Hi Mike,
Here is the
Hijackthis Log after I have deleted the items which you requested:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:11, on 17/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.runescape.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Clean System Memory 120 Sec. After Startup] C:\Windows\system32\CleanMem.exe 120
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: RaptisoftGameLoader -
http://www.miniclip....tgameloader.cabO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zon...kr.cab30149.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -
http://www.fileplane...C_2.3.6.108.cabO16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) -
https://www.e-games....GamesPlugin.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by20fd.bay20....es/MsnPUpld.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebo...otoUploader.cabO16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) -
http://vanmappub.van...ad/mgaxctrl.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1094183146907O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) -
http://www.acclaim.c.../acclaim_v5.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1124058479688O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
http://www.survival....etup/msxml4.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab30149.cabO16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) -
http://gamedownload....GPlugin7USA.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zon...ro.cab32846.cabO16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
http://us.dl1.yimg.c...utocomplete.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab56907.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cabO16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) -
http://messenger.zon...oF.cab31267.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zon...wn.cab31267.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{F6247EB4-B8D3-48B9-A227-FE029DE00CE9}: NameServer = 192.168.1.254
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 8150 bytes
Here is the
MGADiagnosticLog:
Diagnostic Report (1.7.0095.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-W7R6W-36G2D-RXM63
Windows Product Key Hash: JMAAYkq21Vg31KRcy99frUKjZ9M=
Windows Product ID: 55274-640-2188736-23483
Windows Product ID Type: 0
Windows License Type: Unknown
Windows OS version: 5.1.2600.2.00010100.2.0.pro
CSVLK Server: N/A
CSVLK PID: N/A
ID: {CE89DE15-89F1-4678-8F2C-BFB6EBD3BD81}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.18.7
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-171-1_025D1FF3-85-80004005
Resolution Status: N/A
WgaER Data-->
ThreatID(s): N/A
Version: N/A
WGA Notifications Data-->
Cached Result: 5
File Exists: Yes
Version: 1.7.18.7
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: Microsoft
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office XP Professional with FrontPage - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-171-1_025D1FF3-85-80004005
Browser Data-->
Proxy settings:
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{CE89DE15-89F1-4678-8F2C-BFB6EBD3BD81}</UGUID><Version>1.7.0095.0</Version><OS>5.1.2600.2.00010100.2.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RXM63</PKey><PID>55274-640-2188736-23483</PID><PIDType>0</PIDType><SID>S-1-5-21-1417001333-706699826-1957994488</SID><SYSTEM><Manufacturer>Dell Computer Corporation </Manufacturer><Model>XPS-Z </Model></SYSTEM><BIOS><Manufacturer>Intel Corp.</Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="3"/><Date>20001128000000.000000+000</Date></BIOS><HWID>F80A368F0184C056</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData> <Software><Office><Result>114</Result><Products><Product GUID="{90280409-6000-11D3-8CFE-0050048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office XP Professional with FrontPage</Name><Ver>10</Ver><Val>39476F84C4B4004</Val><Hash>4iCnywwNW1w4s9ukTIwGMGxyGic=</Hash><Pid>54185-640-0000025-17120</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="10" Result="114"/><App Id="16" Version="10" Result="114"/><App Id="17" Version="10" Result="114"/><App Id="18" Version="10" Result="114"/><App Id="1A" Version="10" Result="114"/><App Id="1B" Version="10" Result="114"/></Applications></Office></Software></GenuineResults>
And finally, here is the
MBAM Log:
Malwarebytes' Anti-Malware 1.20
Database version: 960
Windows 5.1.2600 Service Pack 2
12:54:32 PM 17/07/2008
mbam-log-7-17-2008 (12-54-32).txt
Scan type: Quick Scan
Objects scanned: 38607
Time elapsed: 14 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
To prevent virus from lodging themselves in my computer, could you also recommend some software that would help? I don't want to go through ALL of this again. At the moment I have COMODO Firewall PRO as a firewall, and MBAM as a malware remover. I also have CCleaner, Defraggler, and I bought TuneUp2008. Is there anything else you recommend I add to my "arsenal"?
Thank you for all your help, it's greatly appreciated. You've saved me a few years of my life