TheTechGuide Forum
General Category => Tech Clinic => Topic started by: Heather on September 19, 2007, 07:43:25 PM
-
problems with Kerio are causing AVS to refuse to install.
thanks, Heather
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:40:02 PM, on 9/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Verizon\McciBrowser.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-431566318-4074410564-2899063045-1008.bak\..\Run: [Sonic RecordNow!] (User '?')
O4 - HKUS\S-1-5-21-431566318-4074410564-2899063045-1008.bak\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet (User '?')
O4 - HKUS\S-1-5-21-431566318-4074410564-2899063045-1008.bak\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-431566318-4074410564-2899063045-1008.bak\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart (User '?')
O4 - HKUS\S-1-5-21-431566318-4074410564-2899063045-1008.bak\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab (http://\"https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab\")
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB (http://\"http://support.dell.com/systemprofiler/SysPro.CAB\")
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (http://\"http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab\")
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab (http://\"http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab\")
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - Unknown owner - C:\Program Files\ewido anti-malware\ewidoctrl.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (file missing)
--
End of file - 8709 bytes
-
Are you planning to replace Kerio?
Where is you anti-virus software?
problems with Kerio are causing AVS to refuse to install.
Are you talking about Active Virus Shield?
It is no longer being offered
-
yes I would like to replace Kerio,
do you have a good substitute for the Active Virus Shield?
I had AVS and was having problems getting it to run so I tried to un-re-install it, when downloading it there was an alert of problem with firewall, tried to disable firewall, couldn't. Treid to un-install firewall, couldn't. now here I am. I also cannot open Rhapsody, don't know if there are any other problems. I figured something went kaput when I rolled back to June reset date.
-
Kerio looks like it's not running properly
If you can't uninstall it from add/remove programs
Try a manual uninstall
First, go to the following link and download and install CCleaner
DO NOT Install the YAHOO toolbar when installing unless you want it, which you probably don't
So DESELECT it during the installation
We will need CCleaner later
PRINT THE REST OF THESE INSTRUCTIONS OR SAVE THEM TOO A TEXT FILE ON DESKTOP FOR REFERENCE
Afterwards
Reboot into safe mode
In safe mode do the following
Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- Sunbelt Kerio Personal Firewall 4
Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled
APPLY it and OK it
Do the same for this service name
Webroot Spy Sweeper Engine
If Ewido is no longer installed, do the same for this service name too
ewido security suite control
Remain in safe mode and go to START>>RUN
type the following EXACTLY as I have posted in bold below and hit OK after each
sc delete KPF4
and then this one
sc delete svcWRSSSDK
Delete this file
C:\WINDOWS\system32\drivers\fwdrv.sys <-file
And these folders if found
C:\Program Files\Sunbelt Software <-folder
C:\Program Files\Webroot <-folder
Reboot the computer
Run CCleaner
Next: click Options click the Advanced button
Uncheck: "Only delete files in Windows temp folders older than 48 hrs."
NEXT: Click the Cleaner
Then click Run Cleaner (bottom right)
OK the prompt, when finished scanning,
Click the Issues (Registry) button
Click Scan for Issues
Let this finish then Select all issues and make a backup and Fix all selected issues
Reboot the computer again
Back In Windows enter the Windows control panel and ensure the Firewall is active
Let me know how things are running afterwards
Also post a fresh hijackthis log
-
for some reason when I boot to safe my keyboard will not work therefore I am not able to carry out instructions.
????? it is a regular corded keyboard connector pre-USB
-
Try the instructions in regular windows
-
Delete this file
C:\WINDOWS\system32\drivers\fwdrv.sys <-file
this file was not there but there was a file fwdrv.err I did not touch it
Back In Windows enter the Windows control panel and ensure the Firewall is active
I did this but it is still showing kerio as active as well. kerio still exists in the add/remove programs area
here's the log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:32 PM, on 9/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab (http://\"https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab\")
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB (http://\"http://support.dell.com/systemprofiler/SysPro.CAB\")
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (http://\"http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab\")
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab (http://\"http://www.popcap.com/games/popcaploader_v6.cab\")
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 7415 bytes
-
Let's see what the following brings
supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
Also, if you have an older version of Combofix, Delete it
Then>>Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe\") and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post back the log from combofix
-
ABBYY FineReader 5.0 Sprint
Adobe Acrobat 4.0
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
Apple Software Update
Before You Know It 3.6
Bonjour
CCleaner (remove only)
CCScore
Championship Bass
Coupon Printer for Windows
DA920EN
DD Tournament Poker 1.2
Dell AIO Printer A920
Dell Digital Jukebox Driver
Dell Media Experience
Dell ResourceCD
Dell Solution Center
Dell Support 5.0.0 (766)
DVDSentry
EA Network Play System
EA SPORTS online 2004
EarthLink Setup Files
EAX(tm) Unified (SHELL)
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
EVEREST Home Edition v2.20
FaxTools
FinePixViewer Ver.4.0
FUJIFILM USB Driver
Google Earth
Google Toolbar for Internet Explorer
Hamsterball
HijackThis 2.0.2
HLPPDOCK
HP Imaging Device Functions 7.0
HP Photosmart Cameras 7.0
HP Photosmart Premier Software 6.5
HP Software Update
HP Solution Center 7.0
ImageMixer VCD for FinePix
Indeo® software
In-Fisherman Freshwater Trophies
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet
Internet Explorer Default Page
iPod for Windows 2005-09-23
iPod for Windows 2006-03-23
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Logitech Desktop Messenger
Logitech MouseWare 9.79.1
Logitech Resource Center
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Event Monitor
Modem Helper
Modem On Hold
MSN
MSN Music Assistant
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
Muppets - Bright2
MUSICMATCH® Jukebox
My Disney Kitchen
Napster for Windows Media Player
Notifier
OfotoXMI
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Secure Module 4.4.00
OTtBP
OTtBPSDK
Pokémon
Poker Superstars
PowerDVD
Pro Fishing 3D
ProModule: PowerPoint Support
ProModule: Quick Message
ProModule: SongSelect 3.0 Support
ProModule: SongSelect Lyrics Service Import
ProModule: Transitions 1
ProModule: Transitions 2
ProModule: Transitions 3
ProModule: Transitions 4
ProModule: Video Background
ProModule: Visualizations 1
ProModule: Visualizations 2
ProModule: Visualizations 3
ProModule: Visualizations 4
QuickTime
RAW FILE CONVERTER LE
RealArcade
RealPlayer
Rhapsody
Sansa Media Converter
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
SFR
SHASTA
Shockwave
SKIN0001
SKINXSDK
SongShow Plus
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SonicStage 3.4
SpywareBlaster v3.5.1
SspSamples: Bible Atlas Images
SspSamples: Creative Interlude Sampler 2
SspSamples: Digital Hotcakes
SspSamples: Digital Juice Images
SspSamples: Digital Juice Jumpbacks
SspSamples: Whitmer Photography
SspSamples: WorshipFilms
SspSamples: WorshipScapes Images
SspSamples: WorshipScapes Videos
Starshine Episode 1
staticcr
Sunbelt Kerio Personal Firewall
Tiger Woods PGA TOUR 2004
Verizon Online DSL
Verizon Online Help and Support
VPRINTOL
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 2
WinZip
WinZip Self-Extractor
WIRELESS
WordPerfect Office 11
Yahoo! extras
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Photos Easy Upload Tool
Yahoo! Photos Print-at-Home Tool
-
ComboFix 07-09-21.2 - "Heather" 2007-09-21 23:00:26.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.257 [GMT -7:00]
* Created a new restore point
.
[color=\"red\"] Rootkit driver pe386 is present. ... attempting disinfection [/color]
[color=\"red\"] Rootkit driver msguard is present. ... attempting disinfection [/color]
[color=\"red\"] Rootkit driver lzx32 is present. ... attempting disinfection [/color]
[color=\"red\"] Rootkit driver huy32 is present. ... attempting disinfection [/color]
[color=\"red\"] Rootkit driver xpdt is present. ... attempting disinfection [/color]
[color=\"red\"] Rootkit driver pe386 is still present. A rootkit scan is required [/color]
[color=\"red\"] Rootkit driver msguard is still present. A rootkit scan is required [/color]
[color=\"red\"] Rootkit driver lzx32 is still present. A rootkit scan is required [/color]
[color=\"red\"] Rootkit driver huy32 is still present. A rootkit scan is required [/color]
[color=\"red\"] Rootkit driver xpdt is still present. A rootkit scan is required [/color]
((((((((((((((((((((((((( Files Created from 2007-08-22 to 2007-09-22 )))))))))))))))))))))))))))))))
.
2007-09-20 22:25 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-09-20 22:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-09-20 22:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-09-14 00:31 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-13 23:32 76,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-09-13 22:34 <DIR> d-------- C:\DOCUME~1\Heather\.housecall6.6
2007-09-13 21:49 <DIR> d-------- C:\Program Files\Error Expert
2007-09-13 19:44 <DIR> d-------- C:\KAV
2007-09-04 10:08 <DIR> d-------- C:\Program Files\MyWebSearchWB
2007-09-04 10:08 <DIR> d-------- C:\Program Files\AWS
2007-09-04 10:08 <DIR> d-------- C:\DOCUME~1\Heather\APPLIC~1\WeatherBug
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-21 15:37 --------- d-------- C:\Program Files\ewido anti-malware
2007-09-13 19:33 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-09-13 19:22 --------- d-------- C:\Program Files\Rhapsody
2007-09-13 18:49 --------- d-------- C:\Program Files\Real
2007-09-13 18:47 --------- d-------- C:\DOCUME~1\Heather\APPLIC~1\Real
2007-09-08 23:59 --------- d-------- C:\DOCUME~1\Heather\APPLIC~1\U3
2007-08-16 00:10 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
2007-08-13 15:18 --------- d-------- C:\DOCUME~1\Heather\APPLIC~1\Ahead
2007-08-13 15:07 --------- d-------- C:\Program Files\Common Files\LightScribe
2007-08-13 15:00 --------- d-------- C:\Program Files\Common Files\Ahead
2007-08-13 14:57 --------- d-------- C:\Program Files\Nero
2007-08-13 14:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-08-12 06:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
2007-08-12 06:56 --------- d-------- C:\Program Files\Verizon
2007-02-20 12:51 439296 --a------ C:\DOCUME~1\Heather\GoToAssist_phone__317_en.exe
2007-02-17 21:07 8 --a------ C:\DOCUME~1\Heather\APPLIC~1\usb.dat.bin
2006-02-19 04:28 12288 --a------ C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 18:12]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 10:50 C:\WINDOWS\LOGI_MWX.EXE]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-17 00:24]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 14:37]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 15:24]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
DESKTOP.INI [2002-09-03 07:00:00]
C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]
C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]
C:\DOCUME~1\Heather\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]
C:\DOCUME~1\Tim\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
.
Contents of the 'Scheduled Tasks' folder
"2007-09-20 00:13:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2004-04-17 03:57:12 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
"2007-01-02 03:58:06 C:\WINDOWS\Tasks\WebReg .job"
- C:\Program Files\HP\digital imaging\bin\hpqwrg.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2007-09-21 23:07:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-21 23:09:21 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-21 23:09
C:\ComboFix2.txt ... 2007-09-14 00:39
.
--- E O F ---
-
Download Rustbfix from one of these locations:
http://www.uploads.ejvindh.net/rustbfix.exe (http://\"http://www.uploads.ejvindh.net/rustbfix.exe\")
http://uploads.ejvindh.andymanchesta.com/Rustbfix.exe (http://\"http://uploads.ejvindh.andymanchesta.com/Rustbfix.exe\")
...and save it to your desktop.
Double click on rustbfix.exe to run the tool. If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically. After the reboot 2 logfiles will open (%root%\avenger.txt & %root%\rustbfix\pelog.txt).
Post the contents of both logfiles from Rustbfix
Post a fresh hijackthis log
With the above logs, also do the following
Download and save too your desktop
[color=\"#FF0000\"]fsbl.exe[/color] (http://\"https://europe.f-secure.com/exclude/blacklight/fsbl.exe\")
(F-Secure Blacklight)
Double click to run fsbl.exe
* Accept the user agreement.
* Click Scan.
* After the scan finishes, click on Next, then Exit.
Do not rename any files if found by blacklight, I need to see the log
BlackLight will create a log on your desktop with the name "fsbl-xxxxxxx.log".
It may take more than one reply to post all the info, please do so if needed
-
************************* Rustock.b-fix v. 1.01 -- By ejvindh *************************
Sat 09/22/2007 23:39:45.59
No Rustock.b-rootkits found
******************************* End of Logfile ********************************
this was the only log found.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:49 PM, on 9/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab (http://\"https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab\")
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB (http://\"http://support.dell.com/systemprofiler/SysPro.CAB\")
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (http://\"http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab\")
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab (http://\"http://www.popcap.com/games/popcaploader_v6.cab\")
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 7426 bytes
-
09/22/07 23:42:18 [Info]: BlackLight Engine 1.0.64 initialized
09/22/07 23:42:18 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/22/07 23:42:18 [Note]: 7019 4
09/22/07 23:42:18 [Note]: 7005 0
09/22/07 23:42:22 [Note]: 7006 0
09/22/07 23:42:22 [Note]: 7011 1516
09/22/07 23:42:23 [Note]: 7026 0
09/22/07 23:42:23 [Note]: 7026 0
09/22/07 23:42:29 [Note]: FSRAW library version 1.7.1022
09/22/07 23:55:29 [Note]: 7007 0
hope this is helpful
-
Ensure the Windows Firewall is running
Let's try some cleaning and updating of software that is left behind or outdated
Do a "System scan only" with Hijackthis and put a check next to these entries:
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab (http://\"http://www.popcap.com/games/popcaploader_v6.cab\")
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot the computer
Back in Windows, it does not appear that Symantec's got fully uninstalled when you removed it at one time
I suggest that you follow the instructions on their website for removal
Use STEP 3, the removal tool
Click HERE (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2007080716254939?Open&docid=2005033108162039&nsf=tsgeninfo.nsf&view=docid\")
[color=\"blue\"]Your Java Runtime Environment is out of date.[/color] Older versions have vulnerabilities that malware can use to infect your system.- Download the latest version of Java Runtime Environment (JRE) 6u2 (http://\"http://java.sun.com/javase/downloads/index.jsp\").
- Scroll down to where it says "Java Runtime Environment (JRE) 6u2, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement[/i]".
- The page will refresh.
- Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (13.90 MB).
DON'T install it yet
Close all browser windows, including this one
# Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
# Check any item with Java Runtime Environment (JRE or J2SE) in the name
# Click the Remove or Change/Remove button.
# Repeat as many times as necessary to remove each Java versions.
Examples of older versions:
Java SE Runtime Environment 5 Update 6
Java SE Runtime Environment 5 Update 11
Java 2 Runtime Environment, SE v1.4.2
Reboot the computer
Back in Windows go ahead and install the latest version for the installer on desktop
Concerning Sunbelt Kerio
Can you try reinstalling the software and then perform a proper uninstall
You can redownload it from here
http://www.sunbelt-software.com/Home-Home-...ewall/Download/ (http://\"http://www.sunbelt-software.com/Home-Home-Office/Sunbelt-Personal-Firewall/Download/\")
Download Dr.Web CureIt to the desktop from this link
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe (http://\"ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe\")
Double click to run Dr.Web-cureit.exe from desktop- Allow to run the express scan
- This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, Click Options > Change settings
- Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
- Back at the main window, mark the drives that you want to scan.
- Select all drives. A red dot shows which drives have been chosen.
- Click the green arrow at the right, and the scan will start.
- Click 'Yes to all' if it asks if you want to cure/move the file.
- When the scan has finished, look if you can click next icon next to the files found: (http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif)
- If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
(http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif)
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured.
- After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
- Save the report to your desktop. The report will be called DrWeb.csv
- Close Dr.Web Cureit.
- Reboot your computer
Post the report from Dr. Web
I think there may have been a false alarm with the Combofix results
Can you delete your copy of combofix
Download it again from [color=\"#2E8B57\"]Here[/color] (http://\"http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe\")
Run it and post the new log from it again and a fresh hijackthis log
-
Check any item with Java Runtime Environment (JRE or J2SE) in the name
# Click the Remove or Change/Remove button.
# Repeat as many times as necessary to remove each Java versions.
Examples of older versions:
Java SE Runtime Environment 5 Update 6
Java SE Runtime Environment 5 Update 11
Java 2 Runtime Environment, SE v1.4.2
at the point of uninstalling the older java I recieved this error message [attachment=3911:uninstall_error.bmp]
I recieve same message when trying to uninstall kerio
Back in Windows go ahead and install the latest version for the installer on desktop
waiting till further instructed regarding failed uninstall
will com-plete and respond to the rest of the instructions in next post
-
Just carry on, do what you can and let me know what you couldn't accomplish afterwards
-
pv.exe;C:\Documents and Settings\Heather\Desktop\Unused Desktop Shortcuts\smitRem;Program.PrcView.3741;Moved.;
pnmi3270.dll;C:\Program Files\Common Files\Real\Update_OB;Trojan.Adshow.origin;Incurable.Moved.;
SonicLicenseManager.dll;C:\Program Files\Common Files\Sonic Shared;Trojan.DownLoader.origin;Incurable.Moved.;
Process.exe;C:\Program Files\HaxFix;Tool.Prockill;Moved.;
installmetrics.dll;C:\Program Files\HP\Temp\{3F556FFA-B0C6-404d-992B-05BB0B10849C}\setup;Adware.Ttc.origin;Moved.;
Ojbsir.exe;C:\Program Files\Sony\SonicStage;Adware.Aid.origin;Moved.;
backup-20070923-150803-593.dll;C:\Program Files\Trend Micro\HijackThis\backups;Program.PopcapLoader;Moved.;
HPFix.reg;C:\SDFix\apps;Trojan.StartPage.1505;Deleted.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Moved.;
A0035840.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP433;Tool.ShutDown.11;Moved.;
A0035841.ocx;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP433;Adware.Gdown;Moved.;
A0040234.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP436;Program.PopcapLoader;Moved.;
A0145573.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP525;Trojan.Adshow.origin;Incurable.Moved.;
A0145574.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP525;Trojan.DownLoader.origin;Incurable.Moved.;
A0145575.reg;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP525;Trojan.StartPage.1505;Deleted.;
popcaploader.dll;C:\WINDOWS\Downloaded Program Files;Program.PopcapLoader;Moved.;
process.exe;C:\WINDOWS\SYSTEM32;Tool.Prockill;Moved.;
ComboFix 07-09-21.2 - "Heather" 2007-09-24 1:46:14.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.245 [GMT -7:00]
.
((((((((((((((((((((((((( Files Created from 2007-08-24 to 2007-09-24 )))))))))))))))))))))))))))))))
.
2007-09-22 23:38 <DIR> d-------- C:\Rustbfix
2007-09-20 22:25 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-09-20 22:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-09-20 22:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-09-14 00:31 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-13 23:32 76,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-09-13 22:34 <DIR> d-------- C:\DOCUME~1\Heather\.housecall6.6
2007-09-13 21:49 <DIR> d-------- C:\Program Files\Error Expert
2007-09-13 19:44 <DIR> d-------- C:\KAV
2007-09-04 10:08 <DIR> d-------- C:\Program Files\MyWebSearchWB
2007-09-04 10:08 <DIR> d-------- C:\Program Files\AWS
2007-09-04 10:08 <DIR> d-------- C:\DOCUME~1\Heather\APPLIC~1\WeatherBug
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-23 22:05 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-09-21 15:37 --------- d-------- C:\Program Files\ewido anti-malware
2007-09-13 19:33 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-09-13 19:22 --------- d-------- C:\Program Files\Rhapsody
2007-09-13 18:49 --------- d-------- C:\Program Files\Real
2007-09-13 18:47 --------- d-------- C:\DOCUME~1\Heather\APPLIC~1\Real
2007-09-08 23:59 --------- d-------- C:\DOCUME~1\Heather\APPLIC~1\U3
2007-08-16 00:10 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
2007-08-13 15:18 --------- d-------- C:\DOCUME~1\Heather\APPLIC~1\Ahead
2007-08-13 15:07 --------- d-------- C:\Program Files\Common Files\LightScribe
2007-08-13 15:00 --------- d-------- C:\Program Files\Common Files\Ahead
2007-08-13 14:57 --------- d-------- C:\Program Files\Nero
2007-08-13 14:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-08-12 06:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
2007-08-12 06:56 --------- d-------- C:\Program Files\Verizon
2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\SYSTEM32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2007-07-18 23:59 3583488 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-07-12 16:31 765952 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\vgx.dll
2007-06-27 07:34 823808 --a-s---- C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-06-27 07:34 671232 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-06-27 07:34 6058496 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-06-27 07:34 52224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-06-27 07:34 477696 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-06-27 07:34 459264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-06-27 07:34 44544 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-06-27 07:34 384512 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-06-27 07:34 383488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-06-27 07:34 27648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-06-27 07:34 267776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-06-27 07:34 232960 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-06-27 07:34 230400 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-06-27 07:34 193024 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-06-27 07:34 153088 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-06-27 07:34 132608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-06-27 07:34 124928 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-06-27 07:34 1152000 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-06-27 07:34 105984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-06-27 07:34 102400 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-06-27 01:27 63488 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-06-27 01:27 625152 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-06-27 01:27 13824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-06-27 00:00 161792 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-06-26 22:10 317440 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\unregmp2.exe
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msxml3.dll
2007-02-20 12:51 439296 --a------ C:\DOCUME~1\Heather\GoToAssist_phone__317_en.exe
2007-02-17 21:07 8 --a------ C:\DOCUME~1\Heather\APPLIC~1\usb.dat.bin
2006-02-19 04:28 12288 --a------ C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((( snapshot_2007-09-21_230848.79 )))))))))))))))))))))))))))))))))))))))))
.
-c----w 414,208 2006-10-19 04:47:16 C:\WINDOWS\$NtUninstallKB929399$\msscp.dll
-c----w 213,216 2005-06-28 17:23:26 C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 17:23:54 C:\WINDOWS\$NtUninstallKB929399$\spuninst\updspapi.dll
-c----w 10,834,432 2006-10-19 04:47:20 C:\WINDOWS\$NtUninstallKB936782_WMP11$\wmp.dll
-c----w 213,216 2005-06-28 17:23:26 C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 17:23:54 C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\updspapi.dll
-c----w 315,904 2006-11-02 01:31:34 C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe
-c----w 213,216 2005-06-28 17:23:26 C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 17:23:54 C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi.dll
----a-w 317,440 2007-06-27 05:10:26 C:\WINDOWS\INF\unregmp2.exe
----a-w 414,720 2006-12-04 23:21:50 C:\WINDOWS\SYSTEM32\msscp.dll
----a-w 10,834,944 2007-06-12 06:51:12 C:\WINDOWS\SYSTEM32\wmp.dll
----a-w 414,720 2006-12-04 23:21:50 C:\WINDOWS\SYSTEM32\DLLCACHE\msscp.dll
----a-w 10,834,944 2007-06-12 06:51:12 C:\WINDOWS\SYSTEM32\DLLCACHE\wmp.dll
.
----a-w 315,904 2006-11-02 01:31:34 C:\WINDOWS\INF\unregmp2.exe
----a-w 414,208 2006-10-19 04:47:16 C:\WINDOWS\SYSTEM32\msscp.dll
----a-w 10,834,432 2006-10-19 04:47:20 C:\WINDOWS\SYSTEM32\wmp.dll
----a-w 414,208 2006-10-19 04:47:16 C:\WINDOWS\SYSTEM32\DLLCACHE\msscp.dll
----a-w 10,834,432 2006-10-19 04:47:20 C:\WINDOWS\SYSTEM32\DLLCACHE\wmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 18:12]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 10:50 C:\WINDOWS\LOGI_MWX.EXE]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-17 00:24]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 14:37]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 15:24]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
DESKTOP.INI [2002-09-03 07:00:00]
C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]
C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]
C:\DOCUME~1\Heather\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]
C:\DOCUME~1\Tim\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
S0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS
S1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
S1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
S3 VisorUsb;Handspring USB;C:\WINDOWS\system32\DRIVERS\VisorUsb.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{409de366-aeb2-11db-b001-000cf1e5dee4}]
AutoRun\command- G:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-09-20 00:13:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2004-04-17 03:57:12 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
"2007-01-02 03:58:06 C:\WINDOWS\Tasks\WebReg .job"
- C:\Program Files\HP\digital imaging\bin\hpqwrg.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2007-09-24 01:49:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-09-24 1:51:03
C:\ComboFix-quarantined-files.txt ... 2007-09-24 01:50
C:\ComboFix2.txt ... 2007-09-21 23:09
C:\ComboFix3.txt ... 2007-09-14 00:39
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:53:25 AM, on 9/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab (http://\"https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab\")
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB (http://\"http://support.dell.com/systemprofiler/SysPro.CAB\")
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (http://\"http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab\")
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab\")
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 7041 bytes
-
I'm unsure of what steps you were able to accomplish, by the looks of the combofix log you might of been able to reinstall
Kerio
Did you? Were you then able to uninstall it?
-
no it will not uninstall or reinstall. it bog's at the end of installation with the error notice I attached a couple of posts ago. same error shows up when I try to uninstall. my computer shows it running though, I just cannot access it to turn it off or to uninstall it. very frustrating as I suspect it is what is keeping some other programs from working or updating properly.
is there some other way to get rid of it?
-
Download Windows Install cleanup utility
from this link
msicuu2.exe (http://\"http://download.microsoft.com/download/e/9/d/e9d80355-7ab4-45b8-80e8-983a48d5e1bd/msicuu2.exe\")
After installation, go to start>>All programs>>Windows Install Clean Up
Run the tool
Do you see the older version of Java and/or kerio in the list?
-
Do you see the older version of Java and/or kerio in the list?
yes they are both there
-
Close down browser windows
Open the Windows cleanup utility and highlight both Kerio and the older version of Java
Then select Remove
When finished reboot your computer
Afterwards, can you do the following
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] (http://\"http://deckard.geekstogo.com/dss.exe\") to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.
Post the contents of main.txt and extra.txt
-
ok, here are the log's
the security center is still showing Kerio as running
should I try to complete the java installation?
thanks, Heather
Deckard's System Scanner v20070905.67
Run by Heather on 2007-09-29 14:08:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
102: 2007-09-29 21:08:16 UTC - RP532 - Deckard's System Scanner Restore Point
101: 2007-09-29 06:49:47 UTC - RP531 - Installed Windows Installer Clean Up
100: 2007-09-29 01:18:48 UTC - RP530 - System Checkpoint
99: 2007-09-28 01:05:55 UTC - RP529 - System Checkpoint
98: 2007-09-27 00:46:51 UTC - RP528 - System Checkpoint
-- First Restore Point --
1: 2007-07-02 03:46:58 UTC - RP431 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
[color=\"red\"]Total Physical Memory: 510 MiB (512 MiB recommended).[/color]
-- HijackThis (run as Heather.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:10:01 PM, on 9/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Heather\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Heather.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab (http://\"https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab\")
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB (http://\"http://support.dell.com/systemprofiler/SysPro.CAB\")
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (http://\"http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab\")
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll\")
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab (http://\"http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab\")
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 7030 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20070923-150803-593 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab (http://\"http://www.popcap.com/games/popcaploader_v6.cab\")
backup-20070923-150803-813 O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
backup-20070923-150803-959 O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 agp440 (Intel AGP Bus Filter) - c:\windows\\systemroot\system32\drivers\agp440.sys (file missing)
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
S0 SSI - c:\windows\system32\drivers\ssi.sys (file missing)
S1 fwdrv (Firewall Driver) - c:\windows\system32\drivers\fwdrv.sys (file missing)
S1 khips (Kerio HIPS Driver) - c:\windows\system32\drivers\khips.sys (file missing)
S3 catchme - c:\docume~1\heather\locals~1\temp\catchme.sys (file missing)
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 SQTECH905C (DualCamera) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
S3 VisorUsb (Handspring USB) - c:\windows\system32\drivers\visorusb.sys <Not Verified; Handspring, Inc; Visor®>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
S4 ewido security suite control - c:\program files\ewido anti-malware\ewidoctrl.exe (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2007-09-26 17:13:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-01-01 20:58:06 218 --a------ C:\WINDOWS\Tasks\WebReg .job
2004-04-16 20:57:12 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job
-- Files created between 2007-08-29 and 2007-09-29 -----------------------------
2007-09-28 23:49:49 0 d-------- C:\Program Files\Windows Installer Clean Up
2007-09-28 23:49:30 0 d-------- C:\Program Files\MSECACHE
2007-09-26 23:55:02 0 d-------- C:\Documents and Settings\Heather\Application Data\Move Networks
2007-09-22 23:38:52 0 d-------- C:\Rustbfix
2007-09-21 15:37:22 0 dr-h----- C:\Documents and Settings\Heather\Recent
2007-09-20 22:25:54 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-20 22:24:04 0 d-------- C:\WINDOWS\system32\LogFiles
2007-09-20 22:24:04 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-14 00:31:34 0 d-------- C:\Program Files\Trend Micro
2007-09-13 22:34:30 0 d-------- C:\Documents and Settings\Heather\.housecall6.6
2007-09-13 21:49:53 0 d-------- C:\Program Files\Error Expert
2007-09-13 19:44:28 0 d-------- C:\KAV
2007-09-04 10:08:50 0 d-------- C:\Documents and Settings\Heather\Application Data\WeatherBug
2007-09-04 10:08:40 0 d-------- C:\Program Files\MyWebSearchWB
2007-09-04 10:08:34 0 d-------- C:\Program Files\AWS
-- Find3M Report ---------------------------------------------------------------
2007-09-23 22:05:57 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-09-21 15:37:47 0 d-------- C:\Program Files\ewido anti-malware
2007-09-13 19:22:07 0 d-------- C:\Program Files\Rhapsody
2007-09-13 18:49:19 0 d-------- C:\Program Files\Real
2007-09-13 18:47:50 0 d-------- C:\Documents and Settings\Heather\Application Data\Real
2007-09-13 18:46:27 4 --a------ C:\WINDOWS\system32\D1EE9F
2007-09-08 23:59:52 0 d-------- C:\Documents and Settings\Heather\Application Data\U3
2007-08-25 14:11:36 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-13 15:18:35 0 d-------- C:\Documents and Settings\Heather\Application Data\Ahead
2007-08-13 15:07:35 0 d-------- C:\Program Files\Common Files\LightScribe
2007-08-13 15:07:34 0 d-------- C:\Program Files\Common Files
2007-08-13 15:00:48 0 d-------- C:\Program Files\Common Files\Ahead
2007-08-13 14:57:51 0 d-------- C:\Program Files\Nero
2007-08-12 06:56:32 0 d-------- C:\Program Files\Verizon
2007-07-09 19:46:46 164 --a------ C:\install.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 06:12 PM]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 10:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 09:35 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 09:32 AM]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [01/07/2006 02:36 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/17/2006 12:24 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 03:41 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [03/11/2007 02:37 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/01/2007 03:24 PM]
C:\Documents and Settings\Heather\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 7:00:00 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
DESKTOP.INI [9/3/2002 7:00:00 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{409de366-aeb2-11db-b001-000cf1e5dee4}]
AutoRun\command- G:\LaunchU3.exe
-- End of Deckard's System Scanner: finished at 2007-09-29 14:11:57 ------------
Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 509.98 MiB / 273.38 MiB
Pagefile Memory (total/avail): 1248.75 MiB / 1075.04 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1965.83 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 74.47 GiB total, 45.38 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - WDC WD800BB-75FRA0 - 74.5 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 74.47 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FW: Sunbelt Kerio Personal Firewall v4.3.268 T (Sunbelt Kerio)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Heather\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NEWMAN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Heather
LOGONSERVER=\\NEWMAN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Heather\LOCALS~1\Temp
TMP=C:\DOCUME~1\Heather\LOCALS~1\Temp
USERDOMAIN=NEWMAN
USERNAME=Heather
USERPROFILE=C:\Documents and Settings\Heather
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Heather (admin)
Tim (admin)
Administrator (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> Dummy
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Before You Know It 3.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A244658E-84E5-4F3B-87D3-5FB993BF6325}\Setup.exe" -l0x9
Bonjour --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D} /l1033
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Championship Bass --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EA SPORTS\Championship Bass\Uninst.isu"
Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
DA920EN --> MsiExec.exe /X{C1E5DF32-8248-4347-908C-E030EDAE4368}
DD Tournament Poker 1.2 --> "C:\Program Files\ddpoker\UninstallerData\Uninstall poker.exe"
Dell AIO Printer A920 --> C:\WINDOWS\System32\spool\drivers\w32x86\3\DLBKUN5C.EXE -dDell AIO Printer A920
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support 5.0.0 (766) --> rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
EA Network Play System --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\uninst.isu"
EA SPORTS online 2004 --> C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
EarthLink Setup Files --> MsiExec.exe /X{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}
EAX(tm) Unified (SHELL) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative Labs\EAX(tm) Unified (SHELL)\Uninst.isu"
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
EVEREST Home Edition v2.20 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
FaxTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
FinePixViewer Ver.4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
Hamsterball --> C:\PROGRA~1\YAHOO!~1\HAMSTE~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!~1\HAMSTE~1\INSTALL.LOG
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Cameras 7.0 --> C:\Program Files\HP\Digital Imaging\{3F556FFA-B0C6-404d-992B-05BB0B10849C}\setup\hpzscr01.exe -datfile hpiscr02.dat
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
ImageMixer VCD for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe"
In-Fisherman Freshwater Trophies --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64963FAF-E357-4B8E-BDB6-A02C9F6C2D4E}
Indeo® software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Uninst.isu" -c"C:\Program Files\Intel\Indeo\SavedSystemFiles\indounin.dll"
Intel® 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iPod for Windows 2005-09-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}
iPod for Windows 2006-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0010_198756\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.79.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech Resource Center --> C:\PROGRA~1\Logitech\RESOUR~1\rem\UNWISE.EXE C:\PROGRA~1\Logitech\RESOUR~1\rem\INSTALL.LOG
Macromedia Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Encarta Encyclopedia Standard 2004 --> MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Heather\Application Data\Move Networks\ie_bin\Uninst.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar1.02.3000.1001\en-us\mtbs.exe c
Muppets - Bright2 --> C:\WINDOWS\IsUninst.exe -fc:\MUPPETS\bright2\Uninst.isu
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~2\unmatch.exe
My Disney Kitchen --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\DISNEY~1\MYDISN~1\DeIsL1.isu
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OpenMG Limited Patch 4.4-06-13-19-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.4-06-13-19-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.4.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{CFB17307-B244-4EAD-AE8E-CDAF440477C2} UNINSTALL
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Poker Superstars --> C:\PROGRA~1\YAHOO!~1\POKERS~1\UNWISE.EXE C:\PROGRA~1\YAHOO!~1\POKERS~1\INSTALL.LOG
Pokémon --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Pokémon\Uninst.isu"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Pro Fishing 3D --> C:\WINDOWS\IsUninst.exe -f"C:\Head Games\Pro Fishing 3D\P3DFish.isu"
ProModule: PowerPoint Support --> C:\PROGRA~1\R-TECH~1\SONGSH~1\Modules\POWERP~1\UNWISE.EXE C:\PROGRA~1\R-TECH~1\SONGSH~1\Modules\POWERP~1\INSTALL.LOG
ProModule: Quick Message --> C:\PROGRA~1\R-TECH~1\SONGSH~1\Modules\QUICKM~1\UNWISE.EXE C:\PROGRA~1\R-TECH~1\SONGSH~1\Modules\QUICKM~1\INSTALL.LOG
ProModule: SongSelect 3.0 Support --> C:\PROGRA~1\R-TECH~1\SONGSH~1\Modules\SONGSE~1\UNWISE.EXE C:\PROGRA~1\R-TECH~1\SONGSH~1\Modules\SONGSE~1\INSTALL.LOG
ProModule: SongSelect Lyrics Service Import --> C:\PROGRA~1\R-TECH~1\SONGSH~1\Modules\LYRICS~1\UNWISE.EXE C:\PROGRA~1\R-TECH~1\SONGSH~1\Modules\LYRICS~1\INSTALL.LOG
ProModule: Transitions 1 --> C:\PROGRA~1\R-TECH~1\PROMOD~1\TRANSI~1\UNWISE.EXE C:\PROGRA~1\R-TECH~1\PROMOD~1\TRANSI~1\INSTALL.LOG
ProModule: Transitions 2 --> C:\PROGRA~1\R-TECH~1\PROMOD~1\TRANSI~2\UNWISE.EXE C:\PROGRA~1\R-TECH~1\PROMOD~1\TRANSI~2\INSTALL.LOG
ProModule: Transitions 3 --> C:\PROGRA~1\R-TECH~1\PROMOD~1\TRANSI~3\UNWISE.EXE C:\PROGRA~1\R-TECH~1\PROMOD~1\TRANSI~3\INSTALL.LOG
ProModule: Transitions 4 --> C:\PROGRA~1\R-TECH~1\PROMOD~1\TRANSI~4\UNWISE.EXE C:\PROGRA~1\R-TECH~1\PROMOD~1\TRANSI~4\INSTALL.LOG
ProModule: Video Background --> C:\PROGRA~1\R-TECH~1\PROMOD~1\VIDEOB~1\UNWISE.EXE C:\PROGRA~1\R-TECH~1\PROMOD~1\VIDEOB~1\INSTALL.LOG
ProModule: Visualizations 1 --> C:\PROGRA~1\R-TECH~1\PROMOD~1\VISUAL~1\UNWISE.EXE C:\PROGRA~1\R-TECH~1\PROMOD~1\VISUAL~1\INSTALL.LOG
ProModule: Visualizations 2 --> C:\PROGRA~1\R-TECH~1\PROMOD~1\VISUAL~2\UNWISE.EXE C:\PROGRA~1\R-TECH~1\PROMOD~1\VISUAL~2\INSTALL.LOG
ProModule: Visualizations 3 --> C:\PROGRA~1\R-TECH~1\PROMOD~1\VISUAL~3\UNWISE.EXE C:\PROGRA~1\R-TECH~1\PROMOD~1\VISUAL~3\INSTALL.LOG
ProModule: Visualizations 4 --> C:\PROGRA~1\R-TECH~1\PROMOD~1\VISUAL~4\UNWISE.EXE C:\PROGRA~1\R-TECH~1\PROMOD~1\VISUAL~4\INSTALL.LOG
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Sansa Media Converter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56B810F8-1395-4471-9F7A-560AACF0CB2F}\Setup.exe" -l0x9
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Shockwave --> C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\Install.log
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SongShow Plus --> "C:\Program Files\R-Technics\SongShow Plus\bin\Uninstall.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SonicStage 3.4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SspSamples: Bible Atlas Images --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Images\BIBLEA~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Images\BIBLEA~1\INSTALL.LOG
SspSamples: Creative Interlude Sampler 2 --> C:\PROGRA~1\R-TECH~1\SONGSH~1\UNINST~1\CREATI~1\CREATI~1\UNWISE.EXE C:\PROGRA~1\R-TECH~1\SONGSH~1\UNINST~1\CREATI~1\CREATI~1\INSTALL.LOG
SspSamples: Digital Hotcakes --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Videos\DIGITA~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Videos\DIGITA~1\INSTALL.LOG
SspSamples: Digital Juice Images --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Images\DIGITA~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Images\DIGITA~1\INSTALL.LOG
SspSamples: Digital Juice Jumpbacks --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Videos\DIGITA~2\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Videos\DIGITA~2\INSTALL.LOG
SspSamples: Whitmer Photography --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Images\WHITME~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Images\WHITME~1\INSTALL.LOG
SspSamples: WorshipFilms --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Videos\WORSHI~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Videos\WORSHI~1\INSTALL.LOG
SspSamples: WorshipScapes Images --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Images\WORSHI~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Images\WORSHI~1\INSTALL.LOG
SspSamples: WorshipScapes Videos --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Videos\WORSHI~2\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Videos\WORSHI~2\INSTALL.LOG
Starshine Episode 1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73B3C57B-3ED7-40DB-A554-32EB5D35F84E}\setup.exe" -l0x9
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Tiger Woods PGA TOUR 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E91306C-899F-45F3-B5E9-4B480A27A63D}\Setup.exe" -l0x9 uninstallme
Verizon Online DSL --> "C:\WINDOWS\DSL\unins000.exe"
Verizon Online Help and Support --> C:\PROGRA~1\Verizon\UNWISE.EXE C:\PROGRA~1\Verizon\INSTALL.LOG
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Messenger --> MsiExec.exe /I{FCE50DB8-C610-4C42-BE5C-193F46C6F812}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WinZip Self-Extractor --> "C:\Program Files\WinZip Self-Extractor\wzipse32.exe" -uninstall
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
WordPerfect Office 11 --> MsiExec.exe /I{54F90B55-BEB3-4F0D-8802-228822FA5921}
Yahoo! extras --> C:\Program Files\Yahoo!\Common\unycust.exe /S
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Messenger Explorer Bar --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\YHEXBM~1.DLL
Yahoo! Photos Easy Upload Tool --> C:\Program Files\Yahoo!\Common\ydropper_uninst.exe /ylog=C:\PROGRA~1\Yahoo!\Photos\Uploader\install.log
Yahoo! Photos Print-at-Home Tool --> C:\WINDOWS\unins000.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type983 / Error
Event Submitted/Written: 09/29/2007 02:04:49 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 490030824.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.
Event Record #/Type981 / Error
Event Submitted/Written: 09/29/2007 02:04:40 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x023e6cfb.
Processing media-specific event for [explorer.exe!ws!]
Event Record #/Type979 / Error
Event Submitted/Written: 09/29/2007 02:01:34 PM
Event ID/Source: 1 / VBRuntime
Event Description:
The VB Application identified by the event source logged this Application MSICUU: Thread ID: 5148 ,Logged:
Success:
C:\Program Files\Windows Installer Clean Up\msizap.exe TW! {E659E0EE-10E6-49B7-8696-60F38D0EB174}
Event Record #/Type978 / Error
Event Submitted/Written: 09/29/2007 02:01:32 PM
Event ID/Source: 1 / VBRuntime
Event Description:
The VB Application identified by the event source logged this Application MSICUU: Thread ID: 5148 ,Logged:
Success:
C:\Program Files\Windows Installer Clean Up\msizap.exe TW! {7148F0A8-6813-11D6-A77B-00B0D0142000}
Event Record #/Type971 / Success
Event Submitted/Written: 09/24/2007 05:38:07 PM
Event ID/Source: 12001 / usnsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type4962 / Error
Event Submitted/Written: 09/29/2007 02:04:43 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
fwdrv
khips
SSI
Event Record #/Type4961 / Error
Event Submitted/Written: 09/29/2007 02:04:43 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The Bonjour Service service hung on starting.
Event Record #/Type4952 / Warning
Event Submitted/Written: 09/28/2007 01:20:10 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type4951 / Error
Event Submitted/Written: 09/28/2007 10:15:35 AM
Event ID/Source: 6161 / Print
Event Description:
Copy of October 07 ALL CLASSES.xlsHeatherHP DeskJet 710CNT EMF 1.00832768029334011\\NEWMAN0 (0x0)
Event Record #/Type4950 / Warning
Event Submitted/Written: 09/28/2007 10:01:12 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
-- End of Deckard's System Scanner: finished at 2007-09-29 14:11:57 ------------
-
Try the following
Open notepad and copy/paste the text in the quotebox below into it:
Don't use anything else than notepad or the script will not work
File::
c:\windows\system32\drivers\ssi.sys
c:\windows\system32\drivers\fwdrv.sys
c:\windows\system32\drivers\khips.sys
Folder::
C:\Program Files\MyWebSearchWB
C:\Program Files\AWS
C:\KAV
C:\Program Files\Error Expert
C:\Documents and Settings\Heather\Application Data\WeatherBug
C:\Rustbfix
c:\program files\ewido anti-malware
Driver::
fwdrv
khips
SSI
ewido security suite control
Save this as txtfile
CFScript
(http://img.photobucket.com/albums/v666/sUBs/CFScript.gif)
Take note the pic above
Drag CFScript.txt into ComboFix.exe
When finished, it shall produce a log for you, C:\ComboFix.txt..
Post that log back and let me know how things are running please
-
here's the report.
I'll follow with a post about how things are running
thanks, Heather
ComboFix 07-09-21.2 - "Heather" 2007-09-29 23:38:08.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.256 [GMT -7:00]
* Created a new restore point
FILE::
c:\windows\system32\drivers\ssi.sys
c:\windows\system32\drivers\fwdrv.sys
c:\windows\system32\drivers\khips.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Heather\Application Data\WeatherBug
C:\Documents and Settings\Heather\Application Data\WeatherBug\102x96_HurricaneCommandCenterWithFlag.jpg
C:\Documents and Settings\Heather\Application Data\WeatherBug\102x96_VZW.jpg
C:\Documents and Settings\Heather\Application Data\WeatherBug\102x96Verizon.jpg
C:\Documents and Settings\Heather\Application Data\WeatherBug\60_Generic2007_Summe_0807r.jpg
C:\Documents and Settings\Heather\Application Data\WeatherBug\60_Generic2007_Summer_Mask_0807.bmp
C:\Documents and Settings\Heather\Application Data\WeatherBug\Ebay_Apr07.jpg
C:\Documents and Settings\Heather\Application Data\WeatherBug\Ebay_Mask_Apr07.bmp
C:\Documents and Settings\Heather\Application Data\WeatherBug\nav_07182007.jpg
C:\Documents and Settings\Heather\Application Data\WeatherBug\topnav_Generic2007.jpg
C:\KAV
C:\KAV\KAV70\English\doc\kav7.0en.pdf
C:\KAV\KAV70\English\kav.en.msi
C:\KAV\KAV70\English\release_notes.html
C:\KAV\KAV70\English\setup.exe
C:\KAV\KAV70\English\setup.reg
C:\Program Files\AWS
C:\Program Files\AWS\WeatherBug\download.txt
C:\Program Files\AWS\WeatherBug\INSTALL.LOG
C:\Program Files\AWS\WeatherBug\Local\1px.gif
C:\Program Files\AWS\WeatherBug\Local\alert_failed.html
C:\Program Files\AWS\WeatherBug\Local\Background60.jpg
C:\Program Files\AWS\WeatherBug\Local\bot_default.html
C:\Program Files\AWS\WeatherBug\Local\bot_failed2.html
C:\Program Files\AWS\WeatherBug\Local\Bot_loading.gif
C:\Program Files\AWS\WeatherBug\Local\bot_loading.html
C:\Program Files\AWS\WeatherBug\Local\center_failed.html
C:\Program Files\AWS\WeatherBug\Local\center_loading.html
C:\Program Files\AWS\WeatherBug\Local\def_bot.gif
C:\Program Files\AWS\WeatherBug\Local\LeftNavbar60.JPG
C:\Program Files\AWS\WeatherBug\Local\MiniReg.jpg
C:\Program Files\AWS\WeatherBug\Local\skinmask60.bmp
C:\Program Files\AWS\WeatherBug\Local\TopNavbar60.JPG
C:\Program Files\AWS\WeatherBug\Local\vssver.scc
C:\Program Files\AWS\WeatherBug\Local\WBug_Loading.gif
C:\Program Files\AWS\WeatherBug\Local\weather_window_loading.gif
C:\Program Files\AWS\WeatherBug\Local\WxBug.gif
C:\Program Files\AWS\WeatherBug\Local\wxbuglogo_hor.gif
C:\Program Files\AWS\WeatherBug\Local\WxWindow_failed.html
C:\Program Files\AWS\WeatherBug\Local\WxWindow_loading.html
C:\Program Files\AWS\WeatherBug\Local\WxWindow_noconnection.gif
C:\Program Files\Error Expert
C:\Program Files\Error Expert\Backup\Automatic Backup_09-13-2007_21-54-48.reg
c:\program files\ewido anti-malware
c:\program files\ewido anti-malware\danish.mo
c:\program files\ewido anti-malware\hungarian.mo
c:\program files\ewido anti-malware\s.dat
c:\program files\ewido anti-malware\serbian.mo
c:\program files\ewido anti-malware\t.dat
C:\Program Files\MyWebSearchWB
C:\Program Files\MyWebSearchWB\bar\1.bin\W6FFXTBR.JAR
C:\Program Files\MyWebSearchWB\bar\1.bin\W6NTSTBR.JAR
C:\Program Files\MyWebSearchWB\bar\Cache0034E31.bin
C:\Program Files\MyWebSearchWB\bar\Cache02069BA.bin
C:\Program Files\MyWebSearchWB\bar\Cache3060E43
C:\Program Files\MyWebSearchWB\bar\Cache3061122
C:\Program Files\MyWebSearchWB\bar\Cache306146D.bin
C:\Program Files\MyWebSearchWB\bar\Cache3061681.bin
C:\Program Files\MyWebSearchWB\bar\Cache3062863.bin
C:\Program Files\MyWebSearchWB\bar\Cache321ABE7.bin
C:\Program Files\MyWebSearchWB\bar\Cache4E5449B.bin
C:\Program Files\MyWebSearchWB\bar\Cache8178CD5.bin
C:\Program Files\MyWebSearchWB\bar\History\search
C:\Program Files\MyWebSearchWB\bar\Settings\prevcfg.htm
C:\Rustbfix
C:\Rustbfix\1run.bat
C:\Rustbfix\2run.bat
C:\Rustbfix\avenger.exe
C:\Rustbfix\chkrustb.bat
C:\Rustbfix\LS.exe
C:\Rustbfix\pelog.txt
C:\Rustbfix\SF.exe
C:\Rustbfix\streamtools.zip
C:\Rustbfix\swreg.exe
C:\Rustbfix\tmp1.txt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_EWIDO_SECURITY_SUITE_CONTROL
-------\LEGACY_FWDRV
-------\LEGACY_KHIPS
-------\LEGACY_SSI
-------\ewido security suite control
-------\fwdrv
-------\khips
-------\SSI
((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-30 )))))))))))))))))))))))))))))))
.
2007-09-29 14:07 <DIR> d-------- C:\Deckard
2007-09-28 23:49 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2007-09-28 23:49 <DIR> d-------- C:\Program Files\MSECACHE
2007-09-26 23:55 <DIR> d-------- C:\DOCUME~1\Heather\APPLIC~1\Move Networks
2007-09-20 22:25 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-09-20 22:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-09-20 22:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-09-14 00:31 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-13 23:32 76,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-09-13 22:34 <DIR> d-------- C:\DOCUME~1\Heather\.housecall6.6
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-23 22:05 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-09-13 19:33 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-09-13 19:22 --------- d-------- C:\Program Files\Rhapsody
2007-09-13 18:49 --------- d-------- C:\Program Files\Real
2007-09-13 18:47 --------- d-------- C:\DOCUME~1\Heather\APPLIC~1\Real
2007-09-08 23:59 --------- d-------- C:\DOCUME~1\Heather\APPLIC~1\U3
2007-08-16 00:10 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
2007-08-13 15:18 --------- d-------- C:\DOCUME~1\Heather\APPLIC~1\Ahead
2007-08-13 15:07 --------- d-------- C:\Program Files\Common Files\LightScribe
2007-08-13 15:00 --------- d-------- C:\Program Files\Common Files\Ahead
2007-08-13 14:57 --------- d-------- C:\Program Files\Nero
2007-08-13 14:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-08-12 06:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
2007-08-12 06:56 --------- d-------- C:\Program Files\Verizon
2007-02-20 12:51 439296 --a------ C:\DOCUME~1\Heather\GoToAssist_phone__317_en.exe
2007-02-17 21:07 8 --a------ C:\DOCUME~1\Heather\APPLIC~1\usb.dat.bin
2006-02-19 04:28 12288 --a------ C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((( snapshot_2007-09-21_230848.79 )))))))))))))))))))))))))))))))))))))))))
.
-c----w 414,208 2006-10-19 04:47:16 C:\WINDOWS\$NtUninstallKB929399$\msscp.dll
-c----w 213,216 2005-06-28 17:23:26 C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 17:23:54 C:\WINDOWS\$NtUninstallKB929399$\spuninst\updspapi.dll
-c----w 10,834,432 2006-10-19 04:47:20 C:\WINDOWS\$NtUninstallKB936782_WMP11$\wmp.dll
-c----w 213,216 2005-06-28 17:23:26 C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 17:23:54 C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\updspapi.dll
-c----w 315,904 2006-11-02 01:31:34 C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe
-c----w 213,216 2005-06-28 17:23:26 C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 17:23:54 C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi.dll
----a-w 317,440 2007-06-27 05:10:26 C:\WINDOWS\INF\unregmp2.exe
----a-w 414,720 2006-12-04 23:21:50 C:\WINDOWS\SYSTEM32\msscp.dll
----a-w 10,834,944 2007-06-12 06:51:12 C:\WINDOWS\SYSTEM32\wmp.dll
----a-w 414,720 2006-12-04 23:21:50 C:\WINDOWS\SYSTEM32\DLLCACHE\msscp.dll
----a-w 317,440 2007-06-27 05:10:26 C:\WINDOWS\SYSTEM32\DLLCACHE\unregmp2.exe
----a-w 10,834,944 2007-06-12 06:51:12 C:\WINDOWS\SYSTEM32\DLLCACHE\wmp.dll
.
----a-w 315,904 2006-11-02 01:31:34 C:\WINDOWS\INF\unregmp2.exe
----a-w 414,208 2006-10-19 04:47:16 C:\WINDOWS\SYSTEM32\msscp.dll
----a-w 10,834,432 2006-10-19 04:47:20 C:\WINDOWS\SYSTEM32\wmp.dll
----a-w 414,208 2006-10-19 04:47:16 C:\WINDOWS\SYSTEM32\DLLCACHE\msscp.dll
----a-w 315,904 2006-11-02 01:31:34 C:\WINDOWS\SYSTEM32\DLLCACHE\unregmp2.exe
----a-w 10,834,432 2006-10-19 04:47:20 C:\WINDOWS\SYSTEM32\DLLCACHE\wmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 18:12]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 10:50 C:\WINDOWS\LOGI_MWX.EXE]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-17 00:24]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 14:37]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 15:24]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
DESKTOP.INI [2002-09-03 07:00:00]
C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]
C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]
C:\DOCUME~1\Heather\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]
C:\DOCUME~1\Tim\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
S3 VisorUsb;Handspring USB;C:\WINDOWS\system32\DRIVERS\VisorUsb.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{409de366-aeb2-11db-b001-000cf1e5dee4}]
AutoRun\command- G:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-09-27 00:13:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2004-04-17 03:57:12 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
"2007-01-02 03:58:06 C:\WINDOWS\Tasks\WebReg .job"
- C:\Program Files\HP\digital imaging\bin\hpqwrg.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2007-09-29 23:45:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-29 23:47:15 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-29 23:47
C:\ComboFix2.txt ... 2007-09-24 01:51
C:\ComboFix3.txt ... 2007-09-21 23:09
.
--- E O F ---
-
ok, Java finally installed correctly (seemingly)
Rhapsody is still completely inaccessable, I was hoping that I didn't have to uninstall and loose the music I currently have in there
Kerio still shows up as running in windows security center. (die Kerio die!!!!)
other than that things seem pretty good, one little thing that bugs me is that the internet explorer icon will not load onto the start panel like everything else that I access regularly does. quite bothersome as that is where I like to load from (habit)
how do things look from your perspective?
-
Rhapsody is still completely inaccessable
What is the location of your music files?
Can you copy/paste them to another folder as backup??
Kerio still shows up as running in windows security center
Try another step
Download and unzip to it's own folder
Regseeker 1.55 (http://\"http://www.hoverdesk.net/freeware.htm\")
Don't run it yet
Reboot into safe mode and sign in with your account
Run RegSeeker.exe from the extracted folder
click the "Clean Registry" button
Ensure "Backup before Deletion" is selected>>It should be by default
Then click "Auto Clean"
Click GO!
Follow prompts, don't worry about NO CD disk error if you get one, just cancel it out
Reboot back to Normal windows and see if Kerio is finally gone
-
regseeker seems to be stalling on me, it goes through a process and cleans the stuff it finds, then it has a pop up window that only says "ok" I tried clicking ok and also x-ing out of the box, either way the area that tells what is happening says startup clean but it dosen't do anything.
Kerio is still there and dow I get an error pop up every so often that says "intel®PROset resources are not available"
what else do you have in that big bag of tricks of yours?
-
Try navigating to this file
C:\WINDOWS\SYSTEM32\PRApplet.cpl
Right click on PRApplet.cpl and Rename it too PRApplet.old
Try running Regseeker in this fashion
Run RegSeeker.exe from the extracted folder
click the "Clean Registry" button
Ensure "Backup before Deletion" is selected>>It should be by default
Then click "OK">>Don't use Autoclean this time
When done click SELECT at the bottom>>Select All
Right click and select>Delete Selected items
Reboot>>Reboot regardless whether you got Regseeker to run or not
Let me know how things are afterwards
Does the other user profile on this computer have the same problems as yourself?
-
no changes other than the "intel®PROset resources are not available" alert has not shown up again.
there is no other user profile in regular mode. in safe mode there shows an administrator profile but I have never used it. I still cannot use keyboard in safe mode.
Kerio is still showing as running and inaccesable.
-
Are you willing to try a repair install or clean install, this is taking too long and should of been fixed by now, but your problems seem to be adding up?
I still cannot use keyboard in safe mode.
Are you sure you have a PS2 keyboard? not a USB, does it have a purple end leading into the computer?
Try this for Kerio
Download this uninstaller from this location and save too desktop
http://www.sunbelt-software.com/ihs/SKPFClean.4.3.exe (http://\"http://www.sunbelt-software.com/ihs/SKPFClean.4.3.exe\")
run it and reboot afterwards, still problems with Kerio?