

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-21 00:44 137,472 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-08-19 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-08-17 23:35 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-17 00:53 --------- d-----w C:\Program Files\Virtools Web Player 3.0

2008-08-16 21:24 --------- d-----w C:\Program Files\QuickTime

2008-07-08 19:48 --------- d-----w C:\Documents and Settings\LocalService\Application Data\agi

2008-07-08 19:48 --------- d-----w C:\Documents and Settings\damageplan.BEYOND\Application Data\agi

.

((((((((((((((((((((((((((((( snapshot@2008-08-19_11.41.41.01 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-08-20 23:20:00 10,134 ----a-r C:\WINDOWS\Installer\{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}\ARPPRODUCTICON.exe

+ 2008-08-20 23:20:44 15,086 ----a-r C:\WINDOWS\Installer\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\ARPPRODUCTICON.exe

+ 2008-08-20 23:19:42 3,262 ----a-r C:\WINDOWS\Installer\{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}\ARPPRODUCTICON.exe

+ 2007-03-30 03:00:40 203,264 ----a-r C:\WINDOWS\system32\CddbCdda.dll

- 2007-07-30 23:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

+ 2008-07-19 02:10:48 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

+ 2008-08-21 02:06:50 262,144 ----a-w C:\WINDOWS\system32\config\Before Compact\NTUSER.DAT

+ 2008-08-21 02:06:50 262,144 ----a-w C:\WINDOWS\system32\config\Original\NTUSER.DAT

+ 2008-08-21 02:06:50 262,144 ----a-w C:\WINDOWS\system32\config\RCCBakup\NTUSER.DAT

+ 2008-08-21 02:06:50 262,144 ----a-w C:\WINDOWS\system32\config\SM Registry Backup\NTUSER.DAT

- 2007-07-30 23:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll

+ 2008-07-19 02:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll

+ 2004-08-04 06:08:42 25,600 -c--a-w C:\WINDOWS\system32\dllcache\usbser.sys

- 2007-07-30 23:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll

+ 2008-07-19 02:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll

- 2007-07-30 23:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe

+ 2008-07-19 02:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe

- 2007-07-30 23:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll

+ 2008-07-19 02:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll

- 2007-07-30 23:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll

+ 2008-07-19 02:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll

- 2007-07-30 23:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll

+ 2008-07-19 02:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll

- 2007-07-30 23:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll

+ 2008-07-19 02:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll

+ 2008-05-20 14:37:00 525,824 ----a-w C:\WINDOWS\system32\drivers\UMDF\PCCSWpdDriver.dll

+ 2004-08-04 06:08:42 25,600 ----a-w C:\WINDOWS\system32\drivers\usbser.sys

+ 2008-05-07 11:38:36 8,064 ----a-w C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys

+ 2006-11-02 11:22:54 492,000 ------w C:\WINDOWS\system32\drivers\wdf01000.sys

+ 2006-11-02 11:22:52 32,224 ------w C:\WINDOWS\system32\drivers\wdfldr.sys

- 2006-09-28 23:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys

+ 2006-09-16 02:29:52 76,544 ------w C:\WINDOWS\system32\drivers\WudfPf.sys

- 2006-09-29 00:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys

+ 2006-09-16 02:30:10 82,688 ------w C:\WINDOWS\system32\drivers\WudfRd.sys

+ 2008-05-07 11:38:20 17,536 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\ccdcmb.sys

+ 2008-05-07 11:38:24 90,624 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\nmwcdcls.dll

+ 2008-05-07 11:38:34 659,968 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\nmwcdcocls.dll

+ 2008-05-07 11:39:22 1,419,232 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\wdfcoinstaller01005.dll

+ 2008-05-07 11:38:36 8,064 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmbcj_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\usbser_lowerfltj.sys

+ 2008-06-06 13:24:44 8,064 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmbm_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\usbser_lowerflt.sys

+ 2008-05-07 11:38:20 20,864 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmbo_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\ccdcmbo.sys

+ 2007-09-17 19:53:26 21,632 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.sys

+ 2008-05-20 14:37:00 525,824 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccswpddri_66268C3E0C6968D7F539EAEAD801C68E0DB54FE9\PCCSWpdDriver.dll

+ 2008-05-20 14:32:30 831,048 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccswpddri_66268C3E0C6968D7F539EAEAD801C68E0DB54FE9\WudfUpdate_01005.dll

- 2008-08-18 01:08:21 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

+ 2008-08-21 00:44:19 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

+ 2008-07-19 02:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll

+ 2008-07-19 02:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll

- 2006-09-25 22:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe

+ 2006-10-09 01:51:14 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe

- 2007-07-30 23:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

+ 2008-07-19 02:09:44 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

- 2007-07-30 23:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

+ 2008-07-19 02:10:42 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

- 2007-07-30 23:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll

+ 2008-07-19 02:09:42 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

- 2007-07-30 23:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

+ 2008-07-19 02:09:46 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

- 2006-09-29 01:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll

+ 2006-09-16 03:30:16 87,040 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll

- 2006-09-28 23:56:38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe

+ 2006-09-16 03:30:06 142,848 ------w C:\WINDOWS\system32\WudfHost.exe

- 2006-09-28 23:56:16 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll

+ 2006-09-16 02:29:54 163,840 ------w C:\WINDOWS\system32\WudfPlatform.dll

- 2006-09-28 23:56:14 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll

+ 2006-09-16 03:30:16 55,296 ------w C:\WINDOWS\system32\WudfSvc.dll

+ 2008-05-20 14:32:30 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll

- 2006-09-28 23:56:38 316,416 ------w C:\WINDOWS\system32\WUDFx.dll

+ 2006-09-16 03:30:16 308,224 ------w C:\WINDOWS\system32\WUDFx.dll

- 2007-07-30 23:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll

+ 2008-07-19 02:10:20 36,552 ----a-w C:\WINDOWS\system32\wups.dll

- 2007-07-30 23:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

+ 2008-07-19 02:10:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

- 2007-07-30 23:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

+ 2008-07-19 02:09:44 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

+ 2006-12-02 02:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll

+ 2006-12-02 02:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll

+ 2006-12-02 02:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

+ 2006-12-02 02:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

+ 2006-12-02 04:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll

+ 2006-12-02 04:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll

+ 2006-12-02 04:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll

+ 2006-12-02 04:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Itfy"="C:\WINDOWS\system32\??rvices.exe" [?]

"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" [2006-12-20 18:47 557056]

"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 08:31 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 15:16 5058560]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2003-10-06 15:16 49152]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 02:49 155648]

"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 02:49 155648]

"nwiz"="nwiz.exe" [2003-10-06 15:16 741376 C:\WINDOWS\system32\nwiz.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoInstrumentation"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]

backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^damageplan^Start Menu^Programs^Startup^Deer Hunter 2005 Registration.lnk]

backup=C:\WINDOWS\pss\Deer Hunter 2005 Registration.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\anwx

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ap9h4qmo

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gah95on6

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Preview AdService

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdStatus

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ERSvc"=2 (0x2)

"SAVScan"=3 (0x3)

"ISSVC"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"C:\\Program Files\\Outlook Express\\msimn.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"D:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=

"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"D:\\Program Files\\Wolfenstein - Enemy Territory\\ETDED.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]

R2 BCDCNDIS;Belkin Direct Connect Network Adapter;C:\WINDOWS\system32\DRIVERS\BCDCNDIS.SYS [2000-08-08 14:37]

R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2003-04-30 14:24]

R3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys [2007-01-29 21:22]

S3 BCDCLINK;Belkin USB Direct Connect;C:\WINDOWS\system32\DRIVERS\BCDCLINK.SYS [2000-08-08 14:37]

S3 L6PODLV;PODxt Live Service;C:\WINDOWS\system32\Drivers\L6PODLV.sys [2007-01-29 21:17]

S3 SGUARD;SGUARD;C:\WINDOWS\system32\drivers\SGuard.sys [2005-01-21 08:17]

S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 02:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf89c438-758d-11db-b4be-0050fcc1144c}]

\Shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5da4cbc-757a-11db-b4b3-0050fcc1144c}]

\Shell\AutoRun\command - G:\autorun.exe

.

Contents of the 'Scheduled Tasks' folder

2008-08-12 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job

- D:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-05-23 15:03]

2007-11-06 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job

- D:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-05-23 15:03]

2008-08-17 C:\WINDOWS\Tasks\Uniblue SpyEraser.job

- D:\Program Files\SpyEraser\SpyEraser.exe [2007-05-23 15:33]

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-20 22:20:02

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ESET\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

.

**************************************************************************

.

Completion time: 2008-08-20 22:29:15 - machine was rebooted

ComboFix-quarantined-files.txt 2008-08-21 02:29:11

ComboFix2.txt 2008-08-19 15:42:24

Pre-Run: 7,888,089,088 bytes free

Post-Run: 7,912,120,320 bytes free

428 --- E O F --- 2008-08-20 22:16:07

HJT

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:32:35 PM, on 8/20/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\ESET\bak\nod32kui.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"

O4 - HKCU\..\Run: [itfy] C:\WINDOWS\system32\??rvices.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O16 - DPF: {23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4} (DHCPConfiguration Class) - http://eserv.sympatico.ca/netassistant/con...adaPortalAX.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 4421 bytes

Link to post
Share on other sites
1972vet

1972vet

Posted
Posted

From the logs appearance, things should be running fine. There's a stray registry entry we overlooked that needs to be cleaned up

You can run HijackThis again and check/fix this one:

O4 - HKCU\..\Run: [itfy] C:\WINDOWS\system32\??rvices.exe

Don't forget to close all windows before clicking Fix Checked then reboot to properly record the changes to the hard disk.

Post back a fresh HijackThis log and advise how the system is performing for you now. Thanks!

Link to post
Share on other sites
leafs

leafs

Posted
  • Author
Posted

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:20:15 PM, on 8/21/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\ESET\bak\nod32kui.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.ca/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O16 - DPF: {23B1D1AE-A29F-4AE2-B76E-CAB6E14811C4} (DHCPConfiguration Class) - http://eserv.sympatico.ca/netassistant/con...adaPortalAX.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 3980 bytes

Link to post
Share on other sites
1972vet

1972vet

Posted
Posted

Excellent...you did good work! Now you should delete these:

FindFile.bat

Symantec Removal Tool

McAfee Removal Tool

FindFolders.bat

Click start-->run...then copy and paste the Bold text below into the run box and click "OK":

ComboFix /u

Performing this function will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again for you automatically.

To assist in the prevention of spyware infections:

Immunize your browser by installing Spywareblaster. What does it do?

  • Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
  • Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
  • Restricts the actions of potentially unwanted sites in Internet Explorer.

Keep your anti-virus and spyware definitions up to date. Be sure to scan often.

Below you can choose from several of the freeware Firewalls available on the public domain. Even though you may have a Firewall already installed, keep this list handy should you choose not to renew your subscription for whatever reason.

You should always have at least (but not more than ) one of these types of third party firewalls running on board:

Kerio Personal Firewall

Zone Alarm

Outpost Free

Comodo

Install the free security tool "Secunia PSI" to help protect your system against software vulnerabilities. The free utility scans your system's software applications and offers a one button "Download "Solution" feature that updates the exploited software AND provides other related information/patching if warranted.

Stay updated with the most recent Windows patches as well...using Microsoft's Windows Update. Make it easy on yourself, and set this feature to Automatic.

Using an alternate browser can reduce your chance of certain infections installing themselves. We recommend installing Mozilla Firefox. If you don't already have "Firefox", please consider installing and using this browser for surfing.

If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.

Run CCleaner often. The Yahoo Toolbar is included by default during the installation...if you DO NOT WANT IT, be sure to remove the check from the "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser" option during installation setup.

Or if you just want to run your on board Disk Cleanup ("Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:

Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files. Don't forget to defrag the system.

So how did I get infected in the first place?

Regards, and Happy Surfing!

Link to post
Share on other sites
leafs

leafs

Posted
  • Author
Posted

I think i still have some kinda problem,,my system turns off randomly,4 times in an hour today it just turned off while in use,any ideas as to what or why this happens? (time for a new comp soon) lol

Link to post
Share on other sites
1972vet

1972vet

Posted
Posted

Ahh...and just as I was about to close this thread

As the logs appear to be clean, I would surmise that what was done to the system by following the instructions from the user who first began posting in response to your help request may have some bearing...and since I didn't see what was done, I really can't say with certainty what all might be involved.

If your system is shutting down on it's own, that could relate to a crash issue. When these shut downs occurred, did your screen turn blue with white text? If so...and if it happens again, please write down the exact message the screen presents, specifically paying attention to what driver file may be listed as a culprit (near the bottom of the screen).

Please post the System event log so we can have a look...something there may give us a clue:

  • Click start | run | then paste or type eventvwr.msc and then hit Enter.
  • When the Event Viewer opens, click System in the left pane.
  • From the Menu at the top, Click Action | Save Log File As
  • Change the Save As Type to "Text" (.txt)
  • then save the system event log as mysystem.txt
  • Save the log to your Desktop
  • Paste the log back here on your next reply.
Link to post
Share on other sites
1972vet

1972vet

Posted
Posted

I see nothing in that log that would be causing any system crash and nothing that points to a reason for them either...

I'd leave things as they are for now. There are no known incompatibility issues between ZoneAlarm and Nod32. Let's see an uninstall list:

Open HijackThis. Click-->Open the Misc Tools section-->Open Uninstall Manager-->Save list...and save the list to your Desktop, then close HijackThis.

A notepad file will open. Copy and paste the content of that text file back here on your next reply.

Link to post
Share on other sites
leafs

leafs

Posted
  • Author
Posted

Since i stopped zonealarm from monitoring nod it hasnt crashed

HJT uninstall list

AC3Filter (remove only)

Acoustica Beatcraft

Acoustica Effects Pack

Adobe Common File Installer

Adobe Flash Player ActiveX

Adobe Help Center 2.0

Adobe Photoshop CS2

Adobe Premiere Pro

Adobe Reader 7.0.9

Adobe Stock Photos 1.0

Ahead Nero Burning ROM

AnyDVD

Cake Mania 2

Cakewalk VST Adapter 4

Cool Edit Pro 2.1

Corel SVG Viewer

DAEMON Tools

dBpowerAMP AAC (AACEnc CLI)

dBpowerAMP mp3PRO Input Codec

dBpowerAMP Music Converter

dBpowerAMP Ogg Vorbis Codec

Dell ResourceCD

Diner Dash

Diner Dash - Flo on the Go

DivX Web Player

DreamStation DXi2

DVD Shrink 3.2

GiPo@MoveOnBoot 1.9.5

GuitarPort 2.51.0 (Remove Only)

HijackThis 2.0.2

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB952287)

Intel

Link to post
Share on other sites
1972vet

1972vet

Posted
Posted

This "Add or Remove Programs" entry corresponds to a program that is either malware, installs malware, or is bundled with malware:

Home Key Logger Free Edition v1.70 (remove only)

If, during the installation of this program, you received some option which would allow you to elect not to install the malware that's bundled with it, then it should be safe to leave the program installed...that is, if you think you have some need to use it. Otherwise, Please uninstall the program. Upon successful uninstall, please reboot the computer. Re-activate your NOD32 or ZoneAlarm, whichever you disabled. Post back and let us know if you are still having any issues. Thanks!

Link to post
Share on other sites
leafs

leafs

Posted
  • Author
Posted

No more crashes or problems,i think we got it all fixed,man what a pain in the behind,lol Thx again for all the help,Ive learned alot and plan on being a member of this forums for a long time.Talk to you all later.

Leafs

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.