Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop running slow - pmropn.exe? [RESOLVED]

Started by mightysparks , Jul 05 2008 05:03 AM

  • This topic is locked This topic is locked

#1
mightysparks
Posted 05 July 2008 - 05:03 AM

mightysparks

    Member

  • Member
  • PipPip
  • 18 posts
For the last few days my laptop has been running really slow, and then I noticed pmropn.exe in my processes. I can't work out how to get rid of it. Here's my Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:15 PM, on 5/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Downloads\Apps\HiJackThis.exe
C:\Program Files\PremierOpinion\pmropn.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [PremierOpinion] C:\Program Files\PremierOpinion\pmropn.exe -boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DF3336AF-E259-4978-9D69-B4BBF47BE261} (GetHtml Class) - http://tel.isoshu.com/zxlqs.cab
O20 - AppInit_DLLs: C:\Program Files\PremierOpinion\pmai.dll
O20 - Winlogon Notify: PremierOpinion - C:\Program Files\PremierOpinion\pmls.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 8584 bytes


Thanks
  • 0

Advertisements

#2
sage5
Posted 05 July 2008 - 06:07 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi mightysparks,

Welcome to Geeks to Go!
I am sage5, and I will be helping you with this problem.

Please download the following & save to your Desktop:
Deckard's System Scanner
Malwarebytes' Anti-Malware from Here or Here


Run Malwarebytes' Anti-Malware:
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Save the entire report as C:\mbam.txt
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Run Deckard's System Scanner:
  • Close all other windows before proceeding.
  • Double click on the dss.exe file on your Desktop and follow the prompts.
  • Scans will run, and 2 text files will open in Notepad.
  • Close both of the text files.
These files are C:\Deckard\System Scanner\main.txt & extra.txt.
I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of
  • main.txt
  • extra.txt
  • C:\mbam.txt
in your next reply.

The text from these files may exceed the maximum post length for this forum, and may need to be sent over 2 or more posts. Please ensure all text is posted.

Cheers,

sage5
  • 0

#3
mightysparks
Posted 05 July 2008 - 06:24 AM

mightysparks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Deckard's System Scanner v20071014.68
Run by lauren on 2008-07-05 20:15:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 4.4 GiB (less than 15%) free.


-- HijackThis (run as lauren.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:00 PM, on 5/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\PremierOpinion\pmropn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Downloads\Apps\dss.exe
C:\DOWNLO~1\Apps\lauren.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [PremierOpinion] C:\Program Files\PremierOpinion\pmropn.exe -boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DF3336AF-E259-4978-9D69-B4BBF47BE261} (GetHtml Class) - http://tel.isoshu.com/zxlqs.cab
O20 - AppInit_DLLs: C:\Program Files\PremierOpinion\pmai.dll
O20 - Winlogon Notify: PremierOpinion - C:\Program Files\PremierOpinion\pmls.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 8562 bytes

-- Files created between 2008-06-05 and 2008-07-05 -----------------------------

2008-07-05 18:52:16 0 d-------- C:\Documents and Settings\lauren\Application Data\Malwarebytes
2008-07-05 18:52:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-05 18:52:09 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-01 17:54:24 0 d-------- C:\Documents and Settings\lauren\Application Data\ViquaSoft
2008-07-01 12:59:02 0 d-------- C:\Program Files\First Class Flurry
2008-06-29 20:40:19 0 d-------- C:\Program Files\PremierOpinion
2008-06-29 16:29:20 352256 --a------ C:\WINDOWS\system32\pmls.dll <Not Verified; PremierOpinion; PremierOpinion>
2008-06-29 16:28:50 0 d-------- C:\Program Files\CEDP Stealer 6.0 for Messenger
2008-06-28 11:22:15 0 d-------- C:\Documents and Settings\lauren\Application Data\SPORE Creature Creator
2008-06-28 11:19:12 0 d-------- C:\Program Files\Electronic Arts
2008-06-21 15:09:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-21 15:08:02 0 d-------- C:\Program Files\Yahoo!
2008-06-19 15:17:46 0 d-------- C:\Program Files\Sallys Spa
2008-06-18 07:31:37 0 d-------- C:\Program Files\Tropico Jong
2008-06-14 11:21:09 0 d-------- C:\Program Files\Build in Time
2008-06-09 19:20:39 3532 --a------ C:\drmHeader.bin
2008-06-06 11:27:32 0 d-------- C:\Program Files\The Game Of LIFE PTS
2008-06-05 15:17:48 0 d-------- C:\Program Files2


-- Find3M Report ---------------------------------------------------------------

2008-07-05 20:16:04 0 d-------- C:\Documents and Settings\lauren\Application Data\uTorrent
2008-07-05 19:16:33 0 d-------- C:\Documents and Settings\lauren\Application Data\LimeWire
2008-07-05 19:13:38 0 d-------- C:\Program Files\EditURLs
2008-07-05 02:06:26 0 d-------- C:\Program Files\uTorrent
2008-07-01 18:10:32 0 d-------- C:\Program Files\Speed
2008-07-01 17:57:20 0 d-------- C:\Documents and Settings\lauren\Application Data\MysteryStudio
2008-07-01 13:57:35 115864 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-06-30 15:43:24 0 d-------- C:\Documents and Settings\lauren\Application Data\Corel
2008-06-30 15:42:54 5642 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-29 21:33:45 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-29 20:54:04 0 d-------- C:\Documents and Settings\lauren\Application Data\Adobe
2008-06-29 16:35:48 0 d-------- C:\Program Files\Windows Live
2008-06-28 11:19:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-28 10:28:34 0 d-------- C:\Program Files\Fiber Twig 2
2008-06-28 10:11:12 0 d-------- C:\Program Files\Inspector Parker
2008-06-23 19:54:52 0 d-------- C:\Program Files\QuickTime
2008-06-21 12:25:36 0 d-------- C:\Program Files\PokerStars
2008-06-04 11:31:35 0 d-------- C:\Program Files\CLUE Classic
2008-06-04 10:32:33 0 d-------- C:\Documents and Settings\lauren\Application Data\GamesCafe
2008-06-03 19:56:16 0 d-------- C:\Documents and Settings\lauren\Application Data\iWin
2008-06-03 19:46:30 0 d-------- C:\Program Files\ColorUp! Wedding Scrapbook
2008-06-02 12:32:45 0 d-------- C:\Documents and Settings\lauren\Application Data\Ahead
2008-05-31 09:34:53 0 d-------- C:\Program Files\Womens Murder Club Death In Scarlet
2008-05-30 09:41:14 0 d-------- C:\Program Files\Pastry Passion
2008-05-29 11:06:41 0 d-------- C:\Program Files\Virtual Villagers The Secret City
2008-05-28 07:25:35 0 d-------- C:\Documents and Settings\lauren\Application Data\ITTNord
2008-05-28 07:25:24 0 d-------- C:\Program Files\Money Tree
2008-05-27 13:34:17 88 -r-hs---- C:\WINDOWS\system32\524CB2357E.sys
2008-05-27 13:30:32 0 d-------- C:\Program Files\Common Files\Corel
2008-05-27 13:29:51 0 d-------- C:\Program Files\Corel
2008-05-27 13:25:01 0 d-------- C:\Documents and Settings\lauren\Application Data\InstallShield
2008-05-25 10:52:47 0 d-------- C:\Program Files\Cinema Tycoon Gold
2008-05-25 10:46:41 0 d-------- C:\Program Files\Monopoly Tycoon
2008-05-24 22:44:30 0 d-------- C:\Program Files\The Amazing Brain Train
2008-05-23 16:18:32 0 d-------- C:\Program Files\Zen Fashion
2008-05-23 16:18:25 0 d-------- C:\Program Files\Flower Stand Tycoon
2008-05-10 15:05:22 0 d-------- C:\Program Files\Eye For Design
2008-05-10 14:25:57 0 d-------- C:\Program Files\LimeWire
2008-05-09 15:13:48 0 d-------- C:\Program Files\Pet Shop Hop
2008-05-09 15:12:20 0 d-------- C:\Documents and Settings\lauren\Application Data\PlayFirst
2008-05-09 14:54:12 0 d-------- C:\Program Files\Yard Sale Junkie
2008-05-09 14:53:54 0 d-------- C:\Program Files\Luckys Rainbow


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [20/07/2005 04:09 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [20/07/2005 04:06 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [20/07/2005 04:10 AM]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [08/01/2005 08:07 AM C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [18/11/2005 04:27 AM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [04/05/2005 11:43 AM C:\WINDOWS\Alcmtr.exe]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [28/09/2005 03:37 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [28/09/2005 03:37 AM]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [28/09/2005 03:41 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/07/2007 10:15 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" []
"Corel File Shell Monitor"="C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [30/10/2007 07:52 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29/06/2007 06:24 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [06/03/2008 02:56 PM]
"PremierOpinion"="C:\Program Files\PremierOpinion\pmropn.exe" [29/06/2008 08:40 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 03:56 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/08/2004 03:56 PM]
"Steam"="c:\steam\steam.exe" [24/05/2008 04:43 PM]
"ares"="C:\Program Files\Ares\Ares.exe" [24/11/2007 12:18 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [20/01/2007 03:54 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [15/05/2003 1:19:50 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PremierOpinion]
C:\Program Files\PremierOpinion\pmls.dll 29/06/2008 08:40 PM 331776 C:\Program Files\PremierOpinion\pmls.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\Program Files\PremierOpinion\pmai.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^lauren^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\lauren\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^lauren^Start Menu^Programs^Startup^MP3 Rocket (silent).lnk]
path=C:\Documents and Settings\lauren\Start Menu\Programs\Startup\MP3 Rocket (silent).lnk
backup=C:\WINDOWS\pss\MP3 Rocket (silent).lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16bcc7a8-2807-11dc-ba3c-0013ce9e72c0}]
AutoRun\command- E:\Autorun.exe /run
Shell00\Command- E:\Autorun.exe /run
Shell01\Command- E:\Autorun.exe /action
Shell02\Command- E:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3d6232d-281c-11dc-ba3d-0013ce9e72c0}]
AutoRun\command- wd_windows_tools\setup.exe

*Newly Created Service* - MBAMCATCHME



-- End of Deckard's System Scanner: finished at 2008-07-05 20:16:37 ------------










Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 2.00GHz
Percentage of Memory in Use: 57%
Physical Memory (total/avail): 1014.05 MiB / 427.46 MiB
Pagefile Memory (total/avail): 2440.72 MiB / 1942.75 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1916.19 MiB

C: is Fixed (NTFS) - 111.79 GiB total, 4.4 GiB free.
D: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1200BEVE-00WZT0 - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.79 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Downloads\\Apps\\utorrent.exe"="C:\\Downloads\\Apps\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Downloads\\Apps\\Need\\utorrent.exe"="C:\\Downloads\\Apps\\Need\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe:*:Enabled:Java™ Platform SE binary"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\Temp\\~os6.tmp\\ossproxy.exe"="C:\\WINDOWS\\Temp\\~os6.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"c:\\program files\\premieropinion\\pmropn.exe"="c:\\program files\\premieropinion\\pmropn.exe:*:Enabled:pmropn.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\lauren\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FLUFFY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\lauren
LOGONSERVER=\\FLUFFY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\lauren\LOCALS~1\Temp
TMP=C:\DOCUME~1\lauren\LOCALS~1\Temp
USERDOMAIN=FLUFFY
USERNAME=lauren
USERPROFILE=C:\Documents and Settings\lauren
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

lauren (admin)
Noob (new local, admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> MsiExec.exe /I{0CDCA5CD-C404-41FD-9216-9B4B3D24A7AA}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
ACDSee 9 Photo Manager --> MsiExec.exe /X{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Ad-Aware SE Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 6.0 Professional --> MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Agatha Christie Peril At End House --> "C:\Program Files\Agatha Christie Peril At End House\ReflexiveArcade\unins000.exe"
Alias SketchBook Pro 2.0 --> MsiExec.exe /X{3470101E-A698-4B27-9532-5528B02A5FE0}
Animal Empire --> "C:\Program Files\Animal Empire\ReflexiveArcade\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
Avernum IV --> "C:\Program Files\Avernum IV\ReflexiveArcade\unins000.exe"
Aveyond --> "C:\Program Files\Aveyond\ReflexiveArcade\unins000.exe"
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Azada --> "C:\Program Files\Azada\ReflexiveArcade\unins000.exe"
Azada --> C:\WINDOWS\iun506.exe C:\Program Files\Azada\irunin.ini
Before You Know It 3.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{197E5BD4-D1AB-4554-9BA0-1C0E8A1045C8}\Setup.exe" -l0x9
Breaking News --> "C:\Program Files\Breaking News\ReflexiveArcade\unins000.exe"
Build in Time --> "C:\Program Files\Build in Time\ReflexiveArcade\unins000.exe"
Capitalism II --> "C:\Program Files\Capitalism II\ReflexiveArcade\unins000.exe"
CASIO FA-124 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB47E710-6249-4EFA-BE36-E922B0612AF4}\Setup.exe" -l0x9
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
CEDP Stealer 6.0 for Messenger --> C:\Program Files\CEDP Stealer 6.0 for Messenger\uninstall.exe
Christmasville --> "C:\Program Files\Christmasville\ReflexiveArcade\unins000.exe"
Cinema Tycoon Gold --> "C:\Program Files\Cinema Tycoon Gold\ReflexiveArcade\unins000.exe"
CLUE Classic --> "C:\Program Files\CLUE Classic\ReflexiveArcade\unins000.exe"
Coffee Tycoon --> "C:\Program Files\Coffee Tycoon\ReflexiveArcade\unins000.exe"
Collectorz.com Book Collector --> C:\PROGRA~1\COLLEC~1.COM\BOOKCO~1\UNWISE.EXE C:\PROGRA~1\COLLEC~1.COM\BOOKCO~1\install.log
Collectorz.com Movie Collector --> C:\PROGRA~2\MOVIEC~1\UNWISE.EXE C:\PROGRA~2\MOVIEC~1\install.log
ColorUp! Wedding Scrapbook --> "C:\WINDOWS\ColorUp! Wedding Scrapbook\uninstall.exe" "/U:C:\Program Files\ColorUp! Wedding Scrapbook\Uninstall\uninstall.xml"
Corel Paint Shop Pro Photo X2 --> MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
Corel Paint Shop Pro Photo XI --> MsiExec.exe /I{93A1B09E-BAFA-4628-A5B6-921CB026955A}
Counter-Strike: Source --> "C:\Steam\steam.exe" steam://uninstall/240
Creating Keepsakes Scrapbook Designer --> MsiExec.exe /I{7E370E0D-004C-4DC8-9986-A43F8C79404E}
Cute Knight --> "C:\Program Files\Cute Knight\ReflexiveArcade\unins000.exe"
Democracy --> "C:\Program Files\Democracy\ReflexiveArcade\unins000.exe"
Depths Of Peril --> "C:\Program Files\Depths Of Peril\ReflexiveArcade\unins000.exe"
Diner Dash 2 --> "C:\Program Files\Diner Dash 2\ReflexiveArcade\unins000.exe"
Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E2BD7723-ACBD-482D-9ADF-7946A132D198}\Setup.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dramatica Pro 4.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Screenplay Systems\Dramatica Pro\Uninst.isu"
Dream Day Honeymoon --> "C:\Program Files\Dream Day Honeymoon\ReflexiveArcade\unins000.exe"
Dream Diary Assistant- Lite 2.0 --> "C:\Program Files\Dream Diary Assistant 2 Lite\uninstall.exe"
Dungeon Scroll Gold Edition --> "C:\Program Files\Dungeon Scroll Gold Edition\ReflexiveArcade\unins000.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EclipseCrossword --> MsiExec.exe /I{C61177FD-37C4-4C5F-BE6C-E04A8AC399B6}
EditURLs - 2.02 --> "C:\Program Files\EditURLs\unins000.exe"
EFS Key 8.1 Demo --> C:\Program Files\Passware\demos\un-efskeyd.exe
EscapeFromParadise --> "C:\WINDOWS\EscapeFromParadise\uninstall.exe" "/U:C:\Program Files\EscapeFromParadise\Uninstall\uninstall.xml"
Eye For Design --> "C:\Program Files\Eye For Design\ReflexiveArcade\unins000.exe"
Fab Fashion --> "C:\Program Files\Fab Fashion\ReflexiveArcade\unins000.exe"
Fairy Godmother Tycoon --> "C:\Program Files\Fairy Godmother Tycoon\ReflexiveArcade\unins000.exe"
Family Feud --> "C:\Program Files\Family Feud\ReflexiveArcade\unins000.exe"
Family Feud Hollywood --> "C:\Program Files\Family Feud Hollywood\ReflexiveArcade\unins000.exe"
Family Feud II --> "C:\Program Files\Family Feud II\ReflexiveArcade\unins000.exe"
Family Tree Maker 2006 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}\setup.exe" -l0x9
Feeding Frenzy 2 --> "C:\Program Files\Feeding Frenzy 2\ReflexiveArcade\unins000.exe"
Fiber Twig 2 --> "C:\Program Files\Fiber Twig 2\ReflexiveArcade\unins000.exe"
Final Draft 7 --> MsiExec.exe /I{78D62D17-D970-42DA-B8CF-5E5576293B33}
First Class Flurry --> "C:\Program Files\First Class Flurry\ReflexiveArcade\unins000.exe"
Flower Stand Tycoon --> "C:\Program Files\Flower Stand Tycoon\ReflexiveArcade\unins000.exe"
Fresco Wizard --> "C:\Program Files\Fresco Wizard\ReflexiveArcade\unins000.exe"
FTDI USB Serial Converter Drivers --> C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini
Gemsweeper --> "C:\Program Files\Gemsweeper\ReflexiveArcade\unins000.exe"
GenoPro 2.0.0.6 --> C:\Program Files\GenoPro\Uninstall.exe
GHOST Hunters The Haunting Of Majesty Manor --> "C:\Program Files\GHOST Hunters The Haunting Of Majesty Manor\ReflexiveArcade\unins000.exe"
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Google Earth Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}\setup.exe" -l0x9 -removeonly
HackerGamesLauncher (remove only) --> "C:\HackerGamesLauncher\uninstall.exe"
Happy Hour --> "C:\Program Files\Happy Hour\ReflexiveArcade\unins000.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\HijackThis.exe" /uninstall
Holiday Gift --> "C:\Program Files\Holiday Gift\ReflexiveArcade\unins000.exe"
Hollywood Screenplay and StoryCraft --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Ballistic Computing Inc.\Hollywood Screenplay and StoryCraft\DeIsL1.isu" -c"C:\Program Files\Ballistic Computing Inc.\Hollywood Screenplay and StoryCraft\_ISREG32.DLL"
Hospital Tycoon --> C:\Program Files\Codemasters\Hospital Tycoon\uninstall.exe
Hotel Solitaire --> "C:\Program Files\Hotel Solitaire\ReflexiveArcade\unins000.exe"
Ice Cream Tycoon --> "C:\Program Files\Ice Cream Tycoon\ReflexiveArcade\unins000.exe"
Inspector Parker --> "C:\Program Files\Inspector Parker\ReflexiveArcade\unins000.exe"
Intel® Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
iTunes --> MsiExec.exe /I{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}
iTunes --> MsiExec.exe /I{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KARI2 --> C:\WINDOWS\KARI2 Uninstaller.exe
Kitty Luv --> "C:\Program Files\Kitty Luv\ReflexiveArcade\unins000.exe"
Kudos --> "C:\Program Files\Kudos\ReflexiveArcade\unins000.exe"
L&H TTS3000 British English --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSENG.inf, Uninstall
Lemonade Tycoon 2 --> "C:\Program Files\Lemonade Tycoon 2\ReflexiveArcade\unins000.exe"
LG Internet Kit --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{67ECDB7E-24E0-4A80-81EE-ED2DF1352D27} /l1033
LG PhoneManager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B83245C1-AB8A-40C1-91C0-CEDBDB84255D}\setup.exe" -l0x9 -removeonly
LG U8380 USB-Handset Manager --> MsiExec.exe /X{58EDBEA7-1A71-4036-BACC-5ACA2BBF0CB4}
Liberty BASIC Workshop --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\LB Workshop\ST6UNST.LOG"
LifeJournal2 --> "C:\Program Files\LifeJournal2\uninstall.exe" "C:\Program Files\LifeJournal2\install.log"
Lightroom --> MsiExec.exe /I{84918CAE-2B7D-401E-98E0-557F97BA7857}
LimeWire 4.16.7 --> "C:\Program Files\LimeWire\uninstall.exe"
Luckys Rainbow --> "C:\Program Files\Luckys Rainbow\ReflexiveArcade\unins000.exe"
Lucy Q Deluxe --> "C:\Program Files\Lucy Q Deluxe\ReflexiveArcade\unins000.exe"
Luxor 2 --> "C:\Program Files\Luxor 2\ReflexiveArcade\unins000.exe"
Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Mah Jong Quest --> "C:\Program Files\Mah Jong Quest\ReflexiveArcade\unins000.exe"
Mahjong Holidays 2005 --> "C:\Program Files\Mahjong Holidays 2005\ReflexiveArcade\unins000.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mEoU --> MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
Merriam Websters Spell Jam --> "C:\Program Files\Merriam Websters Spell Jam\ReflexiveArcade\unins000.exe"
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Mind Your Marbles --> "C:\Program Files\Mind Your Marbles\ReflexiveArcade\unins000.exe"
Mindlink 2005 - Underground (remove only) --> "C:\Program Files\Mindlink 2005 - Underground\Uninstall.exe"
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Money Tree --> "C:\Program Files\Money Tree\ReflexiveArcade\unins000.exe"
Morpheus Photo Morpher v3.00 --> "C:\Program Files\Morpheus Photo Morpher\unins000.exe"
Morpheus Photo Morpher v3.00 Update --> "C:\Program Files\Morpheus Photo Morpher\unins001.exe"
MP3 Rocket --> C:\Program Files\MP3 Rocket\Uninstall.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
Mystery Case Files Huntsville --> "C:\Program Files\Mystery Case Files Huntsville\ReflexiveArcade\unins000.exe"
Mystery Case Files Prime Suspects --> "C:\Program Files\Mystery Case Files Prime Suspects\ReflexiveArcade\unins000.exe"
Mystery Case Files Ravenhearst --> "C:\Program Files\Mystery Case Files Ravenhearst\ReflexiveArcade\unins000.exe"
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero 7 Essentials --> MsiExec.exe /X{1C00A3F1-6DA0-49F8-94E4-01AB6FC01033}
Newspaper Puzzle Challenge --> "C:\Program Files\Newspaper Puzzle Challenge\ReflexiveArcade\unins000.exe"
Pastry Passion --> "C:\Program Files\Pastry Passion\ReflexiveArcade\unins000.exe"
Pat Sajaks Trivia Gems --> "C:\Program Files\Pat Sajaks Trivia Gems\ReflexiveArcade\unins000.exe"
PC Inspector File Recovery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x9
Pet Shop Hop --> "C:\Program Files\Pet Shop Hop\ReflexiveArcade\unins000.exe"
Pirate Poppers --> "C:\Program Files\Pirate Poppers\ReflexiveArcade\unins000.exe"
Pivot Stickfigure Animator --> MsiExec.exe /I{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}
PokerStars --> "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PowerDVD --> "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x000409 /z-uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PremierOpinion --> C:\Program Files\PremierOpinion\pmropn.exe -bootremove -uninst:PremierOpinion
Profitville --> "C:\Program Files\Profitville\ReflexiveArcade\unins000.exe"
Puppy Luv --> "C:\Program Files\Puppy Luv\ReflexiveArcade\unins000.exe"
QBicles --> "C:\Program Files\QBicles\ReflexiveArcade\unins000.exe"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Real Lives 2004 --> C:\Program Files\Educational Simulations\Real Lives\UnInstall_21355.exe
Real Lives 2007 --> C:\Program Files\Educational Simulations\Real Lives\UnInstall_21355.exe
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x9 REMOVE
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Recolored 1.0.1 --> "C:\Program Files\Recolored\unins000.exe"
Recover My Files --> "C:\Program Files\GetData\Recover My Files\unins000.exe"
Recyclorama --> "C:\Program Files\Recyclorama\ReflexiveArcade\unins000.exe"
Restaurant Empire (remove only) --> "C:\Program Files\Restaurant Empire\Uninstall.exe"
RPGXP --> MsiExec.exe /I{9B34CAC6-738F-4A20-B428-A115C3E3474C}
Saints & Sinners Bowling --> "C:\Program Files\Saints & Sinners Bowling\ReflexiveArcade\unins000.exe"
Saints And Sinners Bingo --> "C:\Program Files\Saints And Sinners Bingo\ReflexiveArcade\unins000.exe"
Sallys Spa --> "C:\Program Files\Sallys Spa\ReflexiveArcade\unins000.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Slingo Deluxe --> "C:\Program Files\Slingo\ReflexiveArcade\unins000.exe"
Slingo Quest --> "C:\Program Files\Slingo Quest\ReflexiveArcade\unins000.exe"
Snapshot Adventures --> "C:\Program Files\Snapshot Adventures\ReflexiveArcade\unins000.exe"
Sophos Anti-Rootkit 1.3.1 --> C:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe remove
Speed --> "C:\Program Files\Speed\unins000.exe"
Spin & Win --> "C:\Program Files\Spin & Win\unins000.exe"
SPORE™ Creature Creator Trial Edition --> "C:\Program Files\InstallShield Installation Information\{ECEE0279-785F-4CB3-9F28-E69813234BF8}\setup.exe" -runfromtemp -l0x0009 -removeonly
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Story Master Pro Demo 2.1 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Story Master Pro Demo\irunin.ini"
StoryLines 1.02 --> "C:\Program Files\StoryLines\unins000.exe"
Super Collapse 3 --> "C:\Program Files\Super Collapse 3\ReflexiveArcade\unins000.exe"
Super Collapse II --> "C:\Program Files\Super Collapse II\ReflexiveArcade\unins000.exe"
Super Collapse Puzzle Gallery 2 --> "C:\Program Files\Super Collapse Puzzle Gallery 2\ReflexiveArcade\unins000.exe"
The Amazing Brain Train --> "C:\Program Files\The Amazing Brain Train\ReflexiveArcade\unins000.exe"
The Apprentice Los Angeles --> "C:\Program Files\The Apprentice Los Angeles\ReflexiveArcade\unins000.exe"
The Game Of LIFE PTS --> "C:\Program Files\The Game Of LIFE PTS\ReflexiveArcade\unins000.exe"
The Hat 1.6 --> "C:\Program Files\The Hat\unins000.exe"
The Journal 4 --> "C:\Program Files\DavidRM Software\The Journal 4\unins000.exe"
Timeline --> "C:\Program Files\Timeline\ReflexiveArcade\unins000.exe"
Trivia Machine --> "C:\Program Files\Trivia Machine\ReflexiveArcade\unins000.exe"
Trivial Pursuit Bring On The 90s --> "C:\Program Files\Trivial Pursuit Bring On The 90s\ReflexiveArcade\unins000.exe"
Trivial Pursuit Silver Screen Edition --> "C:\Program Files\Trivial Pursuit Silver Screen Edition\ReflexiveArcade\unins000.exe"
TriviaNet Challenge --> "C:\Program Files\TriviaNet Challenge\ReflexiveArcade\unins000.exe"
Tropico Jong --> "C:\Program Files\Tropico Jong\ReflexiveArcade\unins000.exe"
Turbo Pizza --> "C:\Program Files\Turbo Pizza\ReflexiveArcade\unins000.exe"
Uplink --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Uplink\Uninst.isu"
VCDCut Pro --> MsiExec.exe /I{83F18D89-B34E-4098-A649-CDA7869DB6DC}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Videora iPod Converter 3.05 --> C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
Virtual Villagers The Secret City --> "C:\Program Files\Virtual Villagers The Secret City\ReflexiveArcade\unins000.exe"
VirtualLab Client 5.5.17 --> "C:\Program Files\BinaryBiz\VirtualLab5\unins000.exe"
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Wildlife Tycoon Venture Africa --> "C:\Program Files\Wildlife Tycoon Venture Africa\ReflexiveArcade\unins000.exe"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Intel (w29n51) net (09/12/2005 9.0.3.9) --> C:\PROGRA~1\DIFX\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\w29n51_B4DB085D140C6265DCA5E78CC26122444CD2D577\w29n51.inf
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Womens Murder Club Death In Scarlet --> "C:\Program Files\Womens Murder Club Death In Scarlet\ReflexiveArcade\unins000.exe"
World Class Solitaire --> "C:\Program Files\World Class Solitaire\ReflexiveArcade\unins000.exe"
WriteItNow3 --> "C:\Program Files\WriteItNow3\UninstallerData\Uninstall WriteItNow3.exe"
WriteWay 1.6 --> "C:\Program Files\WriteWay\SETUP\setup.exe" /u
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahtzee --> "C:\Program Files\Yahtzee\ReflexiveArcade\unins000.exe"
Yard Sale Junkie --> "C:\Program Files\Yard Sale Junkie\ReflexiveArcade\unins000.exe"
ZBrush3 --> MsiExec.exe /I{6084D038-3401-4C9D-A216-86E6EEA25AFB}
Zen Fashion --> "C:\Program Files\Zen Fashion\ReflexiveArcade\unins000.exe"
Zoo Vet --> "C:\Program Files\Zoo Vet\ReflexiveArcade\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type1256 / Error
Event Submitted/Written: 06/30/2008 03:41:30 PM
Event ID/Source: 1000 / Windows Live Messenger
Event Description:
msnmsgr.exe8.1.178.045b12d6akernel32.dll5.1.2600.2180411096b400000979d

Event Record #/Type1207 / Error
Event Submitted/Written: 06/29/2008 09:05:20 PM
Event ID/Source: 1000 / Windows Live Messenger
Event Description:
msnmsgr.exe8.1.178.045b12d6akernel32.dll5.1.2600.2180411096b400000979d

Event Record #/Type1197 / Success
Event Submitted/Written: 06/29/2008 08:37:27 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1189 / Success
Event Submitted/Written: 06/29/2008 04:37:03 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1188 / Error
Event Submitted/Written: 06/29/2008 04:36:50 PM
Event ID/Source: 5000 / WindowsLiveSetup
Event Description:
wlsetupdiagnosticwindows live messenger8.5.1302.1018oninstallend_ 0x8007064312.0.1471.1025NILNILNILNILNILNIL



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4982 / Error
Event Submitted/Written: 07/05/2008 06:52:10 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service NMIndexingService with arguments ""
in order to run the server:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Event Record #/Type4981 / Error
Event Submitted/Written: 07/05/2008 06:52:10 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service NMIndexingService with arguments ""
in order to run the server:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Event Record #/Type4980 / Error
Event Submitted/Written: 07/05/2008 06:52:10 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service NMIndexingService with arguments ""
in order to run the server:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Event Record #/Type4979 /
  • 0

#4
sage5
Posted 05 July 2008 - 06:31 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
The last bit of the Extra.txt & the mbam.txt got cut off.
Please post the remaining bits so we can continue
  • 0

#5
mightysparks
Posted 05 July 2008 - 06:32 AM

mightysparks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Event Record #/Type4979 / Error
Event Submitted/Written: 07/05/2008 06:52:10 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service NMIndexingService with arguments ""
in order to run the server:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Event Record #/Type4978 / Error
Event Submitted/Written: 07/05/2008 06:52:10 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service NMIndexingService with arguments ""
in order to run the server:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}



-- End of Deckard's System Scanner: finished at 2008-07-05 20:12:50 ------------


There were two with Malwarebytes:

Deckard's System Scanner v20071014.68
Run by lauren on 2008-07-05 20:09:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
37: 2008-07-05 12:10:02 UTC - RP200 - Deckard's System Scanner Restore Point
36: 2008-07-04 19:39:15 UTC - RP199 - System Checkpoint
35: 2008-07-03 18:39:11 UTC - RP198 - System Checkpoint
34: 2008-07-02 17:39:12 UTC - RP197 - System Checkpoint
33: 2008-07-01 16:39:10 UTC - RP196 - System Checkpoint


-- First Restore Point --
1: 2008-06-01 06:29:04 UTC - RP164 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 4.41 GiB (less than 15%) free.


-- HijackThis (run as lauren.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:11 PM, on 5/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\PremierOpinion\pmropn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\Apps\dss.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\DOWNLO~1\Apps\lauren.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [PremierOpinion] C:\Program Files\PremierOpinion\pmropn.exe -boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DF3336AF-E259-4978-9D69-B4BBF47BE261} (GetHtml Class) - http://tel.isoshu.com/zxlqs.cab
O20 - AppInit_DLLs: C:\Program Files\PremierOpinion\pmai.dll
O20 - Winlogon Notify: PremierOpinion - C:\Program Files\PremierOpinion\pmls.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 8514 bytes

-- HijackThis Fixed Entries (C:\DOWNLO~1\Apps\backups\) ------------------------

backup-20080705-185109-618 O20 - AppInit_DLLs: C:\Program,Files\PremierOpinion\pmai.dll,C:\Program Files\PremierOpinion\pmai.dll
backup-20080705-185109-701 O4 - HKLM\..\Run: [PremierOpinion] C:\Program Files\PremierOpinion\pmropn.exe -boot

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SAVRKBootTasks (Boot Tasks Driver) - c:\windows\system32\savrkboottasks.sys <Not Verified; Sophos Plc; Sophos Anti-Rootkit>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.5.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.5.0>
R2 MaVctrl - c:\windows\system32\drivers\mavc2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 JiaoCap (JiaoCap, WDM Video Capture for JiaoVideo) - c:\windows\system32\drivers\jiaocap.sys <Not Verified; Jiao System, Ltd.; Jiao System, Ltd.>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 malg8xc - c:\windows\system32\drivers\malg8xc.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 malg8xm - c:\windows\system32\drivers\malg8xm.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 malg8xu - c:\windows\system32\drivers\malg8xu.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 MEMSWEEP2 - c:\windows\system32\1.tmp (file missing)
S3 PVUSB (CESG502 USB Driver) - c:\windows\system32\drivers\cesg502.sys <Not Verified; Hitachi Semiconductor and Devices Sales Co.,Ltd.; CESG502>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
S4 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_1025008F&REV_0900\4&58EF957&0&0102
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_1025008F&REV_0900\4&58EF957&0&0102
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-07-05 19:17:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-05 and 2008-07-05 -----------------------------

2008-07-05 18:52:16 0 d-------- C:\Documents and Settings\lauren\Application Data\Malwarebytes
2008-07-05 18:52:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-05 18:52:09 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-01 17:54:24 0 d-------- C:\Documents and Settings\lauren\Application Data\ViquaSoft
2008-07-01 12:59:02 0 d-------- C:\Program Files\First Class Flurry
2008-06-29 20:40:19 0 d-------- C:\Program Files\PremierOpinion
2008-06-29 16:29:20 352256 --a------ C:\WINDOWS\system32\pmls.dll <Not Verified; PremierOpinion; PremierOpinion>
2008-06-29 16:28:50 0 d-------- C:\Program Files\CEDP Stealer 6.0 for Messenger
2008-06-28 11:22:15 0 d-------- C:\Documents and Settings\lauren\Application Data\SPORE Creature Creator
2008-06-28 11:19:12 0 d-------- C:\Program Files\Electronic Arts
2008-06-21 15:09:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-21 15:08:02 0 d-------- C:\Program Files\Yahoo!
2008-06-19 15:17:46 0 d-------- C:\Program Files\Sallys Spa
2008-06-18 07:31:37 0 d-------- C:\Program Files\Tropico Jong
2008-06-14 11:21:09 0 d-------- C:\Program Files\Build in Time
2008-06-09 19:20:39 3532 --a------ C:\drmHeader.bin
2008-06-06 11:27:32 0 d-------- C:\Program Files\The Game Of LIFE PTS
2008-06-05 15:17:48 0 d-------- C:\Program Files2


-- Find3M Report ---------------------------------------------------------------

2008-07-05 20:12:24 0 d-------- C:\Documents and Settings\lauren\Application Data\uTorrent
2008-07-05 19:16:33 0 d-------- C:\Documents and Settings\lauren\Application Data\LimeWire
2008-07-05 19:13:38 0 d-------- C:\Program Files\EditURLs
2008-07-05 02:06:26 0 d-------- C:\Program Files\uTorrent
2008-07-01 18:10:32 0 d-------- C:\Program Files\Speed
2008-07-01 17:57:20 0 d-------- C:\Documents and Settings\lauren\Application Data\MysteryStudio
2008-07-01 13:57:35 115864 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-06-30 15:43:24 0 d-------- C:\Documents and Settings\lauren\Application Data\Corel
2008-06-30 15:42:54 5642 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-29 21:33:45 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-29 20:54:04 0 d-------- C:\Documents and Settings\lauren\Application Data\Adobe
2008-06-29 16:35:48 0 d-------- C:\Program Files\Windows Live
2008-06-28 11:19:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-28 10:28:34 0 d-------- C:\Program Files\Fiber Twig 2
2008-06-28 10:11:12 0 d-------- C:\Program Files\Inspector Parker
2008-06-23 19:54:52 0 d-------- C:\Program Files\QuickTime
2008-06-21 12:25:36 0 d-------- C:\Program Files\PokerStars
2008-06-04 11:31:35 0 d-------- C:\Program Files\CLUE Classic
2008-06-04 10:32:33 0 d-------- C:\Documents and Settings\lauren\Application Data\GamesCafe
2008-06-03 19:56:16 0 d-------- C:\Documents and Settings\lauren\Application Data\iWin
2008-06-03 19:46:30 0 d-------- C:\Program Files\ColorUp! Wedding Scrapbook
2008-06-02 12:32:45 0 d-------- C:\Documents and Settings\lauren\Application Data\Ahead
2008-05-31 09:34:53 0 d-------- C:\Program Files\Womens Murder Club Death In Scarlet
2008-05-30 09:41:14 0 d-------- C:\Program Files\Pastry Passion
2008-05-29 11:06:41 0 d-------- C:\Program Files\Virtual Villagers The Secret City
2008-05-28 07:25:35 0 d-------- C:\Documents and Settings\lauren\Application Data\ITTNord
2008-05-28 07:25:24 0 d-------- C:\Program Files\Money Tree
2008-05-27 13:34:17 88 -r-hs---- C:\WINDOWS\system32\524CB2357E.sys
2008-05-27 13:30:32 0 d-------- C:\Program Files\Common Files\Corel
2008-05-27 13:29:51 0 d-------- C:\Program Files\Corel
2008-05-27 13:25:01 0 d-------- C:\Documents and Settings\lauren\Application Data\InstallShield
2008-05-25 10:52:47 0 d-------- C:\Program Files\Cinema Tycoon Gold
2008-05-25 10:46:41 0 d-------- C:\Program Files\Monopoly Tycoon
2008-05-24 22:44:30 0 d-------- C:\Program Files\The Amazing Brain Train
2008-05-23 16:18:32 0 d-------- C:\Program Files\Zen Fashion
2008-05-23 16:18:25 0 d-------- C:\Program Files\Flower Stand Tycoon
2008-05-10 15:05:22 0 d-------- C:\Program Files\Eye For Design
2008-05-10 14:25:57 0 d-------- C:\Program Files\LimeWire
2008-05-09 15:13:48 0 d-------- C:\Program Files\Pet Shop Hop
2008-05-09 15:12:20 0 d-------- C:\Documents and Settings\lauren\Application Data\PlayFirst
2008-05-09 14:54:12 0 d-------- C:\Program Files\Yard Sale Junkie
2008-05-09 14:53:54 0 d-------- C:\Program Files\Luckys Rainbow


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [20/07/2005 04:09 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [20/07/2005 04:06 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [20/07/2005 04:10 AM]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [08/01/2005 08:07 AM C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [18/11/2005 04:27 AM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [04/05/2005 11:43 AM C:\WINDOWS\Alcmtr.exe]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [28/09/2005 03:37 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [28/09/2005 03:37 AM]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [28/09/2005 03:41 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/07/2007 10:15 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" []
"Corel File Shell Monitor"="C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [30/10/2007 07:52 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29/06/2007 06:24 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [06/03/2008 02:56 PM]
"PremierOpinion"="C:\Program Files\PremierOpinion\pmropn.exe" [29/06/2008 08:40 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 03:56 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/08/2004 03:56 PM]
"Steam"="c:\steam\steam.exe" [24/05/2008 04:43 PM]
"ares"="C:\Program Files\Ares\Ares.exe" [24/11/2007 12:18 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [20/01/2007 03:54 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [15/05/2003 1:19:50 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PremierOpinion]
C:\Program Files\PremierOpinion\pmls.dll 29/06/2008 08:40 PM 331776 C:\Program Files\PremierOpinion\pmls.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\Program Files\PremierOpinion\pmai.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^lauren^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\lauren\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^lauren^Start Menu^Programs^Startup^MP3 Rocket (silent).lnk]
path=C:\Documents and Settings\lauren\Start Menu\Programs\Startup\MP3 Rocket (silent).lnk
backup=C:\WINDOWS\pss\MP3 Rocket (silent).lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16bcc7a8-2807-11dc-ba3c-0013ce9e72c0}]
AutoRun\command- E:\Autorun.exe /run
Shell00\Command- E:\Autorun.exe /run
Shell01\Command- E:\Autorun.exe /action
Shell02\Command- E:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3d6232d-281c-11dc-ba3d-0013ce9e72c0}]
AutoRun\command- wd_windows_tools\setup.exe

*Newly Created Service* - MBAMCATCHME



-- End of Deckard's System Scanner: finished at 2008-07-05 20:12:50 ------------




Malwarebytes' Anti-Malware 1.19
Database version: 922
Windows 5.1.2600 Service Pack 2

8:20:14 PM 5/07/2008
mbam-log-7-5-2008 (20-20-14).txt

Scan type: Quick Scan
Objects scanned: 50445
Time elapsed: 7 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#6
sage5
Posted 05 July 2008 - 07:05 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi mightysparks,

Please download the following & save to your Desktop:
ComboFix

I see you have µTorrent, Ares & LimeWire installed on your system.
While these programs themselves are legal, most of the files downloaded with them, are not.
These programs can also be some of the major infection routes for an otherwise secure PC, because you might be unknowingly downloading infected files.
I highly recommend uninstalling µTorrent, Ares & LimeWire as outlined below.


Run HijackThis.
  • Click the Do a system scan only button.
  • Check the boxes for the all the entries listed below:
O4 - HKLM\..\Run: [PremierOpinion] C:\Program Files\PremierOpinion\pmropn.exe -boot
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O16 - DPF: {DF3336AF-E259-4978-9D69-B4BBF47BE261} (GetHtml Class) - http://tel.isoshu.com/zxlqs.cab
O20 - AppInit_DLLs: C:\Program Files\PremierOpinion\pmai.dll
O20 - Winlogon Notify: PremierOpinion - C:\Program Files\PremierOpinion\pmls.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
  • Now close all windows other than HijackThis and click Fix Checked.
  • Close HijackThis.


Remove folders & files:
  • Please go to Start > Control Panel > Add/Remove Programs and remove the following, (if present):
    µTorrent
    Ares 2.0.9
    LimeWire 4.16.7
    PokerStars
    PremierOpinion
    Please take note of any other programs that you don't recognise in that list, and include them in your next response


Create a CombFix Script:
  • Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.
  • Now copy/paste the entire content of the codebox below into the Notepad window:
File::C:\Downloads\Apps\Need\utorrent.exeC:\Downloads\Apps\utorrent.exeC:\WINDOWS\system32\pmls.dllC:\WINDOWS\system32\524CB2357E.sysFolder::C:\Program Files\uTorrentC:\Program Files\AresC:\Program Files\LimeWireC:\Program Files\PremierOpinionC:\Program Files\PokerStarsDriver::MEMSWEEP2UIUSysAresChatServerRegistry::[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\\Downloads\\Apps\\utorrent.exe"=-"C:\\Program Files\\Ares\\Ares.exe"=-"C:\\Downloads\\Apps\\Need\\utorrent.exe"=-"C:\\Program Files\\uTorrent\\uTorrent.exe"=-"C:\\Program Files\\LimeWire\\LimeWire.exe"=-"C:\\WINDOWS\\Temp\\~os6.tmp\\ossproxy.exe"=-"c:\\program files\\premieropinion\\pmropn.exe"=-[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16bcc7a8-2807-11dc-ba3c-0013ce9e72c0}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3d6232d-281c-11dc-ba3d-0013ce9e72c0}]

  • Save the above as CFScript.txt
  • Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
    Posted Image
  • After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#7
mightysparks
Posted 05 July 2008 - 07:36 AM

mightysparks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I couldn't delete uTorrent, Ares, Limewire and Pokerstars because other people that use this laptop use them and didn't want me to delete them.


ComboFix 08-07-04.6 - lauren 2008-07-05 21:20:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.465 [GMT 8:00]
Running from: C:\Documents and Settings\lauren\Desktop\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\lauren\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\8.tmp

.
((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))
.

2008-07-05 20:13 . 2008-07-05 20:13 22,826 --a------ C:\mbam.text
2008-07-05 20:09 . 2008-07-05 20:09 <DIR> d-------- C:\Deckard
2008-07-05 18:52 . 2008-07-05 18:52 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-05 18:52 . 2008-07-05 18:52 <DIR> d-------- C:\Documents and Settings\lauren\Application Data\Malwarebytes
2008-07-05 18:52 . 2008-07-05 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-05 18:52 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-05 18:52 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-01 17:54 . 2008-07-01 17:54 <DIR> d-------- C:\Documents and Settings\lauren\Application Data\ViquaSoft
2008-07-01 12:59 . 2008-07-01 17:53 <DIR> d-------- C:\Program Files\First Class Flurry
2008-06-29 20:40 . 2008-07-05 21:15 <DIR> d-------- C:\Program Files\PremierOpinion
2008-06-29 16:29 . 2007-10-14 01:33 352,256 --a------ C:\WINDOWS\system32\pmls.dll
2008-06-29 16:28 . 2008-06-29 16:28 <DIR> d-------- C:\Program Files\CEDP Stealer 6.0 for Messenger
2008-06-28 11:22 . 2008-06-28 11:22 <DIR> d-------- C:\Documents and Settings\lauren\Application Data\SPORE Creature Creator
2008-06-28 11:22 . 2008-06-28 11:22 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-28 11:19 . 2008-06-28 11:19 <DIR> d-------- C:\Program Files\Electronic Arts
2008-06-25 11:08 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-25 11:08 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-21 15:09 . 2008-06-21 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-21 15:08 . 2008-06-21 15:08 <DIR> d-------- C:\Program Files\Yahoo!
2008-06-19 15:17 . 2008-06-22 11:04 <DIR> d-------- C:\Program Files\Sallys Spa
2008-06-18 07:31 . 2008-06-18 07:35 <DIR> d-------- C:\Program Files\Tropico Jong
2008-06-14 11:21 . 2008-06-25 07:52 <DIR> d-------- C:\Program Files\Build in Time
2008-06-09 19:20 . 2008-06-11 12:23 3,532 --a------ C:\drmHeader.bin
2008-06-06 11:27 . 2008-06-06 11:27 <DIR> d-------- C:\Program Files\The Game Of LIFE PTS
2008-06-05 15:17 . 2008-06-29 20:45 <DIR> d-------- C:\Program Files2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 13:20 --------- d-----w C:\Documents and Settings\lauren\Application Data\uTorrent
2008-07-05 11:16 --------- d-----w C:\Documents and Settings\lauren\Application Data\LimeWire
2008-07-05 11:13 --------- d-----w C:\Program Files\EditURLs
2008-07-04 18:06 --------- d-----w C:\Program Files\uTorrent
2008-07-01 10:10 --------- d-----w C:\Program Files\Speed
2008-07-01 09:57 --------- d-----w C:\Documents and Settings\lauren\Application Data\MysteryStudio
2008-06-30 07:43 --------- d-----w C:\Documents and Settings\lauren\Application Data\Corel
2008-06-30 07:42 5,642 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-29 13:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-29 08:35 --------- d-----w C:\Program Files\Windows Live
2008-06-29 08:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-28 03:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-28 02:28 --------- d-----w C:\Program Files\Fiber Twig 2
2008-06-28 02:11 --------- d-----w C:\Program Files\Inspector Parker
2008-06-23 11:54 --------- d-----w C:\Program Files\QuickTime
2008-06-21 04:25 --------- d-----w C:\Program Files\PokerStars
2008-06-04 03:31 --------- d-----w C:\Program Files\CLUE Classic
2008-06-04 02:32 --------- d-----w C:\Documents and Settings\lauren\Application Data\GamesCafe
2008-06-03 11:56 --------- d-----w C:\Documents and Settings\lauren\Application Data\iWin
2008-06-03 11:46 --------- d-----w C:\Program Files\ColorUp! Wedding Scrapbook
2008-06-02 04:32 --------- d-----w C:\Documents and Settings\lauren\Application Data\Ahead
2008-05-31 01:34 --------- d-----w C:\Program Files\Womens Murder Club Death In Scarlet
2008-05-30 11:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-05-30 01:41 --------- d-----w C:\Program Files\Pastry Passion
2008-05-29 03:06 --------- d-----w C:\Program Files\Virtual Villagers The Secret City
2008-05-27 23:25 --------- d-----w C:\Program Files\Money Tree
2008-05-27 23:25 --------- d-----w C:\Documents and Settings\lauren\Application Data\ITTNord
2008-05-27 05:30 --------- d-----w C:\Program Files\Common Files\Corel
2008-05-27 05:29 --------- d-----w C:\Program Files\Corel
2008-05-27 05:25 --------- d-----w C:\Documents and Settings\lauren\Application Data\InstallShield
2008-05-25 02:52 --------- d-----w C:\Program Files\Cinema Tycoon Gold
2008-05-25 02:46 --------- d-----w C:\Program Files\Monopoly Tycoon
2008-05-24 14:44 --------- d-----w C:\Program Files\The Amazing Brain Train
2008-05-23 08:18 --------- d-----w C:\Program Files\Zen Fashion
2008-05-23 08:18 --------- d-----w C:\Program Files\Flower Stand Tycoon
2008-05-10 07:05 --------- d-----w C:\Program Files\Eye For Design
2008-05-10 07:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-05-10 06:25 --------- d-----w C:\Program Files\LimeWire
2008-05-09 07:13 --------- d-----w C:\Program Files\Pet Shop Hop
2008-05-09 07:12 --------- d-----w C:\Documents and Settings\lauren\Application Data\PlayFirst
2008-05-09 07:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-09 06:54 --------- d-----w C:\Program Files\Yard Sale Junkie
2008-05-09 06:53 --------- d-----w C:\Program Files\Luckys Rainbow
2007-11-24 14:34 27,902,464 ----a-w C:\Program Files\ACDSee 9 Photo Manager.msi
2007-07-02 23:04 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-07-01 23:55 88 --sh--r C:\WINDOWS\system32\530BD9F140.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:56 15360]
"Steam"="c:\steam\steam.exe" [2008-05-24 16:43 1271032]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-11-24 00:18 962560]
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-20 03:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-20 04:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-20 04:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-20 04:10 114688]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-09-28 03:37 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-09-28 03:37 602182]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-09-28 03:41 569413]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-08 10:15 180269]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Corel File Shell Monitor"="C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 19:52 16200]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-03-06 14:56 61440]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 08:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-18 04:27 15600128 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\Program Files\PremierOpinion\pmai.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"l3codecp.acm"= Fraunhofer IIS MPEG Layer-3 Codec
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^lauren^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\lauren\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^lauren^Start Menu^Programs^Startup^MP3 Rocket (silent).lnk]
path=C:\Documents and Settings\lauren\Start Menu\Programs\Startup\MP3 Rocket (silent).lnk
backup=C:\WINDOWS\pss\MP3 Rocket (silent).lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-11-24 00:18 962560 C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 06:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Downloads\\Apps\\Need\\utorrent.exe"=
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

R1 SAVRKBootTasks;Boot Tasks Driver;C:\WINDOWS\system32\SAVRKBootTasks.sys [2007-08-14 09:12]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
S3 malg8xc;malg8xc;C:\WINDOWS\system32\Drivers\malg8xc.sys [2005-06-17 09:11]
S3 malg8xm;malg8xm;C:\WINDOWS\system32\Drivers\malg8xm.sys [2005-06-17 09:13]
S3 malg8xu;malg8xu;C:\WINDOWS\system32\Drivers\malg8xu.sys [2005-06-29 07:55]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\1.tmp []
S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2002-06-13 13:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16bcc7a8-2807-11dc-ba3c-0013ce9e72c0}]
\Shell\AutoRun\command - E:\Autorun.exe /run
\Shell\Shell00\Command - E:\Autorun.exe /run
\Shell\Shell01\Command - E:\Autorun.exe /action
\Shell\Shell02\Command - E:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3d6232d-281c-11dc-ba3d-0013ce9e72c0}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-05 11:17:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Corel Photo Downloader - C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 21:25:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\1.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2008-07-05 21:29:19
ComboFix-quarantined-files.txt 2008-07-05 13:28:59

Pre-Run: 4,654,624,768 bytes free
Post-Run: 4,703,350,784 bytes free

190 --- E O F --- 2007-10-29 12:25:51




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:01 PM, on 5/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Downloads\Apps\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - AppInit_DLLs: C:\Program Files\PremierOpinion\pmai.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 7612 bytes
  • 0

#8
sage5
Posted 05 July 2008 - 09:16 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi mightysparks,

I couldn't delete uTorrent, Ares, Limewire and Pokerstars because other people that use this laptop use them and didn't want me to delete them.


The whole use of P2P (Peer to Peer) programs, likeuTorrent, Ares & Limewire, is risky for a number of reasons:
I will just deal with the security issues, without opening the ethical/copyright can of worms.

a) Most of these apps require some form of port forwarding. This involves forcing router ports to be open to the internet, reducing the security of your hardware/software firewall.

b) You have no way of knowing that what you/others are downloading is infected/compromised.

c) You also have no way of knowing what potentially harmful malware is running on the PCs your computer is being connected to.

d) Many of the P2P & crack/keygen sites are responsible for "drive-by" infections, which then load other malware onto your PC later.

d) Many of the cracks & keygens, provided in the torrents, are infected with Trojans, which then load other malware onto your PC later.

Ultimately the choice is yours, but please be aware that any of these apps, especially ones set to auto-run, can be reinifecting your PC while you are trying to fix it.
So I do need you to remove that auto-run function


By the looks of the log supplied, the fix was not completed/successful.


Please download the following & save to your Desktop:
OTMoveIt2 by OldTimer.


Clean up Registry with a Reg file:
  • Please open a new Notepad file by clicking Start\All Programs\Accessories\Notepad
  • Copy the text from the following Code box, by highlighting all the text and right click, Select Copy. (or use the Ctrl+C keyboard shortcut)
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16bcc7a8-2807-11dc-ba3c-0013ce9e72c0}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3d6232d-281c-11dc-ba3d-0013ce9e72c0}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
  • Paste it into Notepad. Right click in the window and select Paste. (or use Ctrl+V)
  • Save the file to the Desktop, make sure Type is All Files, and name it Fixreg.reg
  • Double click on the file created and click Yes when asked to merge the information into the Registry


Run OTMoveIt2: ---> These files are known malware & must be removed
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Program Files\PremierOpinion
C:\WINDOWS\system32\pmls.dll
  • Return to OTMoveIt, right click on the "Paste list of Files/Folders to be moved" window (under the Yellow bar) and choose Paste.
  • Make sure that there is a tick next to Unregister Dll's and OCX's
  • Click the red Moveit! button.
  • Open Notepad
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy).
  • Paste the text into the Notepad file, click in the window and press Ctrl + V.
  • Click "Exit" to close OTMoveIt.
  • Save the text file as C:\otmove.txt
(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)


Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply & iclude the text from C:\otmove.txt

  • 0

#9
mightysparks
Posted 06 July 2008 - 08:19 AM

mightysparks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
C:\Program Files\PremierOpinion moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\pmls.dll
C:\WINDOWS\system32\pmls.dll NOT unregistered.
C:\WINDOWS\system32\pmls.dll moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07062008_150358



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, July 6, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, July 06, 2008 06:42:31
Records in database: 917719
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\

Scan statistics:
Files scanned: 212922
Threat name: 6
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 04:22:50


File name / Threat name / Threats count
C:\Program Files\xStarter\XstHookDLL.dll Infected: not-a-virus:Monitor.Win32.Hooker.j 1
C:\System Volume Information\_restore{DB6CF184-A90A-45B6-BB69-A6C0875E30BA}\RP193\A0062223.exe Infected: not-a-virus:AdWare.Win32.RK.n 1
C:\System Volume Information\_restore{DB6CF184-A90A-45B6-BB69-A6C0875E30BA}\RP200\A0062635.dll Infected: not-a-virus:AdWare.Win32.BHO.th 1
C:\_OTMoveIt\MovedFiles\07062008_150358\Program Files\PremierOpinion\pmls.dll Infected: not-a-virus:AdWare.Win32.RK.ae 1
C:\_OTMoveIt\MovedFiles\07062008_150358\Program Files\PremierOpinion\pmropn.exe Infected: not-a-virus:AdWare.Win32.RK.ad 1
C:\_OTMoveIt\MovedFiles\07062008_150358\WINDOWS\system32\pmls.dll Infected: not-a-virus:AdWare.Win32.RK.z 1

The selected area was scanned.
  • 0

#10
sage5
Posted 06 July 2008 - 09:30 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi mightysparks,

Re-run OTMoveIt2:
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Program Files\xStarter
  • Return to OTMoveIt, right click on the "Paste list of Files/Folders to be moved" window (under the Yellow bar) and choose Paste.
  • Make sure that there is a tick next to Unregister Dll's and OCX's
  • Click the red Moveit! button.
(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)


Congratulations, your new log looks clear, so we can now deal with some final clean up jobs.

Clean out cookies, temp files etc:
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Cleanup with OTMoveIt:
  • Please double-click OTMoveIt2.exe to run it.
  • Click the Clean up button
  • Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
  • Click Yes to the reboot.

To Clear Restore points, please do the following:
  • Go to Start > Settings > Control Panel.
  • Double-click the System icon.
    • NOTE: If the System icon is not visible, click "View all Control Panel options" to display it.
  • Click the System Restore tab.
  • Put a check by Disable System Restore.
  • Click Apply, OK, OK. Click Yes when you are prompted to restart Windows.
After reboot, you must turn System Restore back on:
  • Go back to the Troubleshooting tab.
  • UNcheck Disable System Restore.
  • Click Apply, OK, OK. Click Yes when you are prompted to restart Windows.

Lastly, some extra or better security for your PC:

The programs recommended below are freeware alternatives to some of your security software & might reduce the potential for spyware infection in the future:-

Spyware Prevention:
Spyware Blaster by JavaCool Software, prevents spyware installing and consumes no system resources.
IE/SpyAd, stops suspect sites loading ActiveX, popups etc onto your PC. An excellent tutorial is Here

Spyware Detection:
[url="http://"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.htm"]Malwarebytes Anti-Malware[/url] is my favourite here.

Anti-Virus:
The first line of defence, especially since some will now detect trojans as well.
Avira's Antivir PersonalEdition Classic and Grisoft's Avast! Free Edition are among the best freebies.
*Please note* You should never install more than one anti-virus program on a PC, as it will cause conflicts.

Firewall:
A Firewall is an essential tool in the security of any PC connected to the Internet.
Sunbelt Personal Firewall and Comodo are both excellent freeware.

Alternate Browsers:
Thankfully, there are now some excellent alternatives to MS Internet Explorer. They offer better security, more stability, and better speed.
A couple of good examples are: Firefox and Opera

Other Updates:
Vital security patches and updates are available for Microsoft Windows and Internet Explorer at the Windows Update Site
It is equally important to update the other security software you use, on a regular basis.

Further reading about these issues is available in a very good article: How did I get infected in the first place ? (by Tony Klein and dvk01)

All the best & safe surfing in the future,

sage5
  • 0

#11
sage5
Posted 27 July 2008 - 03:18 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP