|
|
#1
14th Jul 2009, 19:16
|
|||
|
|||
|
Thanks for reading this
While I'm surfing, Internet Explorer ads pop up every 20 minutes. I'm pretty sure they're from Winzix. I uninstalled Winzix and searched the registry for Winzix and deleted those that I can find, but the ads are still popping up. In Task Manager, there are always 2 iexplore.exe's running, even though IE is not open. It takes 6 or 7 tries to delete the 2 processes. A couple of minutes later, they're back up. A NOD32 scan yielded no results. I use a Lenovo thinkpad R60, FireFox 3.0.11, and Windows XP Pro. SuperAntiSpyware log: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 07/14/2009 at 07:10 PM Application Version : 4.26.1006 Core Rules Database Version : 3993 Trace Rules Database Version: 1933 Scan type : Complete Scan Total Scan Time : 02:04:34 Memory items scanned : 649 Memory threats detected : 0 Registry items scanned : 5356 Registry threats detected : 45 File items scanned : 98988 File threats detected : 18 Adware.HotBar/ShopperReports (Low Risk) HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} HKU\S-1-5-21-3197554353-4193327202-1470422364-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\S tats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} Adware.Zango/ShoppingReport HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} HKU\S-1-5-21-3197554353-4193327202-1470422364-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} HKU\S-1-5-21-3197554353-4193327202-1470422364-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\S tats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\S tats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} HKU\.DEFAULT\Software\ShoppingReport HKU\S-1-5-18\Software\ShoppingReport Adware.MyWebSearch HKU\S-1-5-21-3197554353-4193327202-1470422364-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} HKU\S-1-5-21-3197554353-4193327202-1470422364-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} HKU\S-1-5-21-3197554353-4193327202-1470422364-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} Adware.Vundo Variant HKU\S-1-5-21-3197554353-4193327202-1470422364-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{32341E7E-C319-46DE-91D0-E30BB1A3CABA} Unclassified.Unknown Origin HKU\S-1-5-21-3197554353-4193327202-1470422364-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C} Trojan.Agent/Gen HKU\S-1-5-21-3197554353-4193327202-1470422364-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{7545D8C8-F53C-4E2F-8FA0-D248EF4A6E61} HKU\S-1-5-21-3197554353-4193327202-1470422364-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{C9C42510-9B21-41C1-9DCD-8382A2D07C61} C:\SYSTEM VOLUME INFORMATION\_RESTORE{A8393674-085C-4723-B63E-39928C5F4C89}\RP650\A0170389.DLL Adware.ShopAtHomeSelect HKU\S-1-5-21-3197554353-4193327202-1470422364-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2} Adware.Tracking Cookie C:\Documents and Settings\Eric Zong\Cookies\eric_zong@adserver.adtechus[1].txt C:\Documents and Settings\Eric Zong\Cookies\eric_zong@revsci[1].txt C:\Documents and Settings\Eric Zong\Cookies\eric_zong@apmebf[1].txt C:\Documents and Settings\Eric Zong\Cookies\eric_zong@tribalfusion[1].txt C:\Documents and Settings\Eric Zong\Cookies\eric_zong@statcounter[1].txt C:\Documents and Settings\Eric Zong\Cookies\eric_zong@doubleclick[1].txt C:\Documents and Settings\Eric Zong\Cookies\eric_zong@advertising[2].txt C:\Documents and Settings\Eric Zong\Cookies\eric_zong@da-tracking[2].txt C:\Documents and Settings\Eric Zong\Cookies\eric_zong@tacoda[2].txt C:\Documents and Settings\Eric Zong\Cookies\eric_zong@at.atwola[2].txt C:\Documents and Settings\Eric Zong\Cookies\eric_zong@specificclick[1].txt C:\Documents and Settings\Eric Zong\Cookies\eric_zong@ad.yieldmanager[1].txt C:\Documents and Settings\Eric Zong\Cookies\eric_zong@fastclick[1].txt Adware.MyWebSearch/FunWebProducts HKU\S-1-5-21-3197554353-4193327202-1470422364-1005\SOFTWARE\FunWebProducts HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYW EBSEARCHSERVICE HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYW EBSEARCHSERVICE#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYW EBSEARCHSERVICE\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYW EBSEARCHSERVICE\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYW EBSEARCHSERVICE\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYW EBSEARCHSERVICE\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYW EBSEARCHSERVICE\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYW EBSEARCHSERVICE\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYW EBSEARCHSERVICE\0000#DeviceDesc Adware.Vundo Variant/Rel HKLM\SOFTWARE\Microsoft\contim HKLM\SOFTWARE\Microsoft\contim#SysShell HKLM\SOFTWARE\Microsoft\MS Track System HKLM\SOFTWARE\Microsoft\MS Track System#Uid HKLM\SOFTWARE\Microsoft\MS Track System#Click1 HKLM\SOFTWARE\Microsoft\MS Track System#Uqs HKLM\SOFTWARE\Microsoft\rdfa HKLM\SOFTWARE\Microsoft\rdfa#F HKLM\SOFTWARE\Microsoft\rdfa#N Rogue.Component/Trace HKLM\Software\Microsoft\F84FBBBB HKLM\Software\Microsoft\F84FBBBB#f84fbbbb HKLM\Software\Microsoft\F84FBBBB#Version HKLM\Software\Microsoft\F84FBBBB#f84f163b HKLM\Software\Microsoft\F84FBBBB#f84f7fde HKU\S-1-5-21-3197554353-4193327202-1470422364-1005\Software\Microsoft\CS41275 HKU\S-1-5-21-3197554353-4193327202-1470422364-1005\Software\Microsoft\FIAS4018 Adware.180solutions/Seekmo/Zango C:\DOCUMENTS AND SETTINGS\ERIC ZONG\DESKTOP\HOTBAR.EXE C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS\NPCLNTAX_HOTBARSA.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{A8393674-085C-4723-B63E-39928C5F4C89}\RP622\A0166093.EXE Trojan.Downloader-NewJuan/VM C:\SYSTEM VOLUME INFORMATION\_RESTORE{A8393674-085C-4723-B63E-39928C5F4C89}\RP650\A0170385.DLL Malwarebytes Anti-malware log: Malwarebytes' Anti-Malware 1.39 Database version: 2432 Windows 5.1.2600 Service Pack 2 7/14/2009 7:54:22 PM mbam-log-2009-07-14 (19-54-22).txt Scan type: Quick Scan Objects scanned: 100531 Time elapsed: 6 minute(s), 31 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 5 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{a84e835e-1b9c-4fc0-980f-4b2da3c6a2a7} (Adware.Comet) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\system32\rn.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:10:26, on 7/14/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\winvnc.exe C:\Program Files\Common Files\Lenovo\Logger\logmon.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\PROGRA~1\THINKV~1\AMSG\amsg.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Lenovo\AwayTask\AwaySch.EXE C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\DAP\DAP.EXE C:\Program Files\Trend Micro\HijackThis\juice.exe O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrB kGndMonitor O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBa ttLog O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bait face type axis] C:\Documents and Settings\All Users\Application Data\Meow Intra Bait Face\meow locks.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKCU\..\Run: [Okay 2] C:\DOCUME~1\ERICZO~1\APPLIC~1\4dumb\storebook.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - http://www.worldwinner.com/games/v41/mines/mines.cab O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v48...t/brickout.cab O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A68EF0E4-B363-48A9-B0C5-D89990E69F91}: NameServer = 0.0.0.0 O20 - AppInit_DLLs: C:\program files\opinionsquare\opai.dll jmkgti.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Domain Client Service (winvnc) - Constantin Kaplinsky - C:\WINDOWS\winvnc.exe -- End of file - 13574 bytes Thanks in advance |
|
#2
14th Jul 2009, 20:08
|
|||
|
|||
|
Download Lop S&D by Eric_71 and save it to your Desktop. Lop S&D will only run on Windows XP and Windows Vista
Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D. If needed see: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Double click LopSD.exe - If you are using Windows Vista, right-click on the LopSD icon and select Run as administrator to perform this scan.
A copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt ---------- Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop. Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it) * XP users Double click on dds to run it. * If your antivirus or firewall try to block DDS then please allow it to run. * When finished DDS will open two (2) logs. 1) DDS.txt 2) Attach.txt * Save both logs to your desktop. * Please copy and paste the entire contents of both logs in your next reply. Note: DDS will instruct you to post the Attach.txt log as an attachment. Please just post it as you would any other log by copy and pasting it into the reply.
__________________
 |
|
#3
14th Jul 2009, 21:15
|
|||
|
|||
|
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2 X86-based PC ( Multiprocessor Free : Intel(R) Core(TM) Duo CPU T2400 @ 1.83GHz ) BIOS : Phoenix FirstBIOS(tm) Notebook Pro Version 2.0 for ThinkPad USER : Eric Zong ( Administrator ) BOOT : Normal boot Antivirus : ESET NOD32 Antivirus 4.0 4.0 (Not Activated) C:\ (Local Disk) - NTFS - Total:51 Go (Free:7 Go) D:\ (CD or DVD) F:\ (CD or DVD) G:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( Wed 07/15/2009| 0:09 ) --------------------\\ Listing folders in APPLIC~1 [05/10/2007|09:21] C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI [05/10/2007|08:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities [05/10/2007|09:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\Lenovo [05/30/2008|10:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft [05/10/2007|09:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec [05/10/2007|09:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\ThinkVantage [07/01/2008|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [07/30/2008|13:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL [05/22/2008|19:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads [06/09/2007|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP [10/11/2007|16:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [04/01/2008|22:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [06/05/2007|16:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus [04/27/2009|12:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Pro [07/12/2009|00:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET [07/05/2007|20:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [05/24/2008|23:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HotbarSA [02/09/2008|23:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IJJIGame [05/10/2007|09:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield [05/10/2007|09:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel [06/02/2007|18:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lenovo [06/07/2008|13:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [07/11/2009|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Meow Intra Bait Face [11/11/2008|12:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [06/03/2007|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla [06/19/2007|16:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Musicnotes [09/21/2007|22:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage [07/20/2007|15:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools [06/14/2008|19:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PurePlay [06/02/2007|21:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real [05/10/2007|08:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI [05/11/2009|22:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpeedBit [07/14/2009|14:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com [07/12/2009|00:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [07/14/2009|22:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [09/21/2008|17:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TVU Networks [07/30/2008|13:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint [05/10/2007|09:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [08/22/2008|20:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo! [05/10/2007|09:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ATI [05/10/2007|08:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [05/10/2007|09:46] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Lenovo [05/10/2007|09:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [05/10/2007|09:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec [05/10/2007|09:46] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ThinkVantage [08/25/2007|17:57] C:\DOCUME~1\ERICZO~1\APPLIC~1\.BitZip [07/11/2009|18:54] C:\DOCUME~1\ERICZO~1\APPLIC~1\4dumb [11/21/2008|19:20] C:\DOCUME~1\ERICZO~1\APPLIC~1\Adobe [04/01/2008|22:01] C:\DOCUME~1\ERICZO~1\APPLIC~1\Apple Computer [05/10/2007|09:21] C:\DOCUME~1\ERICZO~1\APPLIC~1\ATI [07/05/2009|17:01] C:\DOCUME~1\ERICZO~1\APPLIC~1\Azureus [04/17/2009|16:31] C:\DOCUME~1\ERICZO~1\APPLIC~1\bang [04/05/2008|20:27] C:\DOCUME~1\ERICZO~1\APPLIC~1\DAEMON Tools [04/27/2009|12:05] C:\DOCUME~1\ERICZO~1\APPLIC~1\DAEMON Tools Pro [01/10/2009|13:07] C:\DOCUME~1\ERICZO~1\APPLIC~1\Dev-Cpp [08/09/2007|21:43] C:\DOCUME~1\ERICZO~1\APPLIC~1\DivX [05/08/2009|21:07] C:\DOCUME~1\ERICZO~1\APPLIC~1\dvdcss [03/17/2009|15:37] C:\DOCUME~1\ERICZO~1\APPLIC~1\Foxit [07/05/2007|20:37] C:\DOCUME~1\ERICZO~1\APPLIC~1\Google [11/22/2008|02:27] C:\DOCUME~1\ERICZO~1\APPLIC~1\Hamachi [05/24/2008|23:59] C:\DOCUME~1\ERICZO~1\APPLIC~1\Help [05/24/2008|20:29] C:\DOCUME~1\ERICZO~1\APPLIC~1\Hotbar_Icons [05/10/2007|08:55] C:\DOCUME~1\ERICZO~1\APPLIC~1\Identities [06/08/2009|15:26] C:\DOCUME~1\ERICZO~1\APPLIC~1\InstallShield [06/02/2007|18:39] C:\DOCUME~1\ERICZO~1\APPLIC~1\Intel [06/02/2007|18:02] C:\DOCUME~1\ERICZO~1\APPLIC~1\InterVideo [04/05/2008|20:50] C:\DOCUME~1\ERICZO~1\APPLIC~1\Leadertech [10/05/2007|20:51] C:\DOCUME~1\ERICZO~1\APPLIC~1\Lenovo [04/21/2009|15:54] C:\DOCUME~1\ERICZO~1\APPLIC~1\Macromedia [06/07/2008|13:31] C:\DOCUME~1\ERICZO~1\APPLIC~1\Malwarebytes [06/02/2007|21:52] C:\DOCUME~1\ERICZO~1\APPLIC~1\Media Player Classic [01/03/2009|17:08] C:\DOCUME~1\ERICZO~1\APPLIC~1\Microsoft [06/07/2008|11:02] C:\DOCUME~1\ERICZO~1\APPLIC~1\Move Networks [05/08/2009|03:25] C:\DOCUME~1\ERICZO~1\APPLIC~1\Mozilla [05/12/2009|16:50] C:\DOCUME~1\ERICZO~1\APPLIC~1\My Games [12/05/2008|09:48] C:\DOCUME~1\ERICZO~1\APPLIC~1\NwDocx [06/03/2007|10:20] C:\DOCUME~1\ERICZO~1\APPLIC~1\PC Tools [03/17/2009|20:33] C:\DOCUME~1\ERICZO~1\APPLIC~1\pokerth [09/03/2008|12:14] C:\DOCUME~1\ERICZO~1\APPLIC~1\Real [05/28/2009|18:38] C:\DOCUME~1\ERICZO~1\APPLIC~1\SecondLife [04/05/2008|20:50] C:\DOCUME~1\ERICZO~1\APPLIC~1\Sonic [06/03/2007|17:02] C:\DOCUME~1\ERICZO~1\APPLIC~1\Sun [07/14/2009|14:56] C:\DOCUME~1\ERICZO~1\APPLIC~1\SUPERAntiSpyware.com [05/10/2007|09:29] C:\DOCUME~1\ERICZO~1\APPLIC~1\Symantec [11/12/2008|20:32] C:\DOCUME~1\ERICZO~1\APPLIC~1\SystemRequirementsLa b [06/03/2007|12:10] C:\DOCUME~1\ERICZO~1\APPLIC~1\Talkback [05/10/2007|09:46] C:\DOCUME~1\ERICZO~1\APPLIC~1\ThinkVantage [05/08/2009|03:25] C:\DOCUME~1\ERICZO~1\APPLIC~1\Thunderbird [09/21/2008|17:10] C:\DOCUME~1\ERICZO~1\APPLIC~1\TVU Networks [08/11/2008|09:57] C:\DOCUME~1\ERICZO~1\APPLIC~1\vghd [06/09/2007|16:13] C:\DOCUME~1\ERICZO~1\APPLIC~1\Viewpoint [03/07/2009|01:20] C:\DOCUME~1\ERICZO~1\APPLIC~1\vlc [05/15/2009|22:44] C:\DOCUME~1\ERICZO~1\APPLIC~1\WarZone [06/02/2007|23:26] C:\DOCUME~1\ERICZO~1\APPLIC~1\WinRAR [12/20/2007|11:09] C:\DOCUME~1\ERICZO~1\APPLIC~1\Yahoo! [05/10/2007|09:19] C:\DOCUME~1\LOCALS~1\APPLIC~1\Intel [05/30/2008|10:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [05/10/2007|09:20] C:\DOCUME~1\NETWOR~1\APPLIC~1\Intel [05/30/2008|10:30] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [05/10/2007|09:21] C:\DOCUME~1\postgres\APPLIC~1\ATI [05/10/2007|08:55] C:\DOCUME~1\postgres\APPLIC~1\Identities [05/10/2007|09:46] C:\DOCUME~1\postgres\APPLIC~1\Lenovo [05/10/2007|09:34] C:\DOCUME~1\postgres\APPLIC~1\Microsoft [05/10/2007|09:29] C:\DOCUME~1\postgres\APPLIC~1\Symantec [05/10/2007|09:46] C:\DOCUME~1\postgres\APPLIC~1\ThinkVantage --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [07/15/2009 00:00][--ah-----] C:\WINDOWS\tasks\87B5085D9802BEF1.job [07/14/2009 23:51][--a------] C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [06/03/2007 07:27][---------] C:\WINDOWS\tasks\Symantec NetDetect.job [06/26/2008 21:16][--a------] C:\WINDOWS\tasks\PMTask.job [07/14/2009 21:52][--ah-----] C:\WINDOWS\tasks\SA.DAT [08/04/2004 08:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini ( 87B5085D9802BEF1.job )=( c:\docume~1\ericzo~1\applic~1\4dumb\CoolName16.exe ) --------------------\\ Listing Folders in C:\Program Files [07/11/2008|11:28] C:\Program Files\Adobe [05/10/2007|09:17] C:\Program Files\Analog Devices [04/05/2008|18:35] C:\Program Files\ASCII [05/10/2007|09:18] C:\Program Files\ATI Technologies [05/07/2008|13:24] C:\Program Files\Azureus [08/25/2007|17:57] C:\Program Files\BitZip [04/01/2008|21:59] C:\Program Files\Bonjour [06/02/2007|19:14] C:\Program Files\CCleaner [07/09/2009|19:51] C:\Program Files\Cheat Engine [07/14/2009|14:46] C:\Program Files\Common Files [05/10/2007|08:55] C:\Program Files\ComPlus Applications [08/21/2008|09:52] C:\Program Files\Conduit [05/10/2007|09:17] C:\Program Files\CONEXANT [06/15/2008|15:35] C:\Program Files\Coupons [04/27/2009|12:06] C:\Program Files\DAEMON Tools Pro [11/12/2008|17:03] C:\Program Files\DAEMON Tools Toolbar [05/11/2009|23:02] C:\Program Files\DAP [05/10/2007|09:17] C:\Program Files\Digital Line Detect [05/10/2007|09:34] C:\Program Files\Diskeeper Corporation [07/13/2009|00:33] C:\Program Files\DivX [07/12/2009|00:07] C:\Program Files\ESET [09/03/2008|12:06] C:\Program Files\ffdshow [05/12/2009|16:34] C:\Program Files\Firaxis Games [03/17/2009|15:37] C:\Program Files\Foxit Software [08/01/2007|22:00] C:\Program Files\GonVisor [08/25/2007|21:16] C:\Program Files\Google [12/15/2007|01:06] C:\Program Files\Hamachi [07/07/2009|00:40] C:\Program Files\InstallShield Installation Information [05/10/2007|09:15] C:\Program Files\Intel [07/11/2009|18:25] C:\Program Files\Intelore [06/10/2009|15:04] C:\Program Files\Internet Explorer [05/10/2007|09:25] C:\Program Files\InterVideo [07/14/2009|21:46] C:\Program Files\Java [05/10/2007|09:37] C:\Program Files\Lenovo [07/14/2009|14:50] C:\Program Files\Malwarebytes' Anti-Malware [06/02/2007|21:51] C:\Program Files\Media Player Classic [10/26/2008|12:40] C:\Program Files\Messenger [05/15/2009|22:35] C:\Program Files\Microprose [06/02/2007|18:09] C:\Program Files\Microsoft ActiveSync [05/10/2007|08:55] C:\Program Files\microsoft frontpage [06/02/2007|18:09] C:\Program Files\Microsoft Office [10/20/2008|22:16] C:\Program Files\Microsoft Silverlight [05/10/2007|08:55] C:\Program Files\Movie Maker [07/14/2009|23:22] C:\Program Files\Mozilla Firefox [06/23/2007|22:24] C:\Program Files\MSN [05/10/2007|08:55] C:\Program Files\MSN Gaming Zone [05/10/2007|09:14] C:\Program Files\MSXML 4.0 [05/10/2007|09:26] C:\Program Files\Multimedia Center for Think Offerings [07/07/2009|19:01] C:\Program Files\Net Tools [07/09/2009|03:07] C:\Program Files\NetChanger [05/10/2007|08:55] C:\Program Files\NetMeeting [05/08/2009|03:25] C:\Program Files\Netscape [05/10/2007|09:17] C:\Program Files\NetWaiting [05/10/2007|08:55] C:\Program Files\Online Services [08/17/2007|23:23] C:\Program Files\Outlook Express [10/16/2007|16:19] C:\Program Files\Pcsx2 [10/16/2007|16:19] C:\Program Files\PCSX2 0.9 R3 [07/03/2007|19:37] C:\Program Files\Picasa2 [07/09/2009|15:47] C:\Program Files\PokerStars [02/06/2009|21:27] C:\Program Files\PokerStove [02/06/2009|21:32] C:\Program Files\PostgreSQL [04/01/2008|21:59] C:\Program Files\QuickTime [09/03/2008|12:13] C:\Program Files\Real [06/02/2007|21:51] C:\Program Files\Real Alternative [07/07/2009|00:40] C:\Program Files\Red Storm Entertainment [06/19/2007|16:25] C:\Program Files\Sibelius Software [05/10/2007|09:36] C:\Program Files\SMI2 [03/16/2008|17:22] C:\Program Files\Softland [05/10/2007|09:26] C:\Program Files\Sonic [05/10/2007|09:26] C:\Program Files\Sonic Icons for Lenovo [07/14/2009|17:03] C:\Program Files\SUPERAntiSpyware [07/12/2009|00:05] C:\Program Files\Symantec [07/12/2009|12:38] C:\Program Files\Symantec Client Security [05/10/2007|09:15] C:\Program Files\Synaptics [11/12/2008|20:32] C:\Program Files\SystemRequirementsLab [05/10/2007|09:35] C:\Program Files\ThinkPad [05/10/2007|09:26] C:\Program Files\ThinkVantage [07/14/2009|22:08] C:\Program Files\Trend Micro [10/03/2007|17:10] C:\Program Files\TryMedia [05/10/2007|09:35] C:\Program Files\TVT SMBus [06/30/2009|16:53] C:\Program Files\UnH Solutions [05/10/2007|08:55] C:\Program Files\Uninstall Information [03/07/2009|01:16] C:\Program Files\VideoLAN [07/30/2008|13:38] C:\Program Files\Viewpoint [05/11/2009|12:50] C:\Program Files\VS Revo Group [04/21/2009|00:23] C:\Program Files\Vuze [05/15/2009|22:44] C:\Program Files\WarZone [06/03/2007|07:30] C:\Program Files\Windows Live Toolbar [05/10/2007|09:10] C:\Program Files\Windows Media Connect 2 [05/10/2007|09:21] C:\Program Files\Windows Media Player [05/10/2007|08:55] C:\Program Files\Windows NT [05/10/2007|08:55] C:\Program Files\WindowsUpdate [07/07/2009|18:50] C:\Program Files\WinPcap [07/01/2009|21:50] C:\Program Files\WinRAR [05/10/2007|08:55] C:\Program Files\xerox [08/22/2008|20:10] C:\Program Files\Yahoo! --------------------\\ Listing Folders in C:\Program Files\Common Files [07/01/2008|11:26] C:\Program Files\Common Files\Adobe [04/29/2009|22:19] C:\Program Files\Common Files\AOL [06/02/2007|18:09] C:\Program Files\Common Files\Designer [06/07/2007|23:32] C:\Program Files\Common Files\DirectX [07/13/2009|00:33] C:\Program Files\Common Files\DivX Shared [03/24/2009|23:43] C:\Program Files\Common Files\Download Manager [05/15/2009|22:37] C:\Program Files\Common Files\Idu [05/10/2007|09:26] C:\Program Files\Common Files\Installshield [05/10/2007|09:24] C:\Program Files\Common Files\Java [05/10/2007|09:39] C:\Program Files\Common Files\Lenovo [06/02/2007|18:09] C:\Program Files\Common Files\Microsoft Shared [05/10/2007|08:55] C:\Program Files\Common Files\MSSoap [05/10/2007|08:55] C:\Program Files\Common Files\ODBC [09/03/2008|12:14] C:\Program Files\Common Files\Real [05/10/2007|08:55] C:\Program Files\Common Files\Services [05/10/2007|09:26] C:\Program Files\Common Files\Sonic Shared [05/10/2007|08:55] C:\Program Files\Common Files\SpeechEngines [05/10/2007|09:26] C:\Program Files\Common Files\SureThing Shared [07/12/2009|00:05] C:\Program Files\Common Files\Symantec Shared [08/17/2007|23:23] C:\Program Files\Common Files\System [07/14/2009|14:46] C:\Program Files\Common Files\Wise Installation Wizard [09/03/2008|12:14] C:\Program Files\Common Files\xing shared --------------------\\ Process ( 74 Processes ) ... OK ! --------------------\\ Searching with S_Lop C:\DOCUME~1\ERICZO~1\APPLIC~1\4dumb C:\DOCUME~1\ERICZO~1\APPLIC~1\4dumb\CoolName16.exe C:\DOCUME~1\ERICZO~1\APPLIC~1\4dumb\lyybrlvp.exe C:\DOCUME~1\ERICZO~1\APPLIC~1\4dumb\storebook.exe --------------------\\ Searching for Lop Files - Folders C:\DOCUME~1\ALLUSE~1\APPLIC~1\Meow Intra Bait Face C:\DOCUME~1\ALLUSE~1\APPLIC~1\Meow Intra Bait Face\meow locks.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\Meow Intra Bait Face\meow locks.exe C:\DOCUME~1\ERICZO~1\APPLIC~1\4dumb C:\DOCUME~1\ERICZO~1\APPLIC~1\4dumb\CoolName16.exe C:\DOCUME~1\ERICZO~1\APPLIC~1\4dumb\lyybrlvp.exe C:\DOCUME~1\ERICZO~1\APPLIC~1\4dumb\storebook.exe C:\WINDOWS\Tasks\87B5085D9802BEF1.job --------------------\\ Searching within the Registry [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall\htm scr size] "DisplayName"="CiD Help" "UninstallString"="C:\\DOCUME~1\\ERICZO~1\\APPLIC~ 1\\4dumb\\storebook.exe -uninstall" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Okay 2"="C:\\DOCUME~1\\ERICZO~1\\APPLIC~1\\4dumb\\store book.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "bait face type axis"="C:\\Documents and Settings\\All Users\\Application Data\\Meow Intra Bait Face\\meow locks.exe" --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-15 00:11:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Searching for other infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\ERICZO~1\Application Data\Azureus\torrents\Daemon_Tools_Pro_Advanced_Ve rsion_4.10.0218___Crack_vsigns.4743375.TPB.torrent C:\DOCUME~1\ERICZO~1\Application Data\Azureus\torrents\FIFA_09_-_Crack___Keygen.4513426.TPB.torrent C:\DOCUME~1\ERICZO~1\Application Data\Azureus\torrents\Fifa_2009_ISO_with_crack.456 1626.TPB.torrent C:\DOCUME~1\ERICZO~1\Application Data\Azureus\torrents\NHL.09-RELOADED KEYGEN.torrent C:\DOCUME~1\ERICZO~1\Application Data\Azureus\torrents\NHL.09-RELOADED_KEYGEN.4470561.TPB.torrent C:\DOCUME~1\ERICZO~1\Application Data\Azureus\torrents\PokerTracker.3.Holdem.3.00.3 .Crack.rar.4440811.TPB.torrent C:\DOCUME~1\ERICZO~1\Application Data\Azureus\torrents\_NHL.09-RELOADED_KEYGEN.4470561.TPB.torrent C:\DOCUME~1\ERICZO~1\Desktop\Civilization_IV__with _1.09_update_and_crack_ C:\DOCUME~1\ERICZO~1\Desktop\Civilization_IV__with _1.09_update_and_crack_\Civilization IV (with 1.09 update and crack) C:\DOCUME~1\ERICZO~1\Desktop\Civilization_IV__with _1.09_update_and_crack_\Civilization IV (with 1.09 update and crack)\civilizationIV(iso).iso C:\DOCUME~1\ERICZO~1\Desktop\Civilization_IV__with _1.09_update_and_crack_\Civilization IV (with 1.09 update and crack)\crack C:\DOCUME~1\ERICZO~1\Desktop\Civilization_IV__with _1.09_update_and_crack_\Civilization IV (with 1.09 update and crack)\oyunu kurmadan once okuyun.txt C:\DOCUME~1\ERICZO~1\Desktop\Civilization_IV__with _1.09_update_and_crack_\Civilization IV (with 1.09 update and crack)\crack\Civilization4.exe C:\DOCUME~1\ERICZO~1\Desktop\Poker\Various\Poker Pro 2006\PokerPro2006v4167_Crack.exe C:\DOCUME~1\ERICZO~1\Desktop\SUPERAnti.Spyware.Pro .v4.26.1002 By Seba\SUPERAntiSpyware.Professional.v4.26.1000.Mult ilingual.WinAll.Incl.Keygen.and.Patch-CRD C:\DOCUME~1\ERICZO~1\Desktop\SUPERAnti.Spyware.Pro .v4.26.1002 By Seba\SUPERAntiSpyware.Professional.v4.26.1000.Mult ilingual.WinAll.Incl.Keygen.and.Patch-CRD.rar C:\DOCUME~1\ERICZO~1\Desktop\SUPERAnti.Spyware.Pro .v4.26.1002 By Seba\SUPERAntiSpyware.Professional.v4.26.1000.Mult ilingual.WinAll.Incl.Keygen.and.Patch-CRD\Como Instalar.txt C:\DOCUME~1\ERICZO~1\Desktop\SUPERAnti.Spyware.Pro .v4.26.1002 By Seba\SUPERAntiSpyware.Professional.v4.26.1000.Mult ilingual.WinAll.Incl.Keygen.and.Patch-CRD\crd.exe C:\DOCUME~1\ERICZO~1\Desktop\SUPERAnti.Spyware.Pro .v4.26.1002 By Seba\SUPERAntiSpyware.Professional.v4.26.1000.Mult ilingual.WinAll.Incl.Keygen.and.Patch-CRD\keygen.exe C:\DOCUME~1\ERICZO~1\Recent\SUPERAntiSpyware.Profe ssional.v4.26.1000.Multilingual.WinAll.Incl.Keygen .and.Patch-CRD.lnk [F:24][D:5]-> C:\DOCUME~1\ERICZO~1\LOCALS~1\Temp [F:27][D:0]-> C:\DOCUME~1\ERICZO~1\Cookies [F:365][D:5]-> C:\DOCUME~1\ERICZO~1\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - Wed 07/15/2009| 0:12 - Option : [1] --------------------\\ Scan completed at 0:12:13 |
|
#4
14th Jul 2009, 21:17
|
|||
|
|||
|
DDS (Ver_09-06-26.01) - NTFSx86
Run by Eric Zong at 0:12:46.28 on Wed 07/15/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.116 [GMT -4:00] AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} ============== Running Processes =============== C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\winvnc.exe C:\Program Files\Common Files\Lenovo\Logger\logmon.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\PROGRA~1\THINKV~1\AMSG\amsg.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Lenovo\AwayTask\AwaySch.EXE C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Eric Zong\Desktop\dds.scr ============== Pseudo HJT Report =============== BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll BHO: 1 (0x1) - No File BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe" uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP uRun: [Okay 2] c:\docume~1\ericzo~1\applic~1\4dumb\storebook.exe mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrB kGndMonitor mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBa ttLog mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper mRun: [TpShocks] TpShocks.exe mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe mRun: [TP4EX] tp4ex.exe mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe" mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe mRun: [AMSG] c:\progra~1\thinkv~1\amsg\amsg.exe mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe" mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe mRun: [PDService.exe] "c:\program files\lenovo\safeguard privatedisk\pdservice.exe" mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [bait face type axis] c:\documents and settings\all users\application data\meow intra bait face\meow locks.exe mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dig ita~1.lnk - c:\program files\digital line detect\DLG.exe IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm IE: &Download with &DAP - c:\program files\dap\dapextie.htm IE: &Search IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download &all with DAP - c:\program files\dap\dapextie2.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {DA320635-F48C-4613-8325-D75A933C549E} - c:\program files\lenovo\system update\sulauncher.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll Trusted Zone: trivia01.com DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} - hxxp://www.worldwinner.com/games/v41/mines/mines.cab DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab TCP: {A68EF0E4-B363-48A9-B0C5-D89990E69F91} = 0.0.0.0 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: ACNotify - ACNotify.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll Notify: tpfnf2 - notifyf2.dll Notify: tphotkey - tphklock.dll AppInit_DLLs: c:\program files\opinionsquare\opai.dll jmkgti.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll, mcenspc.dll, LSA: Notification Packages = scecli ACGina ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\ericzo~1\applic~1\mozilla\firefox\prof iles\64bk77f7.default\ FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll FF - plugin: c:\documents and settings\eric zong\application data\mozilla\firefox\profiles\64bk77f7.default\ext ensions\firefox@tvunetworks.com\plugins\npTVUAx.dl l FF - plugin: c:\documents and settings\eric zong\application data\mozilla\firefox\profiles\64bk77f7.default\ext ensions\moveplayer@movenetworks.com\platform\winnt _x86-msvc\plugins\npmnqmp071101000055.dll FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 Shockprf;Shockprf;c:\windows\system32\drivers\shoc kprf.sys [2007-5-10 88576] R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2007-5-10 11520] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfw tdir.sys [2009-5-14 94360] R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMB LDID.sys [2007-5-10 6016] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-4-28 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 72944] R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\Shoc kMgr.sys [2007-5-10 4736] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRI F.SYS [2007-5-10 4442] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-7-14 211216] R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2006-4-30 14336] R2 PrivateDisk;PrivateDisk;c:\program files\lenovo\safeguard privatedisk\privatediskm.sys [2006-3-13 58368] R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-30 24652] R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2009-7-14 19096] S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-9-19 65536] S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2006-4-30 26488] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 7408] ============== File Associations =============== regfile=regedit.exe "%1" %* scrfile="%1" %* =============== Created Last 30 ================ 2009-07-15 00:09 <DIR> --d----- C:\Lop SD 2009-07-14 22:08 <DIR> --d----- c:\program files\Trend Micro 2009-07-14 22:00 142 a------- c:\windows\system32\spupdsvc.inf 2009-07-14 14:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2009-07-14 14:56 <DIR> --d----- c:\program files\SUPERAntiSpyware 2009-07-14 14:56 <DIR> --d----- c:\docume~1\ericzo~1\applic~1\SUPERAntiSpyware.com 2009-07-14 14:50 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-14 14:50 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-07-14 14:50 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-07-14 14:46 <DIR> --d----- c:\program files\common files\Wise Installation Wizard 2009-07-13 00:33 <DIR> --d----- c:\program files\common files\DivX Shared 2009-07-12 00:07 <DIR> --d----- c:\program files\ESET 2009-07-11 18:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Meow Intra Bait Face 2009-07-11 18:54 <DIR> --d----- c:\docume~1\ericzo~1\applic~1\4dumb 2009-07-11 18:25 <DIR> --d----- c:\program files\Intelore 2009-07-09 20:28 7,727 a------- c:\windows\system32\WinUptater 2009-07-09 02:58 <DIR> --d----- c:\program files\NetChanger 2009-07-07 18:50 <DIR> --d----- c:\program files\Net Tools 2009-06-30 16:53 <DIR> --d----- c:\program files\UnH Solutions 2009-06-20 23:30 115,920 a------- c:\windows\system32\MSINET.ocx 2009-06-20 23:29 140,488 a----r-- c:\windows\system32\comdlg32.ocx 2009-06-20 23:29 89,360 a----r-- c:\windows\system32\VB5DB.DLL 2009-06-20 23:29 69,632 a----r-- c:\windows\system32\xmltok.dll 2009-06-20 23:29 36,864 a----r-- c:\windows\system32\xmlparse.dll 2009-06-20 23:29 35,840 a----r-- c:\windows\system32\comdlg32.oca 2009-06-20 23:29 29,184 a----r-- c:\windows\system32\MSINET.oca 2009-06-20 23:29 26,096 a----r-- c:\windows\system32\xmlinst.exe 2009-06-20 23:29 24,576 a----r-- c:\windows\system32\msxml3a.dll 2009-06-20 23:16 <DIR> --d----- c:\program files\Red Storm Entertainment 2009-06-16 10:55 119,808 -------- c:\windows\system32\dllcache\t2embed.dll 2009-06-16 10:55 82,432 -------- c:\windows\system32\dllcache\fontsub.dll ==================== Find3M ==================== 2009-07-12 00:00 5,427 a------- c:\windows\system32\EGATHDRV.SYS 2009-07-11 21:57 6,300 a------- c:\windows\system32\tmp.reg 2009-06-16 10:55 119,808 -------- c:\windows\system32\t2embed.dll 2009-06-16 10:55 82,432 -------- c:\windows\system32\fontsub.dll 2009-06-03 15:27 1,290,752 -------- c:\windows\system32\quartz.dll 2009-06-03 15:27 1,290,752 -------- c:\windows\system32\dllcache\quartz.dll 2009-06-02 11:17 75,776 a------- c:\windows\system32\WS2Fix.exe 2009-05-11 22:58 50,688 a------- c:\windows\system32\wbhelp2.dll 2009-05-11 15:44 729,088 a------- c:\windows\iun6002.exe 2009-05-08 03:25 9,728 a------- c:\windows\system32\rnaph.dll 2009-05-07 11:44 344,064 -------- c:\windows\system32\localspl.dll 2009-05-07 11:44 344,064 -------- c:\windows\system32\dllcache\localspl.dll 2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll 2009-04-29 00:56 827,392 -------- c:\windows\system32\dllcache\wininet.dll 2009-04-29 00:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll 2009-04-29 00:56 1,159,680 -------- c:\windows\system32\dllcache\urlmon.dll 2009-04-29 00:56 671,232 -------- c:\windows\system32\dllcache\mstime.dll 2009-04-29 00:56 105,984 -------- c:\windows\system32\dllcache\url.dll 2009-04-29 00:56 102,912 -------- c:\windows\system32\dllcache\occache.dll 2009-04-29 00:56 44,544 -------- c:\windows\system32\dllcache\pngfilt.dll 2009-04-29 00:56 3,596,288 -------- c:\windows\system32\dllcache\mshtml.dll 2009-04-29 00:56 477,696 -------- c:\windows\system32\dllcache\mshtmled.dll 2009-04-29 00:56 193,024 -------- c:\windows\system32\dllcache\msrating.dll 2009-04-28 05:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe 2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe 2009-04-25 01:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe 2009-04-25 01:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll 2009-04-17 06:09 1,847,936 -------- c:\windows\system32\win32k.sys 2009-04-17 06:09 1,847,936 -------- c:\windows\system32\dllcache\win32k.sys 2008-11-20 01:21 26,240 ac------ c:\docume~1\ericzo~1\applic~1\GDIPFONTCACHEV1.DAT 2008-10-10 13:12 22,328 a------- c:\docume~1\ericzo~1\applic~1\PnkBstrK.sys 2007-05-10 09:20 32,768 -c-sh--- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat 2007-06-03 07:25 32,768 -c-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012007060320070 604\index.dat ============= FINISH: 0:13:21.50 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-06-26.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 6/3/2007 7:30:03 AM System Uptime: 7/14/2009 9:51:04 PM (3 hours ago) Motherboard: LENOVO | | 946295U Processor: Intel(R) Core(TM) Duo CPU T2400 @ 1.83GHz | None | 1828/167mhz Processor: Intel(R) Core(TM) Duo CPU T2400 @ 1.83GHz | None | 1828/167mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 51 GiB total, 7.419 GiB free. D: is CDROM () F: is CDROM () G: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Broadcom NetXtreme Gigabit Ethernet Device ID: PCI\VEN_14E4&DEV_167D&SUBSYS_208117AA&REV_21\4&192 AC53F&0&00E0 Manufacturer: Broadcom Name: Broadcom NetXtreme Gigabit Ethernet PNP Device ID: PCI\VEN_14E4&DEV_167D&SUBSYS_208117AA&REV_21\4&192 AC53F&0&00E0 Service: b57w2k Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318} Description: AP518Q2F IDE Controller Device ID: ACPI\PNPA000\4&5D18F2DF&0 Manufacturer: (Standard mass storage controllers) Name: AP518Q2F IDE Controller PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0 Service: ajfhzew1 ==== System Restore Points =================== RP614: 6/14/2009 7:19:18 PM - System Checkpoint RP615: 6/16/2009 4:48:25 PM - System Checkpoint RP616: 6/18/2009 4:45:50 PM - System Checkpoint RP617: 6/20/2009 2:02:30 PM - System Checkpoint RP618: 6/20/2009 11:16:29 PM - Installed Tom Clancy's Rainbow Six 3: Raven Shield RP619: 6/22/2009 12:50:32 AM - System Checkpoint RP620: 6/23/2009 2:01:21 AM - System Checkpoint RP621: 6/24/2009 9:15:23 PM - System Checkpoint RP622: 6/24/2009 11:12:37 PM - Revo Uninstaller's restore point - Kali II RP623: 6/25/2009 11:55:07 PM - System Checkpoint RP624: 6/27/2009 6:29:32 PM - System Checkpoint RP625: 6/28/2009 6:36:55 PM - System Checkpoint RP626: 6/29/2009 7:30:04 PM - System Checkpoint RP627: 6/30/2009 9:49:16 PM - System Checkpoint RP628: 7/2/2009 2:56:59 PM - System Checkpoint RP629: 7/3/2009 3:46:20 PM - System Checkpoint RP630: 7/4/2009 4:46:20 PM - System Checkpoint RP631: 7/6/2009 3:46:15 PM - System Checkpoint RP632: 7/7/2009 12:39:52 AM - Revo Uninstaller's restore point - Tom Clancy's Rainbow Six 3: Raven Shield RP633: 7/7/2009 12:40:05 AM - Removed Tom Clancy's Rainbow Six 3: Raven Shield RP634: 7/7/2009 7:00:05 PM - Revo Uninstaller's restore point - NetTools 5.0 RP635: 7/8/2009 10:08:04 PM - System Checkpoint RP636: 7/9/2009 3:05:20 AM - Revo Uninstaller's restore point - Uninstall Change IP RP637: 7/9/2009 3:06:56 AM - Revo Uninstaller's restore point - NetChanger 2.3 RP638: 7/10/2009 7:09:26 PM - System Checkpoint RP639: 7/11/2009 3:42:07 PM - Revo Uninstaller's restore point - Uninstall Change IP RP640: 7/11/2009 3:42:48 PM - Revo Uninstaller's restore point - RAR Password Cracker 4.12 RP641: 7/11/2009 6:30:01 PM - Revo Uninstaller's restore point - RAR Password Recovery Magic v6.1.1.2 RP642: 7/11/2009 6:31:06 PM - Revo Uninstaller's restore point - Spyware Doctor 6.0 RP643: 7/11/2009 7:02:21 PM - Revo Uninstaller's restore point - WinZix RP644: 7/11/2009 11:55:37 PM - Revo Uninstaller's restore point - HijackThis 2.0.2 RP645: 7/11/2009 11:56:44 PM - Revo Uninstaller's restore point - RAR Password Recovery v1.1 RC16 (remove only) RP646: 7/11/2009 11:59:49 PM - Revo Uninstaller's restore point - Symantec Client Security RP647: 7/12/2009 12:02:21 AM - Removed Symantec Client Security RP648: 7/12/2009 12:07:38 AM - Installed ESET NOD32 Antivirus RP649: 7/12/2009 11:52:29 AM - Revo Uninstaller's restore point - Uninstall Change IP RP650: 7/12/2009 11:53:37 AM - Revo Uninstaller's restore point - Malwarebytes' Anti-Malware RP651: 7/12/2009 3:09:26 PM - Revo Uninstaller's restore point - Windows Internet Explorer 7 RP652: 7/13/2009 3:45:29 PM - System Checkpoint RP653: 7/14/2009 2:56:05 PM - Installed SUPERAntiSpyware Professional RP654: 7/14/2009 7:31:02 PM - Software Distribution Service 3.0 RP655: 7/14/2009 7:35:34 PM - Software Distribution Service 3.0 RP656: 7/14/2009 9:42:18 PM - Installed Java(TM) 6 Update 13 RP657: 7/14/2009 9:59:55 PM - Installed Windows XP WgaNotify. RP658: 7/14/2009 10:06:22 PM - Revo Uninstaller's restore point - HijackThis 2.0.2 RP659: 7/14/2009 10:07:02 PM - Revo Uninstaller's restore point - Uninstall Change IP ==== Installed Programs ====================== Access Help Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) Adobe Shockwave Player ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Display Driver ATI HYDRAVISION AutoUpdate Bonjour CCleaner (remove only) Cheat Engine 5.4 CiD Help Client Security Solution Diskeeper Lite DivX Codec DivX Converter DivX Player DivX Web Player Download Accelerator Plus (DAP) ESET NOD32 Antivirus ffdshow [rev 2033] [2008-07-05] Foxit Reader GonVisor 1.73 Google Photos Screensaver Hamachi 1.0.3.0 Help Center High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows XP (KB889816) Hotfix for Windows XP (KB893357) Hotfix for Windows XP (KB894686) Hotfix for Windows XP (KB896256) Hotfix for Windows XP (KB896344) Hotfix for Windows XP (KB898456) Hotfix for Windows XP (KB903250) Hotfix for Windows XP (KB909095) Hotfix for Windows XP (KB909667) Hotfix for Windows XP (KB910728) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB916189) Hotfix for Windows XP (KB918005) Hotfix for Windows XP (KB918837) Hotfix for Windows XP (KB928388) Hotfix for Windows XP (KB929120) Hotfix for Windows XP (KB952287) ijji FireFox Launcher 1.0 Intel(R) PROSet/Wireless Software InterVideo WinDVD Java(TM) 6 Update 13 LiveReg (Symantec Corporation) LiveUpdate 2.6 (Symantec Corporation) Malwarebytes' Anti-Malware mCore mDriver Message Center Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Global IME for Office XP (Traditional Chinese) Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office XP Standard Microsoft Silverlight mMHouse Move Networks Media Player for Internet Explorer Mozilla Firefox (3.0.11) mPfMgr mProSafe MSN MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) mWlsSafe mXML novaPDF Standard Desktop 5.4 printer Palm Desktop for IBM WorkPad Picasa 2 PokerStars PokerStove version 1.23 PostgreSQL 8.3 Productivity Center Supplement for ThinkPad QuickTime Real Alternative 1.52 RealPlayer RecordNow Audio RecordNow Copy RecordNow Data Remove Multimedia Center Rescue and Recovery Revo Uninstaller 1.83 Risk WarZone Client Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB973346) Sid Meier's Civilization 4 Sid Meier's Civilization 4 - Beyond the Sword Sonic DLA Sonic Express Labeler Sonic Icons for Lenovo Sonic Update Manager SoundMAX SUPERAntiSpyware Professional SWF Opener System Migration Assistant System Requirements Lab System Update ThinkPad Configuration ThinkPad EasyEject Utility ThinkPad FullScreen Magnifier ThinkPad Hotkey Features Setup ThinkPad Keyboard Customizer Utility ThinkPad Modem ThinkPad PC Card Power Policy ThinkPad Power Management Driver ThinkPad Power Manager ThinkPad Presentation Director ThinkPad UltraNav Driver ThinkPad UltraNav Wizard ThinkVantage Access Connections ThinkVantage Active Protection System ThinkVantage Away Manager ThinkVantage Productivity Center ThinkVantage System Update Toolbar Button for IE ThinkVantage Technologies Welcome Message TrackPoint Accessibility Features Uninstall Change IP Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB912945) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB932823-v3) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB951072-v2) Update for Windows XP (KB955839) Update for Windows XP (KB967715) VC80CRTRedist - 8.0.50727.762 Viewpoint Media Player VLC media player 0.9.8a Vuze Wallpapers WarZone Client WarZone Client v1.0.41 WarZone Client v1.0.44 WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Toolbar Windows Media Connect Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB883517 Windows XP Hotfix - KB883523 Windows XP Hotfix - KB884020 Windows XP Hotfix - KB884575 Windows XP Hotfix - KB884868 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885855 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB885894 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888239 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB889315 Windows XP Hotfix - KB889673 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB896613 WinPcap 3.0 WinRAR archiver XP Themes ==== Event Viewer Messages From Past Week ======== 7/9/2009 9:20:17 PM, error: Service Control Manager [7034] - The PnkBstrB service terminated unexpectedly. It has done this 1 time(s). 7/9/2009 9:20:16 PM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s). 7/9/2009 8:55:09 PM, error: Dhcp [1002] - The IP address lease 141.214.171.14 for the Network Card with network address 001B7705C11F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 7/9/2009 8:54:21 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code. 7/9/2009 8:37:40 PM, error: Service Control Manager [7023] - The Server service terminated with the following error: The server is in use and cannot be unloaded. 7/14/2009 9:25:31 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Ati HotKey Poller service. 7/14/2009 8:00:24 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 7/14/2009 7:42:11 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Windows XP Service Pack 3 (KB936929). 7/14/2009 7:34:37 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP. 7/14/2009 6:32:31 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s). 7/14/2009 5:03:22 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists. 7/12/2009 3:06:09 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AcSvc service. 7/11/2009 1:25:00 PM, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code. 7/10/2009 6:26:54 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001B7705C11F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). ==== End Of File =========================== |
|
#5
15th Jul 2009, 08:39
|
|||
|
|||
|
You will have to remove all of the cracked software before I can continue helping.
Download OTM by OldTimer to your desktop. Note: If you are running on Vista, right-click on OTM.exe and choose Run As Administrator. * Save it to your Desktop. * Double-click OTM.exe to run it. * Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy) Code:
:Processes explorer.exe :files C:\DOCUME~1\ERICZO~1\Application Data\Azureus\torrents\Daemon_Tools_Pro_Advanced_Ve rsion_4.10.0218___Crack_vsigns.4743375.TPB.torrent C:\DOCUME~1\ERICZO~1\Application Data\Azureus\torrents\FIFA_09_-_Crack___Keygen.4513426.TPB.torrent C:\DOCUME~1\ERICZO~1\Application Data\Azureus\torrents\Fifa_2009_ISO_with_crack.456 1626.TPB.torrent C:\DOCUME~1\ERICZO~1\Application Data\Azureus\torrents\NHL.09-RELOADED KEYGEN.torrent C:\DOCUME~1\ERICZO~1\Application Data\Azureus\torrents\NHL.09-RELOADED_KEYGEN.4470561.TPB.torrent C:\DOCUME~1\ERICZO~1\Application Data\Azureus\torrents\PokerTracker.3.Holdem.3.00.3 .Crack.rar.4440811.TPB.torrent C:\DOCUME~1\ERICZO~1\Application Data\Azureus\torrents\_NHL.09-RELOADED_KEYGEN.4470561.TPB.torrent C:\DOCUME~1\ERICZO~1\Desktop\Civilization_IV__with _1.09_update_and_crack_ C:\DOCUME~1\ERICZO~1\Desktop\Poker\Various\Poker Pro 2006 C:\DOCUME~1\ERICZO~1\Desktop\SUPERAnti.Spyware.Pro .v4.26.1002 By Seba\SUPERAntiSpyware.Professional.v4.26.1000.Mult ilingual.WinAll.Incl.Keygen.and.Patch-CRD C:\DOCUME~1\ERICZO~1\Recent\SUPERAntiSpyware.Profe ssional.v4.26.1000.Multilingual.WinAll.Incl.Keygen .and.Patch-CRD.lnk :Commands [purity] [emptytemp] [start explorer] * Click the red Moveit! button. * Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTM Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes.
__________________
|
|
#6
15th Jul 2009, 12:15
|
|||
|
|||
|
[EMPTYTEMP]
User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: All Users User: Corey Phillips User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Eric Zong ->Temp folder emptied: 7798127 bytes ->Temporary Internet Files folder emptied: 13814338 bytes ->Java cache emptied: 13425364 bytes ->FireFox cache emptied: 109360042 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 112094 bytes User: NetworkService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 777160 bytes User: postgres ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes %systemdrive% .tmp files removed: 0 bytes C:\WINDOWS\666CF04177BE414E9A9D0A227E9B48F8.TMP folder deleted successfully. %systemroot% .tmp files removed: 40960 bytes %systemroot%\System32 .tmp files removed: 242073 bytes Windows Temp folder emptied: 185578 bytes RecycleBin emptied: 156160 bytes Total Files Cleaned = 139.25 mb OTM by OldTimer - Version 3.0.0.5 log created on 07152009_145442 Files moved on Reboot... Registry entries deleted on Reboot... |
|
#7
15th Jul 2009, 12:28
|
|||
|
|||
|
Thank you.
Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D. Double click LopSD.exe - If you are using Windows Vista, right-click on the LopSD icon and select Run as administrator to perform this scan.
__________________
|
|
#8
15th Jul 2009, 12:41
|
|||
|
|||
|
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2 X86-based PC ( Multiprocessor Free : Intel(R) Core(TM) Duo CPU T2400 @ 1.83GHz ) BIOS : Phoenix FirstBIOS(tm) Notebook Pro Version 2.0 for ThinkPad USER : Eric Zong ( Administrator ) BOOT : Normal boot Antivirus : ESET NOD32 Antivirus 4.0 4.0 (Not Activated) C:\ (Local Disk) - NTFS - Total:51 Go (Free:7 Go) D:\ (CD or DVD) F:\ (CD or DVD) G:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [2] ( Wed 07/15/2009|15:37 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing folders in APPLIC~1 [05/10/2007|09:21] C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI [05/10/2007|08:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities [05/10/2007|09:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\Lenovo [05/30/2008|10:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft [05/10/2007|09:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec [05/10/2007|09:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\ThinkVantage [07/01/2008|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [07/30/2008|13:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL [05/22/2008|19:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads [06/09/2007|15:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP [10/11/2007|16:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [04/01/2008|22:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [06/05/2007|16:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus [04/27/2009|12:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Pro [07/12/2009|00:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET [07/05/2007|20:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [05/24/2008|23:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HotbarSA [02/09/2008|23:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IJJIGame [05/10/2007|09:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield [05/10/2007|09:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel [06/02/2007|18:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lenovo [06/07/2008|13:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [11/11/2008|12:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [06/03/2007|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla [06/19/2007|16:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Musicnotes [09/21/2007|22:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage [07/20/2007|15:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools [06/14/2008|19:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PurePlay [06/02/2007|21:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real [05/10/2007|08:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI [05/11/2009|22:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpeedBit [07/14/2009|14:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com [07/12/2009|00:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [07/15/2009|15:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [09/21/2008|17:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TVU Networks [05/10/2007|09:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [08/22/2008|20:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo! [05/10/2007|09:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ATI [05/10/2007|08:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [05/10/2007|09:46] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Lenovo [05/10/2007|09:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [05/10/2007|09:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec [05/10/2007|09:46] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ThinkVantage [08/25/2007|17:57] C:\DOCUME~1\ERICZO~1\APPLIC~1\.BitZip [11/21/2008|19:20] C:\DOCUME~1\ERICZO~1\APPLIC~1\Adobe [04/01/2008|22:01] C:\DOCUME~1\ERICZO~1\APPLIC~1\Apple Computer [05/10/2007|09:21] C:\DOCUME~1\ERICZO~1\APPLIC~1\ATI [07/05/2009|17:01] C:\DOCUME~1\ERICZO~1\APPLIC~1\Azureus [04/17/2009|16:31] C:\DOCUME~1\ERICZO~1\APPLIC~1\bang [04/05/2008|20:27] C:\DOCUME~1\ERICZO~1\APPLIC~1\DAEMON Tools [04/27/2009|12:05] C:\DOCUME~1\ERICZO~1\APPLIC~1\DAEMON Tools Pro [01/10/2009|13:07] C:\DOCUME~1\ERICZO~1\APPLIC~1\Dev-Cpp [08/09/2007|21:43] C:\DOCUME~1\ERICZO~1\APPLIC~1\DivX [05/08/2009|21:07] C:\DOCUME~1\ERICZO~1\APPLIC~1\dvdcss [03/17/2009|15:37] C:\DOCUME~1\ERICZO~1\APPLIC~1\Foxit [07/05/2007|20:37] C:\DOCUME~1\ERICZO~1\APPLIC~1\Google [11/22/2008|02:27] C:\DOCUME~1\ERICZO~1\APPLIC~1\Hamachi [05/24/2008|23:59] C:\DOCUME~1\ERICZO~1\APPLIC~1\Help [05/24/2008|20:29] C:\DOCUME~1\ERICZO~1\APPLIC~1\Hotbar_Icons [05/10/2007|08:55] C:\DOCUME~1\ERICZO~1\APPLIC~1\Identities [06/08/2009|15:26] C:\DOCUME~1\ERICZO~1\APPLIC~1\InstallShield [06/02/2007|18:39] C:\DOCUME~1\ERICZO~1\APPLIC~1\Intel [06/02/2007|18:02] C:\DOCUME~1\ERICZO~1\APPLIC~1\InterVideo [04/05/2008|20:50] C:\DOCUME~1\ERICZO~1\APPLIC~1\Leadertech [10/05/2007|20:51] C:\DOCUME~1\ERICZO~1\APPLIC~1\Lenovo [04/21/2009|15:54] C:\DOCUME~1\ERICZO~1\APPLIC~1\Macromedia [06/07/2008|13:31] C:\DOCUME~1\ERICZO~1\APPLIC~1\Malwarebytes [06/02/2007|21:52] C:\DOCUME~1\ERICZO~1\APPLIC~1\Media Player Classic [01/03/2009|17:08] C:\DOCUME~1\ERICZO~1\APPLIC~1\Microsoft [06/07/2008|11:02] C:\DOCUME~1\ERICZO~1\APPLIC~1\Move Networks [05/08/2009|03:25] C:\DOCUME~1\ERICZO~1\APPLIC~1\Mozilla [05/12/2009|16:50] C:\DOCUME~1\ERICZO~1\APPLIC~1\My Games [12/05/2008|09:48] C:\DOCUME~1\ERICZO~1\APPLIC~1\NwDocx [06/03/2007|10:20] C:\DOCUME~1\ERICZO~1\APPLIC~1\PC Tools [03/17/2009|20:33] C:\DOCUME~1\ERICZO~1\APPLIC~1\pokerth [09/03/2008|12:14] C:\DOCUME~1\ERICZO~1\APPLIC~1\Real [05/28/2009|18:38] C:\DOCUME~1\ERICZO~1\APPLIC~1\SecondLife [04/05/2008|20:50] C:\DOCUME~1\ERICZO~1\APPLIC~1\Sonic [06/03/2007|17:02] C:\DOCUME~1\ERICZO~1\APPLIC~1\Sun [07/14/2009|14:56] C:\DOCUME~1\ERICZO~1\APPLIC~1\SUPERAntiSpyware.com [05/10/2007|09:29] C:\DOCUME~1\ERICZO~1\APPLIC~1\Symantec [11/12/2008|20:32] C:\DOCUME~1\ERICZO~1\APPLIC~1\SystemRequirementsLa b [06/03/2007|12:10] C:\DOCUME~1\ERICZO~1\APPLIC~1\Talkback [05/10/2007|09:46] C:\DOCUME~1\ERICZO~1\APPLIC~1\ThinkVantage [05/08/2009|03:25] C:\DOCUME~1\ERICZO~1\APPLIC~1\Thunderbird [09/21/2008|17:10] C:\DOCUME~1\ERICZO~1\APPLIC~1\TVU Networks [08/11/2008|09:57] C:\DOCUME~1\ERICZO~1\APPLIC~1\vghd [03/07/2009|01:20] C:\DOCUME~1\ERICZO~1\APPLIC~1\vlc [05/15/2009|22:44] C:\DOCUME~1\ERICZO~1\APPLIC~1\WarZone [06/02/2007|23:26] C:\DOCUME~1\ERICZO~1\APPLIC~1\WinRAR [12/20/2007|11:09] C:\DOCUME~1\ERICZO~1\APPLIC~1\Yahoo! [05/10/2007|09:19] C:\DOCUME~1\LOCALS~1\APPLIC~1\Intel [05/30/2008|10:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [05/10/2007|09:20] C:\DOCUME~1\NETWOR~1\APPLIC~1\Intel [05/30/2008|10:30] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [05/10/2007|09:21] C:\DOCUME~1\postgres\APPLIC~1\ATI [05/10/2007|08:55] C:\DOCUME~1\postgres\APPLIC~1\Identities [05/10/2007|09:46] C:\DOCUME~1\postgres\APPLIC~1\Lenovo [05/10/2007|09:34] C:\DOCUME~1\postgres\APPLIC~1\Microsoft [05/10/2007|09:29] C:\DOCUME~1\postgres\APPLIC~1\Symantec [05/10/2007|09:46] C:\DOCUME~1\postgres\APPLIC~1\ThinkVantage --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [07/15/2009 14:51][--a------] C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [06/03/2007 07:27][---------] C:\WINDOWS\tasks\Symantec NetDetect.job [06/26/2008 21:16][--a------] C:\WINDOWS\tasks\PMTask.job [07/15/2009 15:05][--ah-----] C:\WINDOWS\tasks\SA.DAT [08/04/2004 08:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing Folders in C:\Program Files [07/11/2008|11:28] C:\Program Files\Adobe [05/10/2007|09:17] C:\Program Files\Analog Devices [04/05/2008|18:35] C:\Program Files\ASCII [05/10/2007|09:18] C:\Program Files\ATI Technologies [05/07/2008|13:24] C:\Program Files\Azureus [08/25/2007|17:57] C:\Program Files\BitZip [04/01/2008|21:59] C:\Program Files\Bonjour [06/02/2007|19:14] C:\Program Files\CCleaner [07/09/2009|19:51] C:\Program Files\Cheat Engine [07/14/2009|14:46] C:\Program Files\Common Files [05/10/2007|08:55] C:\Program Files\ComPlus Applications [08/21/2008|09:52] C:\Program Files\Conduit [05/10/2007|09:17] C:\Program Files\CONEXANT [06/15/2008|15:35] C:\Program Files\Coupons [04/27/2009|12:06] C:\Program Files\DAEMON Tools Pro [11/12/2008|17:03] C:\Program Files\DAEMON Tools Toolbar [05/11/2009|23:02] C:\Program Files\DAP [05/10/2007|09:17] C:\Program Files\Digital Line Detect [05/10/2007|09:34] C:\Program Files\Diskeeper Corporation [07/13/2009|00:33] C:\Program Files\DivX [07/12/2009|00:07] C:\Program Files\ESET [09/03/2008|12:06] C:\Program Files\ffdshow [05/12/2009|16:34] C:\Program Files\Firaxis Games [03/17/2009|15:37] C:\Program Files\Foxit Software [08/01/2007|22:00] C:\Program Files\GonVisor [08/25/2007|21:16] C:\Program Files\Google [12/15/2007|01:06] C:\Program Files\Hamachi [07/07/2009|00:40] C:\Program Files\InstallShield Installation Information [05/10/2007|09:15] C:\Program Files\Intel [07/11/2009|18:25] C:\Program Files\Intelore [06/10/2009|15:04] C:\Program Files\Internet Explorer [05/10/2007|09:25] C:\Program Files\InterVideo [07/14/2009|21:46] C:\Program Files\Java [05/10/2007|09:37] C:\Program Files\Lenovo [07/14/2009|14:50] C:\Program Files\Malwarebytes' Anti-Malware [06/02/2007|21:51] C:\Program Files\Media Player Classic [10/26/2008|12:40] C:\Program Files\Messenger [05/15/2009|22:35] C:\Program Files\Microprose [06/02/2007|18:09] C:\Program Files\Microsoft ActiveSync [05/10/2007|08:55] C:\Program Files\microsoft frontpage [06/02/2007|18:09] C:\Program Files\Microsoft Office [10/20/2008|22:16] C:\Program Files\Microsoft Silverlight [05/10/2007|08:55] C:\Program Files\Movie Maker [07/15/2009|15:22] C:\Program Files\Mozilla Firefox [06/23/2007|22:24] C:\Program Files\MSN [05/10/2007|08:55] C:\Program Files\MSN Gaming Zone [05/10/2007|09:14] C:\Program Files\MSXML 4.0 [05/10/2007|09:26] C:\Program Files\Multimedia Center for Think Offerings [07/07/2009|19:01] C:\Program Files\Net Tools [07/09/2009|03:07] C:\Program Files\NetChanger [05/10/2007|08:55] C:\Program Files\NetMeeting [05/08/2009|03:25] C:\Program Files\Netscape [05/10/2007|09:17] C:\Program Files\NetWaiting [05/10/2007|08:55] C:\Program Files\Online Services [08/17/2007|23:23] C:\Program Files\Outlook Express [10/16/2007|16:19] C:\Program Files\Pcsx2 [10/16/2007|16:19] C:\Program Files\PCSX2 0.9 R3 [07/03/2007|19:37] C:\Program Files\Picasa2 [07/15/2009|14:26] C:\Program Files\PokerStars [02/06/2009|21:27] C:\Program Files\PokerStove [02/06/2009|21:32] C:\Program Files\PostgreSQL [04/01/2008|21:59] C:\Program Files\QuickTime [09/03/2008|12:13] C:\Program Files\Real [06/02/2007|21:51] C:\Program Files\Real Alternative [07/07/2009|00:40] C:\Program Files\Red Storm Entertainment [06/19/2007|16:25] C:\Program Files\Sibelius Software [05/10/2007|09:36] C:\Program Files\SMI2 [03/16/2008|17:22] C:\Program Files\Softland [05/10/2007|09:26] C:\Program Files\Sonic [05/10/2007|09:26] C:\Program Files\Sonic Icons for Lenovo [07/14/2009|17:03] C:\Program Files\SUPERAntiSpyware [07/12/2009|00:05] C:\Program Files\Symantec [07/12/2009|12:38] C:\Program Files\Symantec Client Security [05/10/2007|09:15] C:\Program Files\Synaptics [11/12/2008|20:32] C:\Program Files\SystemRequirementsLab [05/10/2007|09:35] C:\Program Files\ThinkPad [05/10/2007|09:26] C:\Program Files\ThinkVantage [07/14/2009|22:08] C:\Program Files\Trend Micro [10/03/2007|17:10] C:\Program Files\TryMedia [05/10/2007|09:35] C:\Program Files\TVT SMBus [06/30/2009|16:53] C:\Program Files\UnH Solutions [05/10/2007|08:55] C:\Program Files\Uninstall Information [03/07/2009|01:16] C:\Program Files\VideoLAN [07/15/2009|15:32] C:\Program Files\Viewpoint [05/11/2009|12:50] C:\Program Files\VS Revo Group [04/21/2009|00:23] C:\Program Files\Vuze [05/15/2009|22:44] C:\Program Files\WarZone [06/03/2007|07:30] C:\Program Files\Windows Live Toolbar [05/10/2007|09:10] C:\Program Files\Windows Media Connect 2 [05/10/2007|09:21] C:\Program Files\Windows Media Player [05/10/2007|08:55] C:\Program Files\Windows NT [05/10/2007|08:55] C:\Program Files\WindowsUpdate [07/07/2009|18:50] C:\Program Files\WinPcap [07/01/2009|21:50] C:\Program Files\WinRAR [05/10/2007|08:55] C:\Program Files\xerox [08/22/2008|20:10] C:\Program Files\Yahoo! --------------------\\ Listing Folders in C:\Program Files\Common Files [07/01/2008|11:26] C:\Program Files\Common Files\Adobe [04/29/2009|22:19] C:\Program Files\Common Files\AOL [06/02/2007|18:09] C:\Program Files\Common Files\Designer [06/07/2007|23:32] C:\Program Files\Common Files\DirectX [07/13/2009|00:33] C:\Program Files\Common Files\DivX Shared [03/24/2009|23:43] C:\Program Files\Common Files\Download Manager [05/15/2009|22:37] C:\Program Files\Common Files\Idu [05/10/2007|09:26] C:\Program Files\Common Files\Installshield [05/10/2007|09:24] C:\Program Files\Common Files\Java [05/10/2007|09:39] C:\Program Files\Common Files\Lenovo [06/02/2007|18:09] C:\Program Files\Common Files\Microsoft Shared [05/10/2007|08:55] C:\Program Files\Common Files\MSSoap [05/10/2007|08:55] C:\Program Files\Common Files\ODBC [09/03/2008|12:14] C:\Program Files\Common Files\Real [05/10/2007|08:55] C:\Program Files\Common Files\Services [05/10/2007|09:26] C:\Program Files\Common Files\Sonic Shared [05/10/2007|08:55] C:\Program Files\Common Files\SpeechEngines [05/10/2007|09:26] C:\Program Files\Common Files\SureThing Shared [07/12/2009|00:05] C:\Program Files\Common Files\Symantec Shared [08/17/2007|23:23] C:\Program Files\Common Files\System [07/14/2009|14:46] C:\Program Files\Common Files\Wise Installation Wizard [09/03/2008|12:14] C:\Program Files\Common Files\xing shared --------------------\\ Process ( 73 Processes ) ... OK ! --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders No Lop folder found ! --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-15 15:40:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Searching for other infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\ERICZO~1\Application Data\Azureus\torrents\Daemon_Tools_Pro_Advanced_Ve rsion_4.10.0218___Crack_vsigns.4743375.TPB.torrent C:\DOCUME~1\ERICZO~1\Application Data\Azureus\torrents\Fifa_2009_ISO_with_crack.456 1626.TPB.torrent C:\DOCUME~1\ERICZO~1\Application Data\Azureus\torrents\PokerTracker.3.Holdem.3.00.3 .Crack.rar.4440811.TPB.torrent C:\DOCUME~1\ERICZO~1\Desktop\Civilization_IV__with _1.09_update_and_crack_ C:\DOCUME~1\ERICZO~1\Desktop\Civilization_IV__with _1.09_update_and_crack_\Civilization IV (with 1.09 update and crack) C:\DOCUME~1\ERICZO~1\Desktop\Civilization_IV__with _1.09_update_and_crack_\Civilization IV (with 1.09 update and crack)\civilizationIV(iso).iso C:\DOCUME~1\ERICZO~1\Desktop\Civilization_IV__with _1.09_update_and_crack_\Civilization IV (with 1.09 update and crack)\crack C:\DOCUME~1\ERICZO~1\Desktop\Civilization_IV__with _1.09_update_and_crack_\Civilization IV (with 1.09 update and crack)\oyunu kurmadan once okuyun.txt C:\DOCUME~1\ERICZO~1\Desktop\Civilization_IV__with _1.09_update_and_crack_\Civilization IV (with 1.09 update and crack)\crack\Civilization4.exe C:\DOCUME~1\ERICZO~1\Recent\SUPERAntiSpyware.Profe ssional.v4.26.1000.Multilingual.WinAll.Incl.Keygen .and.Patch-CRD.lnk [F:3][D:0]-> C:\DOCUME~1\ERICZO~1\LOCALS~1\Temp [F:33][D:0]-> C:\DOCUME~1\ERICZO~1\Cookies [F:25][D:4]-> C:\DOCUME~1\ERICZO~1\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - Wed 07/15/2009| 0:12 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - Wed 07/15/2009|15:34 - Option : [2] 3 - "C:\Lop SD\LopR_3.txt" - Wed 07/15/2009|15:40 - Option : [2] --------------------\\ Scan completed at 15:40:38 |
|
#9
15th Jul 2009, 13:15
|
|||
|
|||
|
Go to Add or Remove Programs and uninstall: (if found)
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop DO NOT run it yet! Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code:
KillAll::
DDS::
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: 1 (0x1) - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Folder::
C:\DOCUME~1\ERICZO~1\Desktop\Civilization_IV__with _1.09_update_and_crack_
File::
C:\DOCUME~1\ERICZO~1\Application Data\Azureus\torrents\Daemon_Tools_Pro_Advanced_Ve rsion_4.10.0218___Crack_vsigns.4743375.TPB.torrent
C:\DOCUME~1\ERICZO~1\Application Data\Azureus\torrents\Fifa_2009_ISO_with_crack.456 1626.TPB.torrent
C:\DOCUME~1\ERICZO~1\Application Data\Azureus\torrents\PokerTracker.3.Holdem.3.00.3 .Crack.rar.4440811.TPB.torrent
C:\DOCUME~1\ERICZO~1\Recent\SUPERAntiSpyware.Profe ssional.v4.26.1000.Multilingual.WinAll.Incl.Keygen .and.Patch-CRD.lnk
4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!  ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
__________________
|
