Virus/malware causing me problems

jumba92

Ok so a week ago maybe I logged onto my pc and go and error message titled: 16 bit MS-DOS Subsystem
and it said: C:\WINDOWS\system32\MSLTST~1.EXE
The NTVDM CPU has encountered an illegal instruction.
CS:0ddb IP:0202 OP:63 74 69 76 65 Choose 'Close' to terminate the application
and the options were Close and Ignore
Close closed the window and the pc runs smoothly, ignore just gives me the same error until i click close. So, i have trend micro pc-cillin as anti virus software for my pc but obviously it's scans dont get everything because it missed things that the online scans found. anyways, i need help on this and it would be greatly appreciated.

Here's the online scan results:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-09-14 15:18:40
PROTECTIONS: 1
MALWARE: 16
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Trend Micro Internet Security 2008 16.10.1182 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.trafficmp.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Dubois\Application Data\Mozilla\Firefox\Profiles\g8ckri8t.default\cookies.txt[.atdmt.com/]
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{E2ECBD83-404D-418A-9ABA-4F2DF506478D}\RP66\A0008926.exe
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Sephiroth\Local Settings\Application Data\Mozilla\Firefox\Profiles\q49tzx0i.default\Cache\DD0DBD66d01[C:\Documents and Settings\Sephiroth\Local Settings\Application Data\Mozilla\Firefox\Profiles\q49tzx0i.default\Cache\DD0DBD66d01][SDFix\apps\Process.exe]
00139535 Application/Processor HackTools No 0 No No C:\System Volume Information\_restore{E2ECBD83-404D-418A-9ABA-4F2DF506478D}\RP66\A0008877.exe[C:\System Volume Information\_restore{E2ECBD83-404D-418A-9ABA-4F2DF506478D}\RP66\A0008877.exe][SDFix\apps\Process.exe]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Dubois\Application Data\Mozilla\Firefox\Profiles\g8ckri8t.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.tribalfusion.com/]
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.azjmp.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dubois\Application Data\Mozilla\Firefox\Profiles\g8ckri8t.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dubois\Application Data\Mozilla\Firefox\Profiles\g8ckri8t.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dubois\Application Data\Mozilla\Firefox\Profiles\g8ckri8t.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dubois\Application Data\Mozilla\Firefox\Profiles\g8ckri8t.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dubois\Application Data\Mozilla\Firefox\Profiles\g8ckri8t.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dubois\Application Data\Mozilla\Firefox\Profiles\g8ckri8t.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dubois\Application Data\Mozilla\Firefox\Profiles\g8ckri8t.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[ad.yieldmanager.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.bs.serving-sys.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[www.burstbeacon.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Dubois\Application Data\Mozilla\Firefox\Profiles\g8ckri8t.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Dubois\Application Data\Mozilla\Firefox\Profiles\g8ckri8t.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Dubois\Application Data\Mozilla\Firefox\Profiles\g8ckri8t.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Dubois\Application Data\Mozilla\Firefox\Profiles\g8ckri8t.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Dubois\Application Data\Mozilla\Firefox\Profiles\g8ckri8t.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.advertising.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Dubois\Application Data\Mozilla\Firefox\Profiles\g8ckri8t.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Dubois\Application Data\Mozilla\Firefox\Profiles\g8ckri8t.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Dubois\Application Data\Mozilla\Firefox\Profiles\g8ckri8t.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Dubois\Application Data\Mozilla\Firefox\Profiles\g8ckri8t.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Dubois\Application Data\Mozilla\Firefox\Profiles\g8ckri8t.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Dubois\Application Data\Mozilla\Firefox\Profiles\g8ckri8t.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Dubois\Application Data\Mozilla\Firefox\Profiles\g8ckri8t.default\cookies.txt[.ads.pointroll.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Dubois\Application Data\Mozilla\Firefox\Profiles\g8ckri8t.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Dubois\Application Data\Mozilla\Firefox\Profiles\g8ckri8t.default\cookies.txt[.questionmarket.com/]
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Dubois\Application Data\Mozilla\Firefox\Profiles\g8ckri8t.default\cookies.txt[.ads.addynamix.com/]
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Fey Lady\Application Data\Mozilla\Firefox\Profiles\8cwwz8k4.default\cookies.txt[.adserver.easyad.info/]
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Program Files\Image-Line\FL Studio 8\Plugins\Fruity\Generators\Toxic Biohazard\Toxic Biohazard.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

and the second one:

---

KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, September 14, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, September 14, 2008 23:36:45
Records in database: 1230716

---

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 82494
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:00:00

No malware has been detected. The scan area is clean.

The selected area was scanned.

and the hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:14 PM, on 9/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\AIM6\aim6.exe
C:\Documents and Settings\Sephiroth\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: GooglePreviewIE Toolbar Helper - {D476B977-AF6C-481A-8472-2ABAB5E89F20} - C:\Program Files\GooglePreviewIE Toolbar\v3.3.0.1\GooglePreviewIE_Toolbar.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: GooglePreviewIE Toolbar - {AEC32322-9D72-4C55-A108-33875F07BC03} - C:\Program Files\GooglePreviewIE Toolbar\v3.3.0.1\GooglePreviewIE_Toolbar.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msltstsoft_updt.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sephiroth\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210889558656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211938578687
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8483 bytes


That's it, and i noticed that sasha was having a similar problem in a different thread but katana (the person helping) said that those solutions he gave her might not go well for other pc's so i just assumed i should put up a new thread for my problem. please help me out, i'll log on whenever i can to check back here but it might be a while between my posts because the school year gets busy with work and all so.... yeah

Please and thanks
jumba92

Carolyn

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.


If you follow these instructions, everything should go smoothly.


Please download Malwarebytes' Anti-Malware and save it to a convenient location.

1. Double click on mbam-setup.exe to install it.
2. Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
   • Update Malwarebytes' Anti-Malware
     Launch Malwarebytes' Anti-Malware
3. Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
4. Select the Scanner tab. Click on Perform full scan, then click on Scan.
5. Leave the default options as it is and click on Start Scan.
6. When done, you will be prompted. Click OK, then click on Show Results.
7. Checked (ticked) all items and click on Remove Selected.
8. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

Next,

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please post the following:

1. The Malwarebyte's Anti-Malware log
2. The contents of log.txt
3. The contents of info.txt

jumba92

Ok, so originally i had everything in the message but it was too long so i'm gonna post a couple times to fit it all in.

Malwarebytes' Anti-Malware 1.28
Database version: 1211
Windows 5.1.2600 Service Pack 3

9/27/2008 7:29:15 AM
mbam-log-2008-09-27 (07-29-15).txt

Scan type: Full Scan (C:\|)
Objects scanned: 138246
Time elapsed: 1 hour(s), 11 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft WinUpdate (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.

Files Infected:
C:\System Volume Information\_restore{E2ECBD83-404D-418A-9ABA-4F2DF506478D}\RP62\A0008370.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E2ECBD83-404D-418A-9ABA-4F2DF506478D}\RP62\A0008371.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\Thumbs.db (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msltstsoft_updt.exe (Backdoor.Bot) -> Quarantined and deleted successfully.


and then the log...


Logfile of random's system information tool 1.02 (written by random/random)
Run by Sephiroth at 2008-09-27 07:35:33
Microsoft Windows XP Professional Service Pack 3
System drive C: has 106 GB (70%) free of 153 GB
Total RAM: 511 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:35:51 AM, on 9/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\AIM6\aim6.exe
C:\Documents and Settings\Sephiroth\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\V CAST Music with Rhapsody\rhaphlpr.exe
C:\Documents and Settings\Sephiroth\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sephiroth.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: GooglePreviewIE Toolbar Helper - {D476B977-AF6C-481A-8472-2ABAB5E89F20} - C:\Program Files\GooglePreviewIE Toolbar\v3.3.0.1\GooglePreviewIE_Toolbar.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: GooglePreviewIE Toolbar - {AEC32322-9D72-4C55-A108-33875F07BC03} - C:\Program Files\GooglePreviewIE Toolbar\v3.3.0.1\GooglePreviewIE_Toolbar.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sephiroth\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210889558656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211938578687
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8690 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D476B977-AF6C-481A-8472-2ABAB5E89F20}]
GooglePreviewIE Toolbar Helper - C:\Program Files\GooglePreviewIE Toolbar\v3.3.0.1\GooglePreviewIE_Toolbar.dll [2008-07-12 806912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]
C:\Program Files\Microsoft Money\System\mnyviewer.dll [2001-07-25 143420]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{AEC32322-9D72-4C55-A108-33875F07BC03} - GooglePreviewIE Toolbar - C:\Program Files\GooglePreviewIE Toolbar\v3.3.0.1\GooglePreviewIE_Toolbar.dll [2008-07-12 806912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"diagent"=C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [2002-04-03 135264]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-10-06 5058560]
"OrderReminder"=C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [2006-01-30 98304]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2003-10-06 49152]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-06 200704]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-07-29 1398024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"NvMediaCenter"=C:\WINDOWS\system32\NVMCTRAY.DLL [2003-10-06 49152]
"CursorFX"=C:\Program Files\Stardock\CursorFX\CursorFX.exe [2008-02-19 418632]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-06-19 50528]
"Google Update"=C:\Documents and Settings\Sephiroth\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 133104]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2008-02-15 492808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe [2003-06-30 1130546]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe [2001-08-23 331830]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2001-08-17 28738]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
C:\Program Files\Microsoft Money\System\Activation.exe [2001-07-25 241714]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe [2001-10-05 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2007-05-11 738968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~4\Office10\OSA.EXE -b -l []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe [2001-08-07 24633]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Program Files\Combat Arms\CombatArms.exe"="C:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Program Files\Combat Arms\Engine.exe"="C:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Program Files\Combat Arms\NMService.exe"="C:\Program Files\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Combat Arms\CombatArms.exe"="C:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Program Files\Combat Arms\Engine.exe"="C:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe"

======List of files/folders created in the last 1 months======

2008-09-27 07:35:33 ----D---- C:\rsit
2008-09-26 21:26:03 ----D---- C:\Documents and Settings\Sephiroth\Application Data\Malwarebytes
2008-09-26 21:25:43 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-26 21:25:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-22 16:51:23 ----D---- C:\Program Files\LineRider2
2008-09-18 18:22:37 ----D---- C:\Data
2008-09-10 03:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 03:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-09 19:23:25 ----A---- C:\WINDOWS\system32\MFC71.dll
2008-09-09 19:23:22 ----D---- C:\Program Files\Alwil Software
2008-09-09 17:07:54 ----D---- C:\WINDOWS\system32\appmgmt
2008-09-08 20:02:59 ----D---- C:\Program Files\Panda Security
2008-09-08 17:51:13 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-08 16:29:27 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-07 14:41:03 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-09-07 14:41:03 ----A---- C:\WINDOWS\system32\msvcp71.dll
2008-09-07 14:40:56 ----D---- C:\WINDOWS\system32\Adobe
2008-09-07 14:20:39 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-09-03 19:35:53 ----D---- C:\Documents and Settings\Sephiroth\Application Data\Toribash
2008-09-03 19:35:29 ----D---- C:\Program Files\Toribash-3.41
2008-09-03 18:04:40 ----D---- C:\WINDOWS\system32\SoftwareDistribution

======List of files/folders modified in the last 1 months======

2008-09-27 07:33:10 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-27 07:31:51 ----D---- C:\WINDOWS\Temp
2008-09-27 07:31:51 ----D---- C:\Program Files\Mozilla Firefox
2008-09-27 07:31:02 ----D---- C:\WINDOWS\system32\drivers
2008-09-27 07:30:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-27 07:29:52 ----D---- C:\WINDOWS\Prefetch
2008-09-27 07:29:15 ----RD---- C:\Program Files
2008-09-27 07:29:15 ----D---- C:\WINDOWS\system32
2008-09-24 21:11:26 ----D---- C:\Program Files\World of Warcraft
2008-09-24 19:47:30 ----A---- C:\WINDOWS\win.ini
2008-09-20 08:49:33 ----D---- C:\WINDOWS\system32\Macromed
2008-09-18 17:22:43 ----D---- C:\Program Files\Combat Arms
2008-09-16 21:41:58 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-16 21:12:24 ----SD---- C:\Documents and Settings\Sephiroth\Application Data\Microsoft
2008-09-15 17:04:13 ----D---- C:\Program Files\Phun
2008-09-14 21:13:45 ----D---- C:\Program Files\Trend Micro
2008-09-14 11:38:29 ----D---- C:\WINDOWS
2008-09-11 21:31:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-11 21:31:36 ----A---- C:\WINDOWS\system32\winsock.dll
2008-09-10 03:11:06 ----D---- C:\WINDOWS\system32\config
2008-09-10 03:03:03 ----SHD---- C:\WINDOWS\Installer
2008-09-10 03:00:55 ----HD---- C:\WINDOWS\inf
2008-09-10 03:00:53 ----D---- C:\WINDOWS\WinSxS
2008-09-10 03:00:44 ----A---- C:\WINDOWS\imsins.BAK
2008-09-09 17:13:41 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-09 17:13:04 ----D---- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-09-09 17:07:53 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-07 14:22:16 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-07 14:20:00 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-09-07 08:28:43 ----D---- C:\Program Files\Cheat Engine
2008-09-05 20:58:54 ----SD---- C:\WINDOWS\Tasks
2008-09-03 20:41:45 ----D---- C:\Documents and Settings\Sephiroth\Application Data\uTorrent
2008-09-03 18:04:44 ----D---- C:\WINDOWS\Help
2008-09-03 03:01:01 ----D---- C:\WINDOWS\ie7updates
2008-09-03 03:00:58 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 InCDPass;InCdPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2003-06-30 28208]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-06 33052]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2008-02-15 65936]
R2 Fallback;Fallback; C:\WINDOWS\system32\DRIVERS\fallback.sys [2001-07-18 310899]
R2 Fsks;Fsks; C:\WINDOWS\system32\DRIVERS\fsksnt.sys [2001-07-18 127405]
R2 K56;K56; C:\WINDOWS\system32\DRIVERS\k56nt.sys [2001-07-18 426783]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-04 11868]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 SoftFax;SoftFax; C:\WINDOWS\system32\DRIVERS\faxnt.sys [2001-07-18 217019]
R2 SpeakerPhone;SpeakerPhone; C:\WINDOWS\system32\DRIVERS\spkpnt.sys [2001-07-18 80449]
R2 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2008-07-18 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2008-07-18 205328]
R2 Tones;Tones; C:\WINDOWS\system32\DRIVERS\tonesnt.sys [2001-07-18 56607]
R2 V124;V124; C:\WINDOWS\system32\DRIVERS\v124nt.sys [2001-07-18 534125]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2008-07-18 1195448]
R3 basic2;basic2; C:\WINDOWS\system32\DRIVERS\basic2.sys [2001-07-18 77426]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-22 130192]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-01-20 140288]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-08-29 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-22 178672]
R3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2003-09-22 1330048]
R3 Rksample;Rksample; C:\WINDOWS\system32\DRIVERS\rksample.sys [2001-07-18 67654]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2008-02-15 333328]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2001-07-25 584336]
R3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
R3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2003-06-30 86496]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 USBIO;USBIO Driver (usbio.sys); C:\WINDOWS\System32\Drivers\usbio.sys [2008-05-18 19805]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 InCDsrv;InCD File System Service; C:\Program Files\Ahead\InCD\InCDsrv.exe [2003-06-30 770100]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2003-10-06 81920]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-07-29 698888]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2008-02-15 333064]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R3 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe [2008-02-16 488768]
R3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-02-16 648456]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]

---

EOF

---

And i'll put the info.txt in the next post for you. The malware antibytes scan had me restart the pc to finish getting rid of all the malware and i didn't get the error message (woo hoo) but im still gonna do what you ask because i know i'm probably not home free yet.

Thanks so much!

jumba92

Ok here it is:


info.txt logfile of random's system information tool 1.02 2008-09-27 07:36:04

======Uninstall list======

-->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /R
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Action Replay Code Manager-->"C:\Program Files\Datel\Action Replay Code Manager\unins000.exe"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Ahead InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
Ahead Nero Burning ROM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Business Contact Manager for Outlook 2007 SP1-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 SP1-->MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
Combat Arms-->"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US
Conexant HSF V92 56K RTAD Speakerphone PCI Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0\HxFSETUP.EXE -U -IVEN_14F1&DEV_2016&SUBSYS_021913E0
CursorFX-->"C:\Documents and Settings\All Users\Application Data\{A850D4D9-871B-4234-908D-21C457767270}\CursorFX_public.exe" REMOVE=TRUE MODIFY=FALSE
CursorFX-->C:\Documents and Settings\All Users\Application Data\{A850D4D9-871B-4234-908D-21C457767270}\CursorFX_public.exe
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
FlexHEX-->"C:\Program Files\FlexHEX\Uninstall.exe" "C:\Program Files\FlexHEX\install.log" -u
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)-->C:\WINDOWS\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
Google Gears-->MsiExec.exe /I{552171BC-30F8-3B29-9C4F-E3FE590B7CAC}
GooglePreviewIE Toolbar-->"C:\WINDOWS\GooglePreviewIE_Toolbar_Uninstaller_4078.exe" _?=C:\Program Files\GooglePreviewIE Toolbar
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel(R) PRO Ethernet Adapter and Software-->Prounstl.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes-->MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LaserJet 1020 series-->C:\Program Files\Zenographics\{F62D4136-3F89-4A1C-BB1C-3F5FED489EA7}\setup.exe -u "HPLJInstaller.dll=Hpl_1020.inf"
Line Rider 2-->"C:\Program Files\LineRider2\uninstall.exe"
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash Player 8-->MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Matrix-ks-->"C:\Program Files\KellySoftware\Matrix-ks\Uninstall.exe" "C:\Program Files\KellySoftware\Matrix-ks\install.log"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Encyclopedia Standard 2002-->MsiExec.exe /I{01001202-823E-46CD-A70E-BEE818F97169}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2002 System Pack-->MsiExec.exe /I{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}
Microsoft Money 2002-->MsiExec.exe /I{E7298FD5-1386-11D5-8D6C-0050DAD32D95}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Accounting 2007-->"C:\Program Files\Microsoft Small Business\Small Business Accounting 2007\SetupBootstrap\Setup.exe" /remove {B0717D5A-1976-482B-9ADF-F19631A541A4}
Microsoft Office Accounting 2007-->MsiExec.exe /X{B0717D5A-1976-482B-9ADF-F19631A541A4}
Microsoft Office Accounting ADP Payroll Addin-->MsiExec.exe /I{5FA793A6-0071-42C1-9355-8F69A428C44F}
Microsoft Office Accounting Equifax Addin-->MsiExec.exe /X{8C711818-076E-475C-B95B-DF11CD9D8DBE}
Microsoft Office Accounting Fixed Asset Manager-->MsiExec.exe /X{46614A49-222A-48EF-87A9-BFD603E608E1}
Microsoft Office Accounting PayPal Addin-->MsiExec.exe /X{353D20CC-719B-4A60-AD33-D03F88C10330}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Picture It! Photo 2002-->MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Streets and Trips 2002-->MsiExec.exe /I{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 2002 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe E:\
Microsoft Works 6.0-->MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
NVIDIA Display Driver-->C:\WINDOWS\system32\nvudisp.exe Uninstall C:\WINDOWS\system32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OrderReminder HP LaserJet 1020-->"C:\Program Files\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe" hp_LaserJet_1020
Phun beta 4.22-->"C:\Program Files\Phun\unins000.exe"
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{E9ED0801-253D-4FE9-AB20-F63DEFE72547}
Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sound Blaster Live!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}\setup.exe" -l0x9
SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Synth1-->"C:\Program Files\Synth1\setup.exe" /u
Sytrus-->C:\Program Files\Image-Line\Sytrus\uninstall.exe
Tansee iPod Transfer v3.8-->"C:\Program Files\Tansee iPod Transfer\unins000.exe"
Trend Micro Internet Security-->C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security-->MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E}
Unreal Tournament 2004-->C:\Program Files\UT2004\System\Setup.exe uninstall "UT2004"
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb956080)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {96CC215F-3F22-4E1E-A101-F0041934A456}
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
V CAST Music with Rhapsody-->C:\PROGRA~1\VCASTM~1\Unwise32.exe /A C:\PROGRA~1\VCASTM~1\install.log
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

======Security center information======

AV: Trend Micro Internet Security
FW: Trend Micro Personal Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

---

EOF

---

There you go.

Carolyn

Hi,

P2P Warning!

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

uTorrent

P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P program.
http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.

I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

---

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):

1. Click Start, point to Settings, and then click Control Panel.
2. In Control Panel, double-click Add or Remove Programs.
3. In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
4. Do the same for each Viewpoint component.

---

Download CCleaner from here and save it to your desktop so that you can find it later. Don't run CCleaner yet. We'll use it later!

Run CCleaner
CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!

• Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
• Then select the items you wish to clean up.
  • In the Windows Tab:
    • Clean all entries in the Internet Explorer section except Cookies
    • Clean all the entries in the Windows Explorer section
    • Clean all entries in the System section
    • Clean all entries in the Advanced section
    • Clean any others that you choose
  • In the Applications Tab:
    • Clean all except cookies in the Firefox/Mozilla section if you use it
    • Clean all in the Opera section if you use it
    • Clean Sun Java in the Internet Section
    • Clean any others that you choose
    
    
• Click the Run Cleaner button.
• A pop up box will appear advising this process will permanently delete files from your system.
• Click OK and it will scan and clean your system.
• Click exit when done.
• If it asks you to reboot at the end, click NO

CCleaner should be run with the above settings for each User Account!

---

Please go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   • Spyware, Adware, Dialers, and other potentially dangerous programs
     Archives
     Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply along with a fresh HijackThis log and a description of how your computer is behaving.

jumba92

So far so good. My pc is running no differently except for the absence of the error popping up, but that doesn't mean I think it's slow, it runs at it's normal speed. The online scan didn't come up with anything, and I got rid of uTorrent and the Viewpoint thing (all I found for that in add or remove programs was the media player). I have a question though, I have files on my flash drive that I put on there before this whole problem came up, so could those files be somehow infected and if so how should I go about fixing that? I haven't noticed any problems with using it but I just want to be sure that it won't re-infect my system. anyways, here's the scan results:

---

KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, September 28, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, September 28, 2008 19:52:19
Records in database: 1268728

---

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 80679
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:06:04

No malware has been detected. The scan area is clean.

The selected area was scanned.


And here's the new Hijack This:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:50 PM, on 9/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\AIM6\aim6.exe
C:\Documents and Settings\Sephiroth\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\World of Warcraft\BackgroundDownloader.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Image-Line\FL Studio 8\FL.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: GooglePreviewIE Toolbar Helper - {D476B977-AF6C-481A-8472-2ABAB5E89F20} - C:\Program Files\GooglePreviewIE Toolbar\v3.3.0.1\GooglePreviewIE_Toolbar.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: GooglePreviewIE Toolbar - {AEC32322-9D72-4C55-A108-33875F07BC03} - C:\Program Files\GooglePreviewIE Toolbar\v3.3.0.1\GooglePreviewIE_Toolbar.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sephiroth\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210889558656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211938578687
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 8362 bytes

jumba92

By the way just to let you know, Trend Micro quarantined a couple things:

A0008879.exe
C:\System Volume Information\_restore{E2ECBD83-404D-418A-9ABA-4F2DF506478D}\RP66\

A0008877.exe
C:\System Volume Information\_restore{E2ECBD83-404D-418A-9ABA-4F2DF506478D}\RP66\

I'm guessing I should delete them but I just want to make sure with you first since you're the expert, not me. It's also saying it wants to scan but you told me not to use any tools so I'm not gonna do that either until you give the OK.

Carolyn

Hello,

Trendmicro identified infected System Restore points. We'll take care of those in a moment.... Afterwards, you can let Trendmicro scan away!

Update Adobe Acrobat Reader

There is a newer version of Adobe Acrobat Reader available.

• Please go to this link Adobe Acrobat Reader Download Link
• On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
• Click the Continue button
• Click Run, and click Run again
• Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

If you don't like Adobe Reader, you can try Foxit PDF Reader. It's a much smaller file to download and uses a lot less resources than Adobe Reader.


This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are

Your log now appears to be clean. Congratulations!

Please delete RSIT.exe from your desktop.

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints. You need to be registered to post as, unfortunately, we were hit with too many spam posts to allow guest posting to continue. Just find your country room and register your complaint.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

• Clear Infected System Restore Points
  • Turn System Restore off
  • On the Desktop, right click on the My Computer icon.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
    Restart your computer
    
  • Turn System Restore on
  • On the Desktop, right click on the My Computer icon.
  • Click Properties.
  • Click the System Restore tab.
  • Uncheck *Turn off System Restore*.
  • Click Apply, and then click OK.
  Note: only do this once,and not on a regular basis
  
• Set correct settings for files
  • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
  • Under Hidden files and folders if necessary select Do not show hidden files and folders.
  • If unchecked please check Hide protected operating system files (Recommended)
  • If necessary check Display content of system folders
  • If necessary Uncheck Hide file extensions for known file types.
  • Click OK
• Make sure that you keep your antivirus updated
  New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
  Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  
• Continue to use a firewall with outbound protection
  The Windows firewall only monitors incoming traffic, NOT outgoing. Using a software firewall in its default configuration to replace the Windows firewall greatly reduces the risk of your computer being hacked. Make sure your firewall is always enabled while your computer is connected to the internet.
  Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
  
• Security Updates for Windows, Internet Explorer & Microsoft Office
  Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
  Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  
• Update Non-Microsoft Programs
  Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
  
• Make Internet Explorer More Secure
  You are using Internet Explorer v. 7. Therefore please read and follow the recommendations at this SITE

Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

• WinPatrol
  As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  
• SpywareBlaster
  SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE.
  
• Malwarebytes' Anti-Malware
  Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.You can download Malwarebytes' Anti-Malware from HERE. You can find a tutorial HERE.
  
• Hosts File
  For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
  
  Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
  If this isn't done first, the next reboot may take a VERY LONG TIME.
  This is how to do it. First be sure you are signed in as a user with administrative privileges:

  Stop and Disable the DNS Client Service
  Go to Start, Run and type Services.msc and click OK.
  Under the Extended Tab, Scroll down and find this service.
  DNS Client
  Right-Click on the DNS Client Service. Choose Properties
  Select the General tab. Click on the Stop button.
  Click the Arrow-down tab on the right-hand side at the Start-up Type box.
  From the drop-down menu, click on Manual
  Click the Apply tab, then click OK

• Use an alternative Internet Browser
  Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
  Firefox
  Opera

Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

jumba92

Ok, first of all just to let you know you are the most awesome person on earth! THANK YOU!
Second, do I need to worry about files on my flash drive or not?
Third, how strongly do you recommend that I keep Malwarebytes' Anti-Malware? Because this is a computer I share with other people and they don't think having more than one protection program on the pc is a good thing (conflicting programs?)
Fourth, can I get rid of CCleaner and all the logs i have from hijack this and other scans?
Fifth, again, you're awesome, and thanks again

Jumba92

P.S. What do I do if Trend finds any viruses? PM you?

Carolyn

first of all just to let you know you are the most awesome person on earth! THANK YOU!

Your welcome!

Second, do I need to worry about files on my flash drive or not?

No need to worry about your flash drive. There are infections that spread using removeable media, but nothing in your log indicates that is the case here.

Third, how strongly do you recommend that I keep Malwarebytes' Anti-Malware? Because this is a computer I share with other people and they don't think having more than one protection program on the pc is a good thing (conflicting programs?)

Your friends are partly correct. You never want to have more than one anti-virus or third-party firewall installed on your computer. At the same time, I would never trust my computer's security to only one product, but common sense also says that you do not want too many memory resident scanners running because they use system resources. My laptop came with a three year Trend Micro license pre-installed. It's a good AV and FW. I also run WinPatrol - it warns me when a program tries to change something in the registry. It uses very little in the way of system resources. It also has some nice utilities, like one for controlling start-ups. I have Malwarebytes' Anti-Malware installed as well. The free version does not have the memory resident feature. So I just update it and run a scan every week or two. It's one of my favorite scanners.

Fourth, can I get rid of CCleaner and all the logs i have from hijack this and other scans?

Yes you can.

What do I do if Trend finds any viruses?

It's not uncommon for Trend to notify you of tracking cookies. I just let it delete those. If it finds a virus or trojan, post a HijackThis log in a new topic in this forum.

Please let me know if you have any other questions or concerns.

jumba92

All set! Trend found a few cookies which i deleted but other than that, nothing. Thanks again

Carolyn

Glad we could be of assistance! The help you received here was free.

This topic is now closed. If you wish it reopened, please send a Private Message to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own Thread instead

_______________________________

Have we helped you with any issues you have had with your PCs or other items? If so, you can now help us by Joining Team 93 and fold for a cure.