Jump to content

My New HJT Log **{Vista}**


Recommended Posts

I have not run any virus scans as of lately. PC is running fine, I am just trying to get opinions on my NEW HJT Log. Any help would be greatly appreciated.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:39:24 PM, on 5/27/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\WINDOWS\RtHDVCpl.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Windows\system32\schtasks.exe

C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Windows\system32\jusched.exe

C:\Program Files\Trillian\trillian.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\hp\kbd\kbd.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\Windows\system32\SolidStateNetworks\SolidStateION\solidax.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe"

O4 - HKLM\..\Run: [sBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O13 - Gopher Prefix:

O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 7816 bytes

Link to post
Share on other sites

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

 

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hi 911_H3LP3R :)

 

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!.
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Vista Advice:

 

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

 

The Operating System(Vista aka Windows 6) in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

 

Your machine is also missing a vital Service Pack, do not be alarmed OK, this is more for your information and we will address this when I give the all clear. Do not install it until I ask you to.

 

Next:

 

I have not run any virus scans as of lately. PC is running fine

This is not wise at all, you should run a full scan with your installed Anti-Virus at least once per week.

 

I am just trying to get opinions on my NEW HJT Log. Any help would be greatly appreciated.

I am willing to check your machine for you but please bare in mind for future reference neither myself, nor my colleagues within the PCP Trusted HJT Advisor's team appreciate being treated as a check up service OK ;)

 

Run Kaspersky Online AV Scanner:

 

Right click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it.

 

Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
This online tuturial will help explain how to use the aforementioned online scan.

 

Next:

 

Please download to your desktop DDS from one of the links below:

 

Link1

Link2

Link3

  • Disable any script blocker then right click on DDS and select Run as Administrator to start the application.
  • A black Screen will open, just read the contents and do nothing.
  • When the tool finish it will open 2 reports.
  • Copy/paste both reports back here and remove DDS from your desktop.
Note: Two logfiles will be generated with Notepad: DDS.txt and Attach.txt

 

When completed the above, please post back the following:

  • Any problems encountered and or further symptoms?
  • Kaspersky results.
  • Both DDS logs. <-- Post them individually please. IE: one Log per post/reply.
Link to post
Share on other sites

Hi :)

 

I did not intend for you to be a "CheckUp ServicE". I am actually now experiencing a problem with PC. It wont Restart or shut down by itself.

 

Fair play then, leave the online scan for the time being and just carry out the below, thank you.

Please download to your desktop DDS from one of the links below:

 

Link1

Link2

Link3

  • Disable any script blocker then right click on DDS and select Run as Administrator to start the application.
  • A black Screen will open, just read the contents and do nothing.
  • When the tool finish it will open 2 reports.
  • Copy/paste both reports back here and remove DDS from your desktop.
Note: Two logfiles will be generated with Notepad: DDS.txt and Attach.txt

 

When completed the above, please post back the following:

  • Any problems encountered and or further symptoms?
  • Both DDS logs. <-- Post them individually please. IE: one Log per post/reply.
Link to post
Share on other sites

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-05-14.01)

 

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 5/25/2009 3:28:10 PM

System Uptime: 6/2/2009 10:21:35 PM (16 hours ago)

 

Motherboard: ECS | | Nettle2

Processor: AMD Athlon 64 X2 Dual Core Processor 6000+ | Socket M2 | 3000/201mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 457 GiB total, 375.84 GiB free.

D: is FIXED (NTFS) - 9 GiB total, 0.866 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

RP13: 5/25/2009 4:12:22 PM - Windows Vista Service Pack 1

RP15: 5/25/2009 5:37:08 PM - Installed ijji Auto Installer

RP16: 5/25/2009 5:44:44 PM - Windows Update

RP17: 5/25/2009 7:15:48 PM - Windows Update

RP18: 5/26/2009 1:51:33 PM - Device Driver Package Install: CXT Modems

RP19: 5/26/2009 1:54:23 PM - Device Driver Package Install: Realtek Semiconductor Corp. Sound, video and game controllers

RP20: 5/26/2009 1:55:57 PM - Device Driver Package Install: CXT Modems

RP21: 5/26/2009 1:58:43 PM - Device Driver Package Install: NVIDIA Corporation Storage controllers

RP22: 5/26/2009 2:03:11 PM - Device Driver Package Install: NVIDIA Display adapters

RP23: 5/26/2009 2:05:12 PM - Installed HP Update

RP24: 5/26/2009 5:00:10 PM - Windows Update

RP25: 5/27/2009 12:32:45 AM - Device Driver Package Install: Zone Labs, a Check Point company Network Service

RP26: 5/27/2009 12:33:58 AM - Windows Update

RP27: 5/27/2009 8:57:20 PM - Windows Update

RP28: 5/27/2009 11:53:19 PM - Windows Update

RP29: 5/29/2009 4:26:15 AM - Scheduled Checkpoint

RP30: 5/30/2009 12:18:34 AM - Removed Roxio MyDVD Basic v9

RP31: 5/30/2009 12:28:50 AM - Removed HP Total Care Advisor

RP32: 5/30/2009 11:58:39 PM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers

RP33: 5/31/2009 12:01:39 AM - Installed iTunes

RP34: 5/31/2009 12:02:46 AM - Installed iTunes

RP35: 5/31/2009 1:05:18 AM - Installed TouchCopy 09

RP36: 5/31/2009 9:01:51 PM - Removed TouchCopy 09

RP37: 5/31/2009 9:36:39 PM - Installed iPhoneBrowser

RP38: 5/31/2009 10:10:46 PM - Removed iPhoneBrowser

RP39: 6/1/2009 10:30:37 PM - Installed Safari

RP40: 6/1/2009 10:33:31 PM - Removed Safari

RP41: 6/2/2009 8:50:36 PM - Scheduled Checkpoint

RP42: 6/2/2009 10:37:30 PM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers

RP43: 6/2/2009 10:37:58 PM - Device Driver Package Install: Apple Network adapters

 

==== Installed Programs ======================

 

Adobe Flash Player 10 Plugin

Adobe Flash Player ActiveX

Adobe Reader 8.1.0

AI RoboForm (All Users)

Apple Mobile Device Support

Apple Software Update

Bonjour

CCleaner (remove only)

Cheat Engine 5.5

Enhanced Multimedia Keyboard Solution

Gunbound Revolution

Hewlett-Packard Active Check

Hewlett-Packard Asset Agent for Health Check

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Active Support Library 32 bit components

HP Customer Experience Enhancements

HP Customer Feedback

HP Easy Setup - Frontend

HP On-Screen Cap/Num/Scroll Lock Indicator

HP Picasso Media Center Add-In

HP Update

ijji

ijji Auto Installer

iTunes

Java SE Runtime Environment 6 Update 1

LightScribe 1.6.45.1

LimeWire 5.1.3

Microsoft .NET Framework 3.5 SP1

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox (3.0.10)

MSXML 4.0 SP2 (KB954430)

NVIDIA Drivers

Python 2.5

QuickTime

Realtek High Definition Audio Driver

Rhapsody Player Engine

Roxio Activation Module

Soft Data Fax Modem with SmartCP

Solid State ION Internet Explorer Plugin

Trillian

VC 9.0 Runtime

VIPRE Antivirus + Antispyware

WeatherBug Gadget

WinRAR archiver

ZoneAlarm

 

==== Event Viewer Messages From Past Week ========

 

6/2/2009 6:16:11 PM, Error: EventLog [6008] - The previous system shutdown at 6:13:51 PM on 6/2/2009 was unexpected.

6/2/2009 5:43:56 PM, Error: EventLog [6008] - The previous system shutdown at 5:41:47 PM on 6/2/2009 was unexpected.

6/2/2009 10:39:15 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/2/2009 10:36:56 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/2/2009 10:22:05 PM, Error: EventLog [6008] - The previous system shutdown at 10:20:07 PM on 6/2/2009 was unexpected.

6/1/2009 12:29:51 PM, Error: EventLog [6008] - The previous system shutdown at 12:28:06 PM on 6/1/2009 was unexpected.

6/1/2009 10:36:41 PM, Error: EventLog [6008] - The previous system shutdown at 10:34:47 PM on 6/1/2009 was unexpected.

5/31/2009 9:47:10 PM, Error: EventLog [6008] - The previous system shutdown at 9:45:18 PM on 5/31/2009 was unexpected.

5/31/2009 9:05:22 PM, Error: EventLog [6008] - The previous system shutdown at 9:03:01 PM on 5/31/2009 was unexpected.

5/31/2009 2:01:48 AM, Error: EventLog [6008] - The previous system shutdown at 1:59:33 AM on 5/31/2009 was unexpected.

5/31/2009 12:55:37 AM, Error: EventLog [6008] - The previous system shutdown at 12:53:13 AM on 5/31/2009 was unexpected.

5/31/2009 10:07:05 AM, Error: EventLog [6008] - The previous system shutdown at 10:04:44 AM on 5/31/2009 was unexpected.

5/30/2009 5:37:04 PM, Error: EventLog [6008] - The previous system shutdown at 5:35:33 PM on 5/30/2009 was unexpected.

5/30/2009 4:32:37 AM, Error: EventLog [6008] - The previous system shutdown at 4:30:55 AM on 5/30/2009 was unexpected.

5/30/2009 12:42:09 AM, Error: EventLog [6008] - The previous system shutdown at 12:40:27 AM on 5/30/2009 was unexpected.

5/30/2009 11:54:20 PM, Error: Microsoft-Windows-WPD-MTPClassDriver [15300] - MTP WPD Driver has failed to start. Error 0x8007001f.

5/30/2009 11:39:17 PM, Error: EventLog [6008] - The previous system shutdown at 11:37:00 PM on 5/30/2009 was unexpected.

5/30/2009 11:03:30 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: A required privilege is not held by the client.

5/29/2009 10:04:50 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

5/29/2009 10:04:50 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

5/29/2009 10:04:50 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

5/29/2009 10:04:50 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/29/2009 10:03:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

5/29/2009 10:03:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

5/28/2009 9:09:11 PM, Error: EventLog [6008] - The previous system shutdown at 9:06:52 PM on 5/28/2009 was unexpected.

5/28/2009 7:44:56 PM, Error: EventLog [6008] - The previous system shutdown at 7:43:02 PM on 5/28/2009 was unexpected.

5/28/2009 6:13:07 PM, Error: EventLog [6008] - The previous system shutdown at 6:11:11 PM on 5/28/2009 was unexpected.

5/27/2009 8:33:14 PM, Error: EventLog [6008] - The previous system shutdown at 8:31:13 PM on 5/27/2009 was unexpected.

5/27/2009 8:16:37 PM, Error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is MIKE-PC.

5/27/2009 7:42:13 PM, Error: EventLog [6008] - The previous system shutdown at 7:40:58 PM on 5/27/2009 was unexpected.

5/27/2009 7:23:55 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/27/2009 7:23:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.

5/27/2009 7:20:58 PM, Error: EventLog [6008] - The previous system shutdown at 7:19:18 PM on 5/27/2009 was unexpected.

5/27/2009 3:09:17 PM, Error: EventLog [6008] - The previous system shutdown at 3:08:04 PM on 5/27/2009 was unexpected.

5/27/2009 12:33:26 AM, Error: Service Control Manager [7030] - The TrueVector Internet Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

5/27/2009 1:42:04 PM, Error: EventLog [6008] - The previous system shutdown at 1:39:53 PM on 5/27/2009 was unexpected.

5/27/2009 1:16:45 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

 

==== End Of File ===========================

Edited by 911_H3LP3R
Link to post
Share on other sites

DDS (Ver_09-05-14.01) - NTFSx86

Run by Mike at 14:08:24.98 on Wed 06/03/2009

Internet Explorer: 8.0.6001.18702

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1506 [GMT -5:00]

 

AV: Sunbelt VIPRE *On-access scanning enabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}

SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

SP: Sunbelt VIPRE *enabled* (Updated) {9817B764-AE4E-4B29-AEE7-725B7A50BD48}

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\WINDOWS\System32\ZoneLabs\vsmon.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Program Files\Bonjour\mDNSResponder.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\WINDOWS\RtHDVCpl.exe

C:\Windows\system32\schtasks.exe

C:\Windows\system32\jusched.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Trillian\trillian.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\ehome\ehsched.exe

C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe

C:\Windows\ehome\ehRecvr.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\hp\kbd\kbd.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Mike\AppData\Local\Temp\jkos-Mike\binaries\ScanningProcess.exe

C:\Users\Mike\AppData\Local\Temp\jkos-Mike\binaries\ScanningProcess.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Mike\Desktop\dds.pif

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://yahoo.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop

uInternet Settings,ProxyOverride = *.local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll

BHO: CSolidBrowserObj Object: {bd08a9d5-0e5c-4f42-99a3-c0cb5e860557} - c:\windows\system32\solidstatenetworks\solidstateion\solidax.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File

uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [KBD] c:\hp\kbd\KbdStub.EXE

mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [sunJavaUpdateReg] "c:\windows\system32\jureg.exe"

mRun: [<NO NAME>]

mRun: [sBAMTray] c:\program files\sunbelt software\vipre\SBAMTray.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\trillian.lnk - c:\program files\trillian\trillian.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} - hxxp://www.playwhat.com/solidPlugin/solidstateion.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\uwho8sf6.default\

FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll

FF - plugin: c:\users\mike\appdata\roaming\mozilla\firefox\profiles\uwho8sf6.default\extensions\[email protected]\plugins\npssn.dll

 

============= SERVICES / DRIVERS ===============

 

R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2009-5-25 202928]

R2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2009-3-17 894248]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-3-4 69936]

R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-8-9 968064]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2008-10-22 92464]

S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]

S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]

 

=============== Created Last 30 ================

 

2009-06-02 22:42 <DIR> --d----- c:\program files\iPod

2009-06-02 22:42 <DIR> --d----- c:\program files\iTunes

2009-06-01 12:25 <DIR> --d----- c:\programdata\WindowsSearch

2009-06-01 12:19 1,970,176 a------- c:\windows\system32\d3dx9.dll

2009-06-01 12:19 679,936 a------- c:\windows\system32\D3DX81ab.dll

2009-06-01 12:19 <DIR> --d----- c:\program files\Cheat Engine

2009-05-31 01:20 <DIR> --d----- c:\users\mike\appdata\roaming\DiskAid

2009-05-31 01:16 <DIR> --d----- c:\programdata\Wide Angle Software

2009-05-31 01:16 <DIR> --d----- c:\progra~2\Wide Angle Software

2009-05-31 00:03 107,368 a------- c:\windows\system32\GEARAspi.dll

2009-05-31 00:03 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys

2009-05-31 00:03 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-05-31 00:03 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-05-31 00:01 <DIR> --d----- c:\program files\Bonjour

2009-05-31 00:00 <DIR> --d----- c:\programdata\Apple Computer

2009-05-30 23:58 <DIR> --d----- c:\users\mike\appdata\roaming\LimeWire

2009-05-30 23:58 <DIR> --d----- c:\programdata\Apple

2009-05-30 23:57 <DIR> --d----- c:\program files\LimeWire

2009-05-30 23:54 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2009-05-27 23:44 <DIR> --d----- c:\windows\system32\eu-ES

2009-05-27 23:44 <DIR> --d----- c:\windows\system32\ca-ES

2009-05-27 23:44 <DIR> --d----- c:\windows\system32\vi-VN

2009-05-27 23:43 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2009-05-27 20:58 <DIR> --d----- c:\windows\system32\EventProviders

2009-05-27 20:55 3,549,672 a------- c:\windows\system32\ntoskrnl.exe

2009-05-27 20:54 593,408 a------- c:\windows\system32\comuid.dll

2009-05-27 20:53 744,448 a------- c:\windows\system32\wbem\wbemcore.dll

2009-05-27 20:53 614,912 a------- c:\windows\system32\wbem\fastprox.dll

2009-05-27 20:53 265,728 a------- c:\windows\system32\wbem\repdrvfs.dll

2009-05-27 20:53 265,728 a------- c:\windows\system32\wbem\esscli.dll

2009-05-27 20:53 189,440 a------- c:\windows\system32\wbem\mofd.dll

2009-05-27 20:53 83,968 a------- c:\windows\system32\wbem\wmiutils.dll

2009-05-27 20:53 30,208 a------- c:\windows\system32\wbem\wbemprox.dll

2009-05-27 20:53 705,536 a------- c:\windows\system32\SmiEngine.dll

2009-05-27 20:53 218,624 a------- c:\windows\system32\wdscore.dll

2009-05-27 20:53 130,560 a------- c:\windows\system32\PkgMgr.exe

2009-05-27 20:53 247,808 a------- c:\windows\system32\drvstore.dll

2009-05-27 20:38 <DIR> --d----- c:\program files\Trend Micro

2009-05-27 00:33 1,221,512 a------- c:\windows\system32\zpeng25.dll

2009-05-27 00:33 <DIR> --d----- c:\program files\Zone Labs

2009-05-27 00:32 350,192 a---h--- c:\windows\system32\drivers\vsconfig.xml

2009-05-27 00:32 293,528 a------- c:\windows\system32\drivers\vsdatant.sys

2009-05-27 00:32 <DIR> --d----- c:\windows\system32\ZoneLabs

2009-05-27 00:31 <DIR> --d----- c:\programdata\CheckPoint

2009-05-27 00:31 <DIR> --d----- c:\progra~2\CheckPoint

2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx

2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts

2009-05-26 14:19 <DIR> --d----- c:\programdata\NVIDIA

2009-05-26 13:59 8,535 a------- c:\windows\system32\nvide.nvu

2009-05-26 13:55 553 a------- c:\windows\USetup.iss

2009-05-26 13:54 109,088 a------- c:\windows\RTKAUDIOSERVICE.EXE

2009-05-26 13:54 4,874,240 a------- c:\windows\RtHDVCpl.exe

2009-05-26 13:54 1,191,936 a------- c:\windows\RtlUpd.exe

2009-05-26 13:54 135,168 a------- c:\windows\system32\SRSWOW.dll

2009-05-26 13:54 45,600 a------- c:\windows\system32\RtkCoInst.dll

2009-05-26 13:51 <DIR> --d----- c:\program files\CONEXANT

2009-05-26 13:51 <DIR> --d----- c:\users\mike\appdata\roaming\WinBatch

2009-05-25 17:45 18,904 a------- c:\windows\system32\StructuredQuerySchemaTrivial.bin

2009-05-25 17:45 11,967,524 a------- c:\windows\system32\korwbrkr.lex

2009-05-25 17:41 2,849,757 a------- c:\windows\system32\GameMon.des

2009-05-25 17:41 5,174 a------- c:\windows\system32\nppt9x.vxd

2009-05-25 17:41 4,682 a------- c:\windows\system32\npptNT2.sys

2009-05-25 17:40 <DIR> --d----- c:\program files\common files\INCA Shared

2009-05-25 17:37 <DIR> --d----- c:\programdata\ijjigame

2009-05-25 17:37 <DIR> --d----- c:\progra~2\ijjigame

2009-05-25 17:37 710,064 a------- c:\windows\system32\ijjiSetup.exe

2009-05-25 17:37 157,152 a------- c:\windows\system32\PubPlugin.dll

2009-05-25 17:37 66,992 a------- c:\windows\system32\ijjiProcessRestarter.exe

2009-05-25 17:37 <DIR> --d----- c:\program files\NHN USA

2009-05-25 16:13 <DIR> --d----- C:\ijji

2009-05-25 16:09 151,552 a------- c:\windows\system32\WpdMtp.dll

2009-05-25 16:08 274,944 a------- c:\windows\system32\srrstr.dll

2009-05-25 16:07 117,760 a------- c:\windows\system32\bcdsrv.dll

2009-05-25 16:01 <DIR> --d----- c:\program files\Yahoo!

2009-05-25 16:01 <DIR> --d----- c:\program files\CCleaner

2009-05-25 15:54 <DIR> --d----- c:\windows\system32\SolidStateNetworks

2009-05-25 15:43 <DIR> --d----- c:\windows\Internet Logs

2009-05-25 15:38 35,328 a------- c:\windows\11.gbna1

2009-05-25 15:33 132,880 a------- c:\windows\system32\MSINET.OCX

2009-05-25 15:22 <DIR> --d----- c:\programdata\RoboForm

2009-05-25 15:22 <DIR> --d----- c:\program files\Siber Systems

2009-05-25 14:58 <DIR> --d----- c:\users\mike\appdata\roaming\Sunbelt

2009-05-25 14:55 <DIR> --d----- c:\programdata\Sunbelt

2009-05-25 14:55 <DIR> --d----- c:\progra~2\Sunbelt

2009-05-25 14:49 1,732 a------- c:\windows\system32\drivers\nvphy.bin

2009-05-25 14:48 272,896 a------- c:\windows\system32\polstore.dll

2009-05-25 14:48 61,440 a------- c:\windows\system32\winipsec.dll

2009-05-25 14:48 1,820 a------- c:\windows\system32\rasctrnm.h

2009-05-25 14:46 12,880 a------- c:\windows\system32\wbem\wlan.mof

2009-05-25 14:38 2,048 a------- c:\windows\system32\msxml3r.dll

2009-05-25 14:34 69,632 a------- c:\windows\system32\Mpeg2Data.ax

2009-05-25 14:25 7,042,560 a------- c:\windows\system32\NlsLexicons081a.dll

2009-05-25 14:23 6,656 a------- c:\windows\system32\kbd106n.dll

2009-05-25 14:21 9,728 a------- c:\windows\system32\lsass.exe

2009-05-25 14:21 13,780 a------- c:\windows\system32\wbem\lsasrv.mof

2009-05-25 14:17 37,888 a------- c:\windows\system32\printcom.dll

2009-05-25 14:17 14,848 a------- c:\windows\system32\wshrm.dll

2009-05-25 14:09 19,595,264 a------- c:\windows\ocsetup_install_NetFx3.etl

2009-05-25 14:09 196,608 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf

2009-05-25 14:09 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx

2009-05-25 14:07 41,984 a------- c:\windows\system32\netfxperf.dll

2009-05-25 14:02 84,480 a------- c:\windows\system32\INETRES.dll

2009-05-25 14:00 <DIR> --d----- c:\program files\MSXML 4.0

2009-05-25 14:00 2,048 a------- c:\windows\system32\msxml6r.dll

2009-05-25 13:51 16 a------- c:\windows\system32\coh.cache

2009-05-25 13:48 202,928 a------- c:\windows\system32\drivers\sbtis.sys

2009-05-25 13:48 <DIR> --d----- c:\program files\Sunbelt Software

2009-05-25 13:42 44 a------- c:\windows\system\hpsysdrv.dat

2009-05-25 13:36 1,831 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_GN551AA-ABA m8200n_YC_0Pavi_QMXX748_E74NAv3PrA1_49_INettle2_SECS_V1.0_B5.20_T071003_WUH0_L409_M2942_J500_7AMD_8Athlon 64 X2 Dual Core_93_#071225_N10DE03EF_Z14F12F20_G10DE03D0.MRK

2009-05-25 13:35 <DIR> --d----- c:\users\Mike

2009-05-25 13:33 1,524,736 a------- c:\windows\system32\wucltux.dll

2009-05-25 13:33 83,456 a------- c:\windows\system32\wudriver.dll

2009-05-25 13:32 162,064 a------- c:\windows\system32\wuwebv.dll

2009-05-25 13:32 31,232 a------- c:\windows\system32\wuapp.exe

2009-05-25 13:31 <DIR> --dsh--- c:\programdata\Documents

2009-05-25 13:31 <DIR> --dsh--- C:\Documents and Settings

 

==================== Find3M ====================

 

2009-06-02 22:39 143,360 a------- c:\windows\inf\infstrng.dat

2009-06-02 22:39 86,016 a------- c:\windows\inf\infstor.dat

2009-06-02 22:39 51,200 a------- c:\windows\inf\infpub.dat

2009-05-27 23:44 665,600 a------- c:\windows\inf\drvindex.dat

2009-05-26 13:54 319,456 a------- c:\windows\DIFxAPI.dll

2009-05-25 17:19 174 a--sh--- c:\program files\desktop.ini

2009-05-25 16:24 101,888 a------- c:\windows\system32\ifxcardm.dll

2009-05-25 16:24 82,432 a------- c:\windows\system32\axaltocm.dll

2009-05-25 14:39 52,736 a------- c:\windows\apppatch\iebrshim.dll

2009-05-25 14:25 5,090,816 a------- c:\windows\system32\NlsLexicons0416.dll

2009-04-11 01:33 986,600 a------- c:\windows\system32\winload.exe

2009-04-11 01:33 926,184 a------- c:\windows\system32\winresume.exe

2009-04-11 01:33 292,840 a------- c:\windows\system32\drivers\volmgrx.sys

2009-04-11 01:33 897,000 a------- c:\windows\system32\drivers\tcpip.sys

2009-04-11 01:33 614,376 a------- c:\windows\system32\ci.dll

2009-04-11 01:28 342,528 a------- c:\windows\system32\zipfldr.dll

2009-04-11 01:27 627,200 a------- c:\windows\system32\sethc.exe

2009-04-11 01:22 7,168 a------- c:\windows\system32\f3ahvoas.dll

2009-04-11 01:21 37,376 a------- c:\windows\system32\cdd.dll

2009-04-11 00:42 93,696 a------- c:\windows\system32\drivers\bridge.sys

2009-04-11 00:03 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll

2009-04-11 00:03 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll

2009-04-10 23:57 8,147,456 a------- c:\windows\system32\wmploc.DLL

2009-04-10 23:54 2,048 a------- c:\windows\system32\mferror.dll

2009-04-10 23:51 180,736 a------- c:\windows\system32\drivers\rdpwd.sys

2009-04-10 23:47 273,920 a------- c:\windows\system32\drivers\afd.sys

2009-04-10 23:46 69,120 a------- c:\windows\system32\drivers\rassstp.sys

2009-04-10 23:46 121,344 a------- c:\windows\system32\drivers\ndiswan.sys

2009-04-10 23:46 41,472 a------- c:\windows\system32\drivers\raspppoe.sys

2009-04-10 23:46 15,872 a------- c:\windows\system32\drivers\usb8023.sys

2009-04-10 23:46 33,280 a------- c:\windows\system32\drivers\RNDISMP.sys

2009-04-10 23:46 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys

2009-04-10 23:45 72,192 a------- c:\windows\system32\drivers\tdx.sys

2009-04-10 23:45 72,192 a------- c:\windows\system32\drivers\pacer.sys

2009-04-10 23:45 185,856 a------- c:\windows\system32\drivers\netbt.sys

2009-04-10 23:45 401,408 a------- c:\windows\system32\drivers\http.sys

2009-04-10 23:45 113,664 a------- c:\windows\system32\drivers\rmcast.sys

2009-04-10 23:45 66,560 a------- c:\windows\system32\drivers\smb.sys

2009-04-10 23:43 148,480 a------- c:\windows\system32\drivers\nwifi.sys

2009-04-10 23:43 196,096 a------- c:\windows\system32\drivers\usbhub.sys

2009-04-10 23:43 62,208 a------- c:\windows\system32\drivers\ohci1394.sys

2009-04-10 23:42 226,304 a------- c:\windows\system32\drivers\usbport.sys

2009-04-10 23:42 25,856 a------- c:\windows\system32\drivers\USBCAMD2.sys

2009-04-10 23:42 25,856 a------- c:\windows\system32\drivers\USBCAMD.sys

2009-04-10 23:42 39,936 a------- c:\windows\system32\drivers\usbehci.sys

2009-04-10 23:42 19,456 a------- c:\windows\system32\drivers\usbohci.sys

2009-04-10 23:42 167,936 a------- c:\windows\system32\drivers\portcls.sys

2009-04-10 23:42 39,424 a------- c:\windows\system32\drivers\hidclass.sys

2009-04-10 23:42 52,992 a------- c:\windows\system32\drivers\stream.sys

2009-04-10 23:42 561,152 a------- c:\windows\system32\drivers\hdaudbus.sys

2009-04-10 23:39 16,384 a------- c:\windows\system32\iscsilog.dll

2009-04-10 23:39 67,072 a------- c:\windows\system32\drivers\cdrom.sys

2009-04-10 23:39 19,456 a------- c:\windows\system32\drivers\Diskdump.sys

2009-04-10 23:38 149,504 a------- c:\windows\system32\drivers\ks.sys

2009-04-10 23:38 17,408 a------- c:\windows\system32\drivers\kbdhid.sys

2009-04-10 23:27 2,560 a------- c:\windows\system32\msimsg.dll

2009-04-10 23:24 2,034,688 a------- c:\windows\system32\win32k.sys

2009-04-10 23:23 626,176 a------- c:\windows\system32\drivers\dxgkrnl.sys

2009-04-10 23:23 289,792 a------- c:\windows\system32\atmfd.dll

2009-04-10 23:23 76,288 a------- c:\windows\system32\drivers\dxg.sys

2009-04-10 23:22 33,280 a------- c:\windows\system32\drivers\watchdog.sys

2009-04-10 23:15 288,768 a------- c:\windows\system32\drivers\srv.sys

2009-04-10 23:15 144,896 a------- c:\windows\system32\drivers\srv2.sys

2009-04-10 23:15 98,816 a------- c:\windows\system32\drivers\srvnet.sys

2009-04-10 23:14 114,688 a------- c:\windows\system32\drivers\mrxdav.sys

2009-04-10 23:14 212,992 a------- c:\windows\system32\drivers\mrxsmb10.sys

2009-04-10 23:14 225,280 a------- c:\windows\system32\drivers\rdbss.sys

2009-04-10 23:14 79,360 a------- c:\windows\system32\drivers\mrxsmb20.sys

2009-04-10 23:14 105,984 a------- c:\windows\system32\drivers\mrxsmb.sys

2009-04-10 23:14 75,264 a------- c:\windows\system32\drivers\dfsc.sys

2009-04-10 23:14 35,328 a------- c:\windows\system32\drivers\npfs.sys

2009-04-10 23:13 226,816 a------- c:\windows\system32\drivers\udfs.sys

2009-04-10 23:13 136,704 a------- c:\windows\system32\drivers\exfat.sys

2009-04-10 23:13 142,848 a------- c:\windows\system32\drivers\fastfat.sys

2009-04-10 23:12 617,984 a------- c:\windows\system32\adtschema.dll

2009-04-10 21:52 684,032 a------- c:\windows\system32\drivers\spsys.sys

2009-04-10 20:59 107,612 a------- c:\windows\system32\StructuredQuerySchema.bin

2009-03-29 23:42 278,848 a------- c:\windows\system32\mscoree.dll

2009-03-29 23:42 155,456 a------- c:\windows\system32\mscorier.dll

2009-03-29 23:42 93,512 a------- c:\windows\system32\dfshim.dll

2009-03-29 23:42 80,720 a------- c:\windows\system32\mscories.dll

2009-03-26 15:23 1,900,544 a------- c:\windows\system32\usbaaplrc.dll

2009-03-17 13:26 65,320 a------- c:\windows\system32\sbbd.exe

2009-03-08 06:34 914,944 a------- c:\windows\system32\wininet.dll

2009-03-08 06:34 43,008 a------- c:\windows\system32\licmgr10.dll

2009-03-08 06:33 18,944 a------- c:\windows\system32\corpol.dll

2009-03-08 06:33 109,056 a------- c:\windows\system32\iesysprep.dll

2009-03-08 06:33 109,568 a------- c:\windows\system32\PDMSetup.exe

2009-03-08 06:33 132,608 a------- c:\windows\system32\ieUnatt.exe

2009-03-08 06:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe

2009-03-08 06:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe

2009-03-08 06:33 103,936 a------- c:\windows\system32\SetDepNx.exe

2009-03-08 06:33 420,352 a------- c:\windows\system32\vbscript.dll

2009-03-08 06:32 72,704 a------- c:\windows\system32\admparse.dll

2009-03-08 06:32 71,680 a------- c:\windows\system32\iesetup.dll

2009-03-08 06:32 66,560 a------- c:\windows\system32\wextract.exe

2009-03-08 06:32 169,472 a------- c:\windows\system32\iexpress.exe

2009-03-08 06:31 34,816 a------- c:\windows\system32\imgutil.dll

2009-03-08 06:31 48,128 a------- c:\windows\system32\mshtmler.dll

2009-03-08 06:31:00 A------- 45,568 c:\windows\system32\mshta.exe

 

============= FINISH: 14:11:10.29 ===============

Link to post
Share on other sites

Hi :)

 

Security Application Conflict Advice:

 

This will go a long way towards explaining the current issues with your machine you informed myself about. You have three Anti-Spyware applications active in system memory. This has caused a system conflict and will actually lessen overall online protection.

 

Currently active:

  • Sunbelt VIPRE
  • Windows Defender
  • ZoneAlarm Anti-Spyware
So we need to disable two of them and I propose we do this with:-

 

Windows Defender:- This application is next to useless but unfortunately it cannot be uninstalled because it is a integral part of the Vista Operating System.

 

How to disable the Windows Defender service completely

 

ZoneAlarm Anti-Spyware:- This is not particularly effective either though the Software Firewall is fine.

  • Double-click the ZA icon on the Windows Taskbar to bring up ZoneAlarm.
  • When the ZoneAlarm window appears, click Anti-spyware.
  • Click the Main tab if it is not already selected.
  • Click the Advanced Options button.
  • The Advanced Options dialog box will appear. Click Scan Schedule if it is not already selected.
  • Uncheck Scan for spyware.
  • Click OK to close the dialog box.
Note: Make sure you carry out the above and disable both before proceeding further!

 

Peer To Peer Advice:

 

I notice you have LimeWire 5.1.3 installed, my advice would be to uninstall this because even though you may think P2P is a great way to get lots of seemingly freeware, it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice avoid these types of software applications.

 

This is at your discretion to remove or not and I cannot ask you too because this forum does not have a policy about such. If however you do opt to leave this application installed please refrain from using it during the course of this malware removal process, thank you.

 

Next:

 

Older versions of both Adobe and Java installations pose a security risk and a back-door for malware to reinfect a system. We will update both in due course OK.

 

Anything WeatherBug associated is a known conduit for Adware and worse.

 

Please go to Start >> Control Panel >> Programs and Features and remove the following (if present):

 

Adobe Reader 8.1.0

Java™ SE Runtime Environment 6 Update 1

WeatherBug Gadget

 

To do so click once on each of the below and click on Uninstall/Change and follow the prompts.

 

Backup the Registry:

 

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right-click on erunt-setup and select Run as Administrator to install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
Next:

 

Please download OTM to your Desktop.

  • Right-click OTM and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
:Processes
Explorer.EXE

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
"LinksFolderName"="Links"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[-HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}"=-
[-HKEY_CLASSES_ROOT\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]

:Commands
[EmptyTemp]
Start Explorer]
[Reboot]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.
Next:

 

Please download Malwarebytes' Anti-Malware to your desktop.

  • Right-click mbam-setup.exe and select Run as Administrator then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  • Launch Malwarebytes' Anti-Malware
  • Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

When completed the above, please post back the following:

  • Inform myself how your computer is running. Any problems encountered and or further symptoms?
  • OTM Log.
  • Malwarebytes' Anti-Malware Log.
  • A new HijackThis Log. <-- Remember to right-click on HijackThis and select Run as Administrator.
Link to post
Share on other sites

PC seems to be running better. My first question is, Can I remove these programs you ask me to download after we are done here? For Your Info, I have not restarted my PC before posting these logs. I did, however, restart my pc when I performed the OTM directions. I have Zonealarm Firewall. So, the anti spyware and anti virus is not included with that.

 

IMPORTANT: My PC still seems to be restarting very slowly. After I made this post, I pressed Restart. Nothing happened. I shut down Zonealarm, Vipre Antivirus, and AIM. My PC reacted and restarted. It was on the logging off page, shutting down page. Took roughly 5 minutes at max to restart. When shutting down PC, it hangs at the shutting down page for 2 -3 minutes. I am not to worried about these problems.

Malwarebytes' Anti-Malware 1.37

Database version: 2229

Windows 6.0.6002 Service Pack 2

 

6/4/2009 1:42:56 PM

mbam-log-2009-06-04 (13-42-56).txt

 

Scan type: Quick Scan

Objects scanned: 69334

Time elapsed: 4 minute(s), 56 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

---------------------------------------------------------

 

========== PROCESSES ==========

Process Explorer.EXE killed successfully.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\\"SearchAssistant"|"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" /E : value set successfully!

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\\"CustomizeSearch"|"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm" /E : value set successfully!

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\\"LinksFolderName"|"Links" /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\\ deleted successfully.

Registry key HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}\ not found.

Registry key HKEY_CLASSES_ROOT\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}\\ not found.

========== COMMANDS ==========

File delete failed. C:\Users\Mike\AppData\Local\Temp\~DF16C6.tmp scheduled to be deleted on reboot.

File delete failed. C:\Users\Mike\AppData\Local\Temp\~DF58A8.tmp scheduled to be deleted on reboot.

File delete failed. C:\Users\Mike\AppData\Local\Temp\~DF58C7.tmp scheduled to be deleted on reboot.

File delete failed. C:\Users\Mike\AppData\Local\Temp\~DF5940.tmp scheduled to be deleted on reboot.

File delete failed. C:\Users\Mike\AppData\Local\Temp\~DF595E.tmp scheduled to be deleted on reboot.

File delete failed. C:\Users\Mike\AppData\Local\Temp\~DF59D4.tmp scheduled to be deleted on reboot.

File delete failed. C:\Users\Mike\AppData\Local\Temp\~DF59F2.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Internet Explorer cache folder emptied.

File delete failed. C:\Windows\temp\ZLT05751.TMP scheduled to be deleted on reboot.

Windows Temp folder emptied.

FireFox cache emptied.

Temp folders emptied.

Error: Unable to interpret <Start Explorer]> in the current context!

 

OTM by OldTimer - Version 2.1.0.0 log created on 06042009_133115

 

Files moved on Reboot...

C:\Users\Mike\AppData\Local\Temp\~DF16C6.tmp moved successfully.

File C:\Users\Mike\AppData\Local\Temp\~DF58A8.tmp not found!

File C:\Users\Mike\AppData\Local\Temp\~DF58C7.tmp not found!

File C:\Users\Mike\AppData\Local\Temp\~DF5940.tmp not found!

File C:\Users\Mike\AppData\Local\Temp\~DF595E.tmp not found!

File C:\Users\Mike\AppData\Local\Temp\~DF59D4.tmp not found!

File C:\Users\Mike\AppData\Local\Temp\~DF59F2.tmp not found!

File C:\Windows\temp\ZLT05751.TMP not found!

 

Registry entries deleted on Reboot...

 

----------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:44:57 PM, on 6/4/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\WINDOWS\RtHDVCpl.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Trillian\trillian.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\hp\kbd\kbd.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\Windows\system32\SolidStateNetworks\SolidStateION\solidax.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete

O4 - HKLM\..\Run: [sBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O13 - Gopher Prefix:

O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 7209 bytes

Edited by 911_H3LP3R
Link to post
Share on other sites

Hi :)

 

My first question is, Can I remove these programs you ask me to download after we are done here?

 

Aye I will provide instructions about this when I post the all clear :tup:

 

IMPORTANT: My PC still seems to be restarting very slowly. After I made this post, I pressed Restart. Nothing happened. I shut down Zonealarm, Vipre Antivirus, and AIM. My PC reacted and restarted. It was on the logging off page, shutting down page. Took roughly 5 minutes at max to restart. When shutting down PC, it hangs at the shutting down page for 2 -3 minutes. I am not to worried about these problems.

Fair play, however your Computer is still experiencing a system conflict. From the DDS.txt report:

AV: Sunbelt VIPRE *On-access scanning enabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}

SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

SP: Sunbelt VIPRE *enabled* (Updated) {9817B764-AE4E-4B29-AEE7-725B7A50BD48}

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

 

These still appear to be enabled to myself from the last HiJackThis Log your good self provided.

 

You have several options here:

 

1 - Uninstall ZoneAlarm and permanently disable Windows Defender.

 

2 - Disable both and keep the Sunbelt Anti-Virus and Anti-Spyware.

 

As it stands all three of these Security software applications are in conflict and this is the cause of the current system problems you are experiencing.

 

My personal recommendation would be to uninstall ZoneAlarm, re-enable the in-built Vista firewall for the time being and we can address having a third party software at the conclusion.

 

Remove Sunbelt also as this is just not a suitable bundled application for your machine.

 

Disable Windows Defender, I can advise a suitable standalone freeware Anti-Virus application and keep Malwarebytes' Anti-Malware as a on-demand scanner only.

 

Let myself know what you would like to do and I will advice accordingly. Also as it stands I do not think you have a actual malware problem persay anyway but before attempting anymore scans to fully ascertain your system is malware free. We do need to address all I have mentioned as otherwise attempting any other scans is going to be problematic at best.

Link to post
Share on other sites

I could do this...

 

"My personal recommendation would be to uninstall ZoneAlarm, re-enable the in-built Vista firewall for the time being and we can address having a third party software at the conclusion."

 

Whatever you think is best when it comes to the firewalls.

Link to post
Share on other sites

Hi :)

 

I could do this...

Fine :tup:

 

You will still need to disable Windows Defender however or the Sunbelt Anti-Spyware, either is fine.

 

When completed the above post a new HijackThis Log and we will proceed from there OK.

 

Note: Remember to right-click on HijackThis and select Run as Administrator. Otherwise no new log will be created and all that happens is HJT this will open up a previous saved one.

Link to post
Share on other sites

Hi :)

 

Windows Defender has always been disabled. Sunbelt Anti-Spyware (VIPRE) is what I am currently using, along with Zonealarm Firewall.

Fine, post a new HijackThis log please.
Link to post
Share on other sites

Windows Defender still shows here, but it is totally disabled.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:03:00 PM, on 6/5/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\WINDOWS\RtHDVCpl.exe

C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Trillian\trillian.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\hp\kbd\kbd.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\Windows\system32\SolidStateNetworks\SolidStateION\solidax.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete

O4 - HKLM\..\Run: [sBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O13 - Gopher Prefix:

O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 7198 bytes

Link to post
Share on other sites

Hi :)

 

New Adobe Reader Installation:

  • Go here and click on AdbeRdr910_en_US.exe to download the latest version of Adobe Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.
New Java Installation:
  • Click here to visit Java's website.
  • Scroll down to Java SE Runtime Environment (JRE) 6 Update 14. Click on Download.
  • Select Windows from the drop-down list for Platform.
  • Select Multi-language from the drop-down list for Language.
  • Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
  • Click on jre-6u14-windows-i586-p.exe link to download it and save this to a convenient location.
  • Double click on jre-6u14-windows-i586-p.exe to install Java.
Run Kaspersky Online AV Scanner:

 

Right click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it.

 

Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
When completed the above, please post back the following:
  • Inform myself how your computer is running. Any problems encountered and or further symptoms?
  • Kaspersky results.
  • A new HijackThis Log. <-- Remember to right-click on HijackThis and select Run as Administrator.
Link to post
Share on other sites

Hi :)

 

Hi. I am running Kapersky Online AV Scanner. Just a quick question before I do anything else, if you get here in time. Do I clean the infected items, as well as post a Log here?

If the online scan finds anything, leave be and just post the report please. In the event anything found after I have viewed/researched I will advice on the next course of action.

 

So you know the reason I have asked for this online scan, it is like asking for a second opinion in layman's terms and anything I have not identified malware wise might be revealed then I can take the appropriate course of action.

 

This is not myself being blasé, far from it what I do and my fellow HJT Team members here in PCPitstop and the numerous other forums we provide our free assistance with is actually quite difficult/hard because all done online and no actual physical access to the computer. Why do we do this? Because we care about Anti-Malware and we have a genuine interest in assisting and educationing people such as your good self about this.

 

Sometimes slightly side tracked and the need to educate about how exactly to keep your computer protected but all par the course and the end result a individual has both been educated and received the best possible advice!

Link to post
Share on other sites

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0 REPORT

Friday, June 5, 2009

Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)

Kaspersky Online Scanner version: 7.0.26.13

Program database last update: Friday, June 05, 2009 22:39:40

Records in database: 2315510

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

C:\

D:\

E:\

F:\

G:\

H:\

I:\

 

Scan statistics:

Files scanned: 105748

Threat name: 1

Infected objects: 1

Suspicious objects: 0

Duration of the scan: 02:00:05

 

 

File name / Threat name / Threats count

C:\Users\Mike\Desktop\Hack Pack\Gunbound Hack Pack\Aimboyd GGless\AimBot\aimb0YdXL.exe Infected: Trojan-Downloader.Win32.Adload.fxl 1

 

The selected area was scanned.

 

This Threat that was found is inside an aimbot in a Game Folder. UPDATE: I just deleted the file that this trojan was in.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:59:24 PM, on 6/5/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\WINDOWS\RtHDVCpl.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\hp\kbd\kbd.exe

C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe

C:\Program Files\Java\jre6\bin\java.exe

C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\Windows\system32\SolidStateNetworks\SolidStateION\solidax.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete

O4 - HKLM\..\Run: [sBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O13 - Gopher Prefix:

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 7907 bytes

Edited by 911_H3LP3R
Link to post
Share on other sites

Hi :)

 

This Threat that was found is inside an aimbot in a Game Folder. UPDATE: I just deleted the file that this trojan was in.

OK that is fine :tup:

 

Any more issues? Hows your machine performing etc?

Link to post
Share on other sites

As far as I know from when I tried restarting pc and shutting it down, very slow. Sometimes I have to do it manually.

 

Also, can you help me figure out how to allow my printer to print stuff through Zonealarm? Everytime I want to print something, I have to disable Zonealarm Firewall.

Edited by 911_H3LP3R
Link to post
Share on other sites

Hi :)

 

As far as I know from when I tried restarting pc and shutting it down, very slow. Sometimes I have to do it manually.

 

This will be due to the system conflicts arising from the multiple security applications I have advised your good self about.

 

Also, can you help me figure out how to allow my printer to print stuff through Zonealarm? Everytime I want to print something, I have to disable Zonealarm Firewall.

Best thing here is to uninstall ZA because even if you have disabled the Anti-Spyware component is is still causing a conflict. Then make sure the Vista in-built firewall is enabled. Though to be honest it is possible the Combination Sunbelt Security application is causing problems also.

 

The good news is that as far as I can tell your computer is malware free. I can provide advice how to resolve this and replace with other security application in a safe manner. Let me know OK otherwise the only other recourse is to advice you seek assistance with this issue in the part of the forum that deals with this as primarily I only provide Anti-Malware support not generic IT/Hardware/Software etc.

 

The current applications/tools I have asked your good self to download so far leave in-place OK as I will have a specific process to impart to remove all in a safe manner OK.

Link to post
Share on other sites

Hi :)

I am done with these processes, what you have instructed me to do. My PC is running better now. I appreciate your help.

 

Youre welcome!

 

Post a new HijackThis log for a final review please and I will check back later OK.

 

Remember to right-click on HijackThis and select Run as Administrator :tup:

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:57:58 PM, on 6/7/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\WINDOWS\RtHDVCpl.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Trillian\trillian.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\hp\kbd\kbd.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\Windows\system32\SolidStateNetworks\SolidStateION\solidax.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [sBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O13 - Gopher Prefix:

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 7016 bytes

Link to post
Share on other sites

Hi :)

 

Congratulations your computer now appears to be malware free!

 

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

 

Importance of Regular System Maintenance:

 

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well. Plus bare in mind my prior advice about upgrading the presently installed RAM(Random Access Memory).

 

Help! My computer is slow!

 

Also so is this:

 

What to do if your Computer is running slowly

 

Clean up with OTM:

  • Double-click OTM to start the program.
  • Close all other programs apart from OTM as this step will require a reboot
  • On the OTM main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.
Reset System Restore:
  • Click on Start(Vista orb) >> All Programs >> Accessories >> System Tools >> Disk Cleanup.
  • Select C drive and click OK.
  • Put a "Tick" in all the available boxes
  • Select the More Options tab.
  • Under System Restore, click on Clean up....
  • You will be prompted. Click Yes.
  • When done, click OK.
  • You will be prompted again. Press Yes to confirm.
  • When done, Disk Cleanup will close automatically.
Now some advice for on-line safety:

 

Malwarebyte's Anti-Malware:

 

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

 

Other installed security software:

 

Your presently installed combination security application, VIPRE Antivirus + Antispyware automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

 

I advise you also run a complete scan with this also once per week.

 

Erunt:

 

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

 

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

 

Keep your system updated:

  • Click on Start(Vista Orb) >> All Programs >> Windows Update.
  • In the navigation pane, click Check for updates.
  • After Windows Update has finished checking for updates, click View available updates.
  • Click to select the check box for any found, then click Install.
  • When completed Reboot(restart) your computer if not prompted to do so.
Be careful when opening attachments and downloading files:
  • Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  • Never open emails from unknown senders.
  • Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  • Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.
Stop malicious scripts:

 

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

 

Make your Internet Explorer safer:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
Avoid Peer to Peer software:

 

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice avoid these types of software applications.

 

Hosts File:

 

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

 

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

 

Here are some Hosts files:

Only use one of the above.

 

Finally a educational source:

 

To learn more about how to protect yourself while on the internet read this article by Tony Klein:

 

So how did I get infected in the first place?

 

Some consider this article outdated, personally I still think it bares relevance and the author is well respected in the Anti-Malware community and by myself also!

 

Any questions? feel free to ask, if not stay safe!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
×
×
  • Create New...