Post by: scrappingmama on October 25, 2008, 11:08:38 PM
My IE browser now keeps getting reset to Google and any time I try go to directly to any of the Spyware, Malware, Symantec, HijackThis sites it goes to "Page cannot be displayed". I have tried to launch HiJackThis from my system because I have the executable from a previous time but it won't launch. AdAware can't get the latest definitions.
If I try to search for any of the spyware, malware, etc sites from google or yahoo it shows them to me but I can't click into them. I could get to Microsoft for the Defender but when I tried to download it wouldn't let me. I seem to be able to get to any sites that won't provide protection for my system.
How can I correct the issue if my system is keeping me from protecting.
Based on a previous post, I'm going to use one of my other computers to change all of my online banking passwords right now.
OMG - I was just trying to back up some of my recent files and I have found the MS Money, MS Word, MS Excel, etc. have all been deleted!
Post by: guestolo on October 25, 2008, 11:16:10 PM
Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color] (http://\"http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe\")
For an alternate download location, you can try HERE (http://\"http://fileforum.betanews.com/detail/HijackThis/1071179190/1\")
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install
Hijackthis v2.0.2 will open
Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum----It is all important!
Post by: scrappingmama on October 26, 2008, 12:14:04 AM
I was able to get to the alternate at FileForum but when I click to download HiJackThis and it takes be to the download page, I get a Page not Displayed again. --http://fileforum.betanews.com/sendfile/1071179190/1/1224999672.f102cbc56e32c75f0779376040756ea6e8782097/HJTInstall.exe
I copied the executable to CD from one of my other computers and tried to run it from CD but that won't run either. I have the executable already on the infected computer as well, but that won't run either. I even tried to run it from the Command Prompt but no go.
I don't know if it means anything but earlier it kept trying to install AntiSpywareXP2009 like it was a Windows app. It seems to have been successful. I could not remove it no matter what I did, so it is sitting out there.
It kept trying to do what looked like a Windows install of something called "Status" and other "Windows" installs. I decided it was best to take it off my network and I even decided to shut it down. This was against my better judgement but I had done it once already earlier and it was looking more and more like it was hosed. As it was trying to shut down, it started freezing up and desktop icons started getting replaced by the generic 'software not found' icon. I finally just pulled the plug. I hope this didn't infect my other computers and I'm hopeful that I can still save this one. :-(
I have disconnected the computer from the network and rebooted it in safe mode. I still could not run HijackThis from any of the locations.
I have backed up file by file (not directories) but it appears I have lost all of my MS executables and my MS Money files (except my back up which was in a different directory).
Post by: guestolo on October 26, 2008, 09:57:38 AM
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it and transfer it to the infected computers desktop
While your at it
download Malwarebytes' Anti-Malware from Here (http://\"http://www.besttechie.net/tools/mbam-setup.exe\") or Here (http://\"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html\")
Save the installer to the infected computer's desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
By default it will save a copy to C:\Combofix.txt
I'll need to see this log later
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Afterwards:
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
NOTE: I know you may not be able to update MBAM Immediately, do what you can from the above
Let me know of any problems later
With the MBAM log also post the log from ComboFix
Post by: scrappingmama on October 26, 2008, 12:42:02 PM
I also tried to run it in safe mode just for the heck of it. Still no go.
Post by: guestolo on October 26, 2008, 01:29:24 PM
Post by: scrappingmama on October 26, 2008, 01:44:32 PM
I went ahead and started the full scan and it is scanning now (another Yeah!). So far it says 20 objects infected and it has only been running for 5 minutes. I will report back with everything you ask for after it is done.
Thank you so much for all of your help.
By the way, every time I restart it says my SQL is messed up and Windows installer starts. It is trying to install TrayApp but can't find the msi file. I click cancel but it just keeps going in an infinite loop. I final quit use the Task Manager.
Also, that darn "Your Computer is Infected" keeps popping up. It is that fake Antispyware garbage.
Post by: guestolo on October 26, 2008, 01:52:07 PM
When done, post the log from MBAM and also try and run Hijackthis and post it's log too
Post by: scrappingmama on October 26, 2008, 02:56:51 PM
MBAM
Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 2
10/26/2008 3:25:45 PM
mbam-log-2008-10-26 (15-25-45).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 205082
Time elapsed: 56 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 20
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 15
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\antispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\antispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\AntiSpywareXP2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\Uninstall.exe (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wini10802.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareXP2009.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\kodofufowe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Cookies\wila.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
Post by: scrappingmama on October 26, 2008, 03:00:51 PM
Here is the HJT log -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:31:58 PM, on 10/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab (http://\"http://www1.snapfish.com/SnapfishActivia.cab\")
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - https://cim.accenture.com/system/web/view/l...g/ie/SecMgr.cab (http://\"https://cim.accenture.com/system/web/view/live/messaging/ie/SecMgr.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409226343 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218409226343\")
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (http://\"http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409212234 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218409212234\")
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (http://\"https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab\")
O16 - DPF: {B33422AC-C567-4F7D-BB28-6583371EC4EE} (Microsoft CMS HTML Editor) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/NRDHtml.cab (http://\"https://portal.accenture.com/NAVIGATOR/CMS/WebAuthor/Client/PlaceholderControlSupport/NRDHtml.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (http://\"http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab\")
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab (http://\"http://a.download.toontown.com/sv1.0.15.44/ttinst.cab\")
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://amr1-extranet.accenture.com/dana-ca...perSetupSP1.cab (http://\"https://amr1-extranet.accenture.com/dana-cached/setup/JuniperSetupSP1.cab\")
O16 - DPF: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} (Microsoft CMS HTML Editor Toolbar) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/nrdhtml.cab (http://\"https://portal.accenture.com/NAVIGATOR/CMS/WebAuthor/Client/PlaceholderControlSupport/nrdhtml.cab\")
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O20 - AppInit_DLLs: karna.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Unknown owner - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (file missing)
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
--
End of file - 8837 bytes
Post by: guestolo on October 26, 2008, 03:08:20 PM
Is it outdated? Or is it corrupt?
We'll deal with it later
Can you do the following
Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< (http://\"http://images.malwareremoval.com/random/RSIT.exe\") and save it to your desktop.
- Double click on RSIT.exe to launch program.
- Click Continue at the disclaimer screen.
- Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
- Once it has finished, two logs will open: log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].
**I must step out for about an hour, I'll review those logs when I get back
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: scrappingmama on October 26, 2008, 03:23:04 PM
I ran RSIT but it only produced a log.txt file. I waited for a while and it still didn't produce the other and it wasn't minimized. I tried it twice. I found it on the C drive though. :-)
I will be stepping away for an hour or so as well. Thanks again.
Here is the content of the log.txt file.
Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-10-26 15:57:41
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 35 GB (32%) free of 109 GB
Total RAM: 959 MB (68% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:42 PM, on 10/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab (http://\"http://www1.snapfish.com/SnapfishActivia.cab\")
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - https://cim.accenture.com/system/web/view/l...g/ie/SecMgr.cab (http://\"https://cim.accenture.com/system/web/view/live/messaging/ie/SecMgr.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409226343 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218409226343\")
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (http://\"http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409212234 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218409212234\")
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (http://\"https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab\")
O16 - DPF: {B33422AC-C567-4F7D-BB28-6583371EC4EE} (Microsoft CMS HTML Editor) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/NRDHtml.cab (http://\"https://portal.accenture.com/NAVIGATOR/CMS/WebAuthor/Client/PlaceholderControlSupport/NRDHtml.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (http://\"http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab\")
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab (http://\"http://a.download.toontown.com/sv1.0.15.44/ttinst.cab\")
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://amr1-extranet.accenture.com/dana-ca...perSetupSP1.cab (http://\"https://amr1-extranet.accenture.com/dana-cached/setup/JuniperSetupSP1.cab\")
O16 - DPF: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} (Microsoft CMS HTML Editor Toolbar) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/nrdhtml.cab (http://\"https://portal.accenture.com/NAVIGATOR/CMS/WebAuthor/Client/PlaceholderControlSupport/nrdhtml.cab\")
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O20 - AppInit_DLLs: karna.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Unknown owner - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (file missing)
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
--
End of file - 8816 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Easy Internet Sign-up.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"VTTimer"=C:\WINDOWS\System32\VTTimer.exe [2005-03-08 53248]
"vptray"=C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe [2002-07-30 77824]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe [2006-12-15 75520]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\point32.exe [2005-03-23 217088]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe -atboottime []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe [2004-05-20 856064]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\System32\igfxsrvc.dll [2003-04-07 315392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\System32\NavLogon.dll [2002-07-30 45056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\System32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"=C:\Program Files\ewido\security suite\shellhook.dll [2004-09-30 39488]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Palm\HOTSYNC.EXE"="C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Disabled:BearShare"
"C:\Program Files\Southwest Airlines\Ding\Ding.exe"="C:\Program Files\Southwest Airlines\Ding\Ding.exe:*:Disabled:DING!"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Disabled:EasyShare"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9748cf25-b2a6-11dc-b0ef-000ea6306fee}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/keylauncher/?code=3654261420322001 (http://\"http://www.mgae.com/keylauncher/?code=3654261420322001\")
======List of files/folders created in the last 1 months======
2008-10-26 15:57:28 ----D---- C:\rsit
2008-10-26 15:31:48 ----D---- C:\Program Files\Trend Micro
2008-10-26 14:13:29 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-26 14:13:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-26 14:13:24 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-26 02:18:36 ----D---- C:\Program Files\Microsoft ActiveSync
2008-10-26 02:18:31 ----D---- C:\Program Files\Common Files\Designer
2008-10-26 02:18:17 ----D---- C:\Program Files\Common Files\ODBC
2008-10-26 01:57:40 ----A---- C:\SDFix.exe
2008-10-25 22:53:20 ----A---- C:\Documents and Settings\Owner\Application Data\aqixikixyd.dll
2008-10-25 22:53:19 ----A---- C:\Documents and Settings\All Users\Application Data\voweva.vbs
2008-10-25 17:13:13 ----A---- C:\WINDOWS\system32\koda.bat
2008-10-25 17:13:13 ----A---- C:\WINDOWS\nyfupa.vbs
2008-09-29 14:41:54 ----D---- C:\Program Files\iTunes
2008-09-29 14:41:54 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-29 14:39:56 ----D---- C:\Program Files\Bonjour
======List of files/folders modified in the last 1 months======
2008-10-26 15:31:58 ----D---- C:\WINDOWS\Prefetch
2008-10-26 15:31:48 ----AD---- C:\Program Files
2008-10-26 15:30:25 ----D---- C:\WINDOWS\Temp
2008-10-26 15:29:28 ----D---- C:\HJT
2008-10-26 15:27:21 ----D---- C:\WINDOWS\system32\drivers
2008-10-26 15:27:21 ----D---- C:\WINDOWS\system32
2008-10-26 15:27:20 ----D---- C:\WINDOWS
2008-10-26 15:26:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-26 15:25:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-26 15:25:46 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-26 14:11:20 ----SHD---- C:\WINDOWS\Installer
2008-10-26 14:11:20 ----HD---- C:\Config.Msi
2008-10-26 13:33:16 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-26 02:18:43 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-26 02:18:31 ----D---- C:\Program Files\Common Files
2008-10-26 02:18:22 ----D---- C:\Program Files\Microsoft Office
2008-10-25 23:36:34 ----D---- C:\Program Files\Wal-Mart Music Downloads Store
2008-10-25 23:20:09 ----D---- C:\Program Files\Windows NT
2008-10-25 23:20:09 ----D---- C:\Program Files\Windows Media Player
2008-10-25 23:19:41 ----D---- C:\Program Files\THQ
2008-10-25 23:19:35 ----D---- C:\Program Files\sz8032
2008-10-25 23:19:35 ----D---- C:\Program Files\sz8022
2008-10-25 23:19:32 ----D---- C:\Program Files\Scholastic
2008-10-25 23:19:32 ----D---- C:\Program Files\RecordNow!
2008-10-25 23:19:29 ----D---- C:\Program Files\QuickTime
2008-10-25 23:19:24 ----D---- C:\Program Files\Print Workshop 2004 LE
2008-10-25 23:19:20 ----D---- C:\Program Files\Outlook Express
2008-10-25 23:19:09 ----D---- C:\Program Files\NetMeeting
2008-10-25 23:18:21 ----D---- C:\Program Files\Movie Maker
2008-10-25 23:18:12 ----D---- C:\Program Files\Microsoft Works
2008-10-25 23:18:12 ----D---- C:\Program Files\Microsoft Visual Studio 8
2008-10-25 23:18:04 ----D---- C:\Program Files\Microsoft SQL Server
2008-10-25 23:18:04 ----D---- C:\Program Files\Microsoft Plus! Digital Media Edition
2008-10-25 23:18:01 ----D---- C:\Program Files\Microsoft IntelliPoint
2008-10-25 23:18:00 ----D---- C:\Program Files\Lavasoft
2008-10-25 23:17:52 ----D---- C:\Program Files\Juniper Networks
2008-10-25 23:17:49 ----D---- C:\Program Files\Java
2008-10-25 23:17:35 ----D---- C:\Program Files\Internet Explorer
2008-10-25 23:17:31 ----D---- C:\Program Files\ItsDeductibleEX
2008-10-25 23:17:31 ----D---- C:\Program Files\ItsDeductible2006
2008-10-25 23:17:30 ----D---- C:\Program Files\ItsDeductible2005
2008-10-25 23:17:30 ----D---- C:\Program Files\iPod
2008-10-25 23:17:30 ----D---- C:\Program Files\Iomega
2008-10-25 23:17:29 ----D---- C:\Program Files\IntelliMover Data Transfer Demo
2008-10-25 23:17:27 ----D---- C:\Program Files\Infogrames Interactive
2008-10-25 23:17:22 ----D---- C:\Program Files\HP
2008-10-25 23:17:11 ----D---- C:\Program Files\Hewlett-Packard
2008-10-25 23:17:09 ----D---- C:\Program Files\Hasbro Interactive
2008-10-25 23:16:48 ----D---- C:\Program Files\Common Files\System
2008-10-25 23:16:24 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-25 23:15:56 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-25 23:15:46 ----D---- C:\Program Files\Common Files\Apple
2008-10-25 23:15:46 ----D---- C:\Program Files\Common Files\Adobe
2008-10-25 23:12:28 ----D---- C:\Program Files\Adobe
2008-10-25 23:07:16 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-10-25 08:33:54 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-20 14:25:49 ----D---- C:\Documents and Settings\Owner\Application Data\AirSet Desktop Sync
2008-10-14 19:23:24 ----A---- C:\WINDOWS\EUCHRE~1.INI
2008-09-29 19:53:20 ----D---- C:\WINDOWS\system32\FxsTmp
2008-09-29 14:42:21 ----HD---- C:\WINDOWS\inf
2008-09-29 14:42:20 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-29 14:37:11 ----SD---- C:\WINDOWS\Tasks
2008-09-29 08:05:15 ----D---- C:\WINDOWS\.jagex_cache_32
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-04-11 10624]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2002-08-29 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2002-08-29 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 dsNcAdpt;Juniper Network Connect Adapter; C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-04-10 23552]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 45568]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-07-02 652497]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2004-01-20 28256]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-03-15 20352]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2002-07-30 23808]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2005-03-08 172544]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2007-04-16 194362]
S2 ltmdmntc;ltmdmntc; \??\C:\WINDOWS\System32\drivers\ltmdmntc.sys []
S2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys []
S2 NAVAPEL;NAVAPEL; \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS []
S2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\System32\DRIVERS\nvcap.sys [2003-07-30 126348]
S2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2003-07-30 13006]
S2 W55U01;WINBOND W55U01 USB; C:\WINDOWS\System32\Drivers\W55U01.sys [2005-08-12 15232]
S2 X4HS32;X4HS32; \??\C:\Program Files\EXEtender\X4HS32.Sys []
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 BulkUsb;Usbscan.Sys; C:\WINDOWS\System32\Drivers\usbscan.sys [2004-08-04 15104]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2003-01-16 41984]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NAVAP;NAVAP; \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys []
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081018.004\NAVENG.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081018.004\NAVEX15.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-04 166912]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-05-06 394752]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SQTECH905C;ViviCam 35; C:\WINDOWS\System32\Drivers\Capt905c.sys [2005-01-25 33307]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2005-04-05 11512]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2005-04-05 173208]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2005-04-05 36984]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050303.027\symidsco.sys []
S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2005-04-05 47192]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]
S3 USBIO;USBIO Driver (usbio.sys); C:\WINDOWS\System32\Drivers\usbio.sys [2001-05-07 19805]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-04 5504]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk; C:\Program Files\Iomega\AutoDisk\ADService.exe [2002-09-24 151552]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 dsNcService;Juniper Network Connect Service; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [2007-04-10 407136]
R2 ewido security suite control;ewido security suite control; C:\Program Files\ewido\security suite\ewidoctrl.exe [2004-11-11 16448]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 Iomega App Services;Iomega App Services; C:\PROGRA~1\Iomega\System32\AppServices.exe [2002-09-04 73728]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S2 DefWatch;DefWatch; C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe []
S2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S2 Norton AntiVirus Server;Symantec AntiVirus Client; C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe []
S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-08-19 77824]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE []
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe []
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe []
S4 Iomega Activity Disk2;Iomega Activity Disk2; []
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe []
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
-----------------EOF-----------------
Post by: scrappingmama on October 26, 2008, 03:27:12 PM
======Uninstall list======
"Doras Carnival Adventure (remove only)" -->"C:\Program Files\Doras Carnival Adventure\Uninstall.exe"
"Nick Video Jigsaw Jam (remove only)" -->"C:\Program Files\Nick Video Jigsaw Jam\Uninstall.exe"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
3D Groove Playback Engine-->RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
Action Replay Code Manager-->"C:\Program Files\Datel\Action Replay Code Manager\unins000.exe"
Active Disk-->C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\AutoDisk\uninstal.log
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Download Manager 2.2 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Album Starter Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{483616D1-867E-46F8-BEC7-3C6475933908}\apxp.ex_" -l0x9
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adventures of Bleeposaurus (remove only)-->"C:\Program Files\Adventures of Bleeposaurus\Uninstall.exe"
AirSet Desktop Sync-->MsiExec.exe /X{AF17B317-2255-450F-8D01-8FFDB68EFD30}
Alphabet Express-->C:\WINDOWS\unvise.exe C:\Program Files\sz8001\uninstal.log
Amazing Windows XP Screen Saver 1.2-->C:\WINDOWS\unins001.exe
American Greetings® CreataCard® Silver 5-->C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\BRODER~1\AGCREA~1\DeIsL1.isu" -c"C:\PROGRA~1\BRODER~1\AGCREA~1\psfinst.dll"
Anark Client 1.0-->C:\Program Files\Anark\Client\AMInstal.exe -uninstall
Ancient Hearts & Spades-->"C:\Program Files\Oberon Media\Ancient Hearts & Spades\Uninstall.exe" "C:\Program Files\Oberon Media\Ancient Hearts & Spades\install.log"
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D90CE-5EF0-4D19-96C5-4C75C2842536}\Setup.exe" -l0x9
Barbie ® as Princess Bride (tm)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Mattel Interactive\Barbie ®\Barbie ® as Princess Bride (tm)\Uninst.isu"
Big Kahuna Reef-->"C:\Program Files\MSN Games\Big Kahuna Reef\Uninstall.exe" "C:\Program Files\MSN Games\Big Kahuna Reef\install.log"
Bleeposaurus 2: Dragonfire (remove only)-->"C:\Program Files\Bleeposaurus 2 Dragonfire\Uninstall.exe"
Boggle (remove only)-->"C:\Program Files\iWin.com\Boggle\Uninstall.exe"
Boggle-->C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL2.isu
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
BOSS Fonts Manager-->C:\WINDOWS\IsUninst.exe -fC:\BOSSFonts\Uninst.isu
Bricks of Atlantis-->"C:\Program Files\MSN Games\Bricks of Atlantis\Uninstall.exe" "C:\Program Files\MSN Games\Bricks of Atlantis\install.log"
Candy Land - Dora the Explorer Edition-->C:\PROGRA~1\NICKJR~1.ARC\CANDYL~1\UNWISE.EXE C:\PROGRA~1\NICKJR~1.ARC\CANDYL~1\INSTALL.LOG
Card Classics-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Galaxy of Games\Card Classics\DeIsL1.isu" -c"C:\Program Files\Galaxy of Games\Card Classics\_ISREG32.DLL"
CatDog-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\CatDog\Uninst.isu"
CDBurnerXP Pro 3-->MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
Centipede-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Centipede\CentUnin.isu"
Chaotic-->MsiExec.exe /I{D1BA4778-61DB-4405-AD57-03C939080E19}
Charm Solitaire-->"C:\Program Files\Oberon Media\Charm Solitaire\Uninstall.exe" "C:\Program Files\Oberon Media\Charm Solitaire\install.log"
CK Creative Clips and Fonts Sampler-->C:\CKBROW~1\UNWISE.EXE C:\CKBROW~1\CKCreativeClipsBoys.LOG
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Compaq Connections-->C:\WINDOWS\BWUnin-6.2.3.66L.exe -AppId 1940576
Compaq Instant Support-->C:\PROGRA~1\COMPAQ~2\UNWISE.EXE C:\PROGRA~1\COMPAQ~2\INSTALL.LOG
Compaq Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
Corel Applications-->C:\WINDOWS\Corel\Uninst32.exe
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Danny Phantom Ghost Sweep (remove only)-->"C:\Program Files\Danny Phantom Ghost Sweep\Uninstall.exe"
DesignPro 5.4 Limited Edition-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}
Diego`s Dinosaur Adventure (remove only)-->C:\Program Files\Diego`s Dinosaur Adventure\Uninstall.exe
Diner Dash-->"C:\Program Files\MSN Games\Diner Dash\Uninstall.exe" "C:\Program Files\MSN Games\Diner Dash\install.log"
DING!-->MsiExec.exe /X{84031A18-BA9A-4156-A74F-E05B52DDFCE2}
Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\system32\OggDSuninst.exe"
Disney/Pixar's Buzz Lightyear 2nd Grade-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Disney Interactive\Buzz Lightyear 2nd Grade\DeIsL1.isu" -c"C:\Program Files\Disney Interactive\Buzz Lightyear 2nd Grade\Saved Games\Uninst.dll
Disney's Mickey Mouse Preschool-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Disney Interactive\Mickey Mouse Preschool\DeIsL1.isu" -c"C:\Program Files\Disney Interactive\Mickey Mouse Preschool\Saved Games\Uninst.dll
Disney's Phonics Quest-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB79F660-2822-11D5-B232-0050DACD394D}\setup.exe" Uninstall
Disney's Ready for Math with Pooh-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Disney Interactive\Ready for Math with Pooh\DeIsL1.isu" -c"C:\Program Files\Disney Interactive\Ready for Math with Pooh\Uninst.dll
Disney's Toontown Online-->C:\PROGRA~1\Disney\DISNEY~1\Toontown\UNWISE.EXE /A C:\PROGRA~1\Disney\DISNEY~1\Toontown\INSTALL.LOG
Disney's Winnie the Pooh Preschool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09E26120-0322-11D5-B231-0050DACD394D}\setup.exe" Uninstall
Dora Backpack-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D859D35F-E947-4F2A-8591-C76A4D116178}\setup.exe" -l0x9 -uninst
Dora Knows Your Name-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A887B90-4DD1-492F-924F-FB27BC8C4D71}\setup.exe" -l0x9 -removeonly
Dora Lost City-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{747C231B-062D-4586-8221-8E7870987D5B}\setup.exe" -l0x9 -uninst
Dora the Explorer Screen Saver-->C:\WINDOWS\Dora the Explorer.scr /u
Dora`s Magic Castle (remove only)-->C:\Program Files\Dora`s Magic Castle\Uninstall.exe
Doras Rapido River Rafting Race (remove only)-->"C:\Program Files\Doras Rapido River Rafting Race\Uninstall.exe"
Doras Star Catching Game (remove only)-->"C:\Program Files\Doras Star Catching Game\Uninstall.exe"
Dora's World Adventure-->C:\PROGRA~1\NICKJR~1.ARC\DORA'S~1\UNWISE.EXE C:\PROGRA~1\NICKJR~1.ARC\DORA'S~1\INSTALL.LOG
Dream Vacation Solitaire-->"C:\Program Files\Email Removed\Dream Vacation Solitaire\Uninstall.exe" "C:\Program Files\Email Removed\Dream Vacation Solitaire\install.log"
Drop Heads (remove only)-->"C:\Program Files\Drop Heads\Uninstall.exe"
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0613467F-A45E-4CB1-9ECE-1F3DD79FB927} /l1033
ebgcInfra-->MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24}
ebgcRes-->MsiExec.exe /X{B0ED2820-A422-49C9-A5C7-9A0E97EB4904}
ebgcRes-->MsiExec.exe /X{F0CB1B5B-39B6-464C-9B46-2C3821B2659D}
ebgcSDK-->MsiExec.exe /X{28E7B64D-150F-4A9E-B7A3-5A6AC8C2F822}
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
ewido security suite-->C:\Program Files\ewido\security suite\Uninstall.exe
EXEtender Player-->"C:\Program Files\EXEtender\Uninstall.exe"
FA Addition Subtraction-->C:\WINDOWS\unvise32.exe C:\Program Files\sz8022\uninstal.log
Fairly Odd Parents - Big Super Hero Wish (remove only)-->"C:\Program Files\Fairly Odd Parents - Big Super Hero Wish\Uninstall.exe"
Fairly Odd Parents Information Stupor Highway (remove only)-->"C:\Program Files\Fairly Odd Parents Information Stupor Highway\Uninstall.exe"
FamilyFeudOnlineParty (remove only)-->"C:\Program Files\iWin.com\FamilyFeudOnlineParty\Uninstall.exe"
Fatman Adventures 2 (remove only)-->"C:\Program Files\Fatman Adventures 2\Uninstall.exe"
Feeding Frenzy (remove only)-->"C:\Program Files\Feeding Frenzy\Uninstall.exe"
Garmin Communicator Plugin-->MsiExec.exe /X{14C9AE19-4254-4280-ACD3-E159231DC2CD}
Google Earth-->MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Gutterball-->C:\PROGRA~1\SHOCKW~1.COM\GUTTER~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\GUTTER~1\INSTALL.LOG
Halloween Screen Saver-->C:\WINDOWS\Halloween.scr /u
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Holiday Snowflakes Screen Saver 1.2-->C:\WINDOWS\unins000.exe
Hooked on Phonics Learn to Read-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Hooked on Phonics Learning\Hooked on Phonics Learn to Read\DeIsL1.isu"
Hotfix for Windows XP (KB928388)-->"C:\WINDOWS\$NtUninstallKB928388$\spuninst\spuninst.exe"
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
hp deskjet 5100 series-->rundll32 hpzcon08.dll,VendorJettison hp deskjet 5100 series
hp deskjet 5100-->msiexec /x{FEDA56C4-82F3-46DD-8B50-FC592BBE1C0D}
HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photo & Imaging 3.1-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo and Imaging 2.0 - Deskjet Series-->MsiExec.exe /I{E0828692-FD9D-459F-9312-C645C3CA6650}
HP Photo and Imaging 2.0 - Photosmart Cameras-->MsiExec.exe /X{5D7F0A0E-369E-46C0-9F99-FAB21A064781}
HP Photosmart All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{D64BC2CF-0F12-47d7-B412-B4F3FD684253}\setup\hpzscr01.exe -datfile hposcr21.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Print Diagnostic Utility-->MsiExec.exe /I{5E06C076-E4E7-4239-A886-B3D8AC84C166}
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP PSC & OfficeJet 3.0-->"C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Human 3D LR1n-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F03538CD-A245-4772-B9F3-655E6DCB34B1}\Setup.exe" -l0x9 -removeonly
In A Flash 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EEC0AB3-0600-4D85-941A-6A3358E9839B}\Setup.exe" -l0x9
In A Flash Photo 3-->MsiExec.exe /I{0C3040CC-0276-409A-86BF-F84EB5F0DC25}
Insaniquarium Deluxe-->"C:\Program Files\MSN Games\Insaniquarium Deluxe\Uninstall.exe" "C:\Program Files\MSN Games\Insaniquarium Deluxe\install.log"
Inspheration-->"C:\Program Files\MSN Games\Inspheration\Uninstall.exe" "C:\Program Files\MSN Games\Inspheration\install.log"
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
IomegaWare 4.0.2-->C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\uninstal.log
ItsDeductible Express-->MsiExec.exe /X{36495C59-089C-49D1-BD15-9E5BD86DC9A1}
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Jewel Quest II (remove only)-->"C:\Program Files\iWin.com\Jewel Quest II\Uninstall.exe"
Jewel Quest Solitaire (remove only)-->"C:\Program Files\iWin.com\Jewel Quest Solitaire\Uninstall.exe"
Jewel Quest-->"C:\Program Files\Oberon Media\Jewel Quest\Uninstall.exe" "C:\Program Files\Oberon Media\Jewel Quest\install.log"
Jimmy Neutron Boy Genius-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\THQ\Jimmy Neutron\Jimmy Neutron Boy Genius\Uninst.isu"
Jimmy Neutron Invention Revenge (remove only)-->"C:\Program Files\Jimmy Neutron Invention Revenge\Uninstall.exe"
JumpStart Animal Adventures-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSAnimUn.exe
JumpStart Explorers-->C:\WINDOWS\UnJSExp.exe
JumpStart Learning Games ABC's-->C:\WINDOWS\IsUninst.exe -fC:\KA\JSLG_ABC\DeIsL1.isu
JumpStart Numbers-->C:\WINDOWS\IsUninst.exe -fC:\KA\JSNUMBER\DeIsL1.isu
JumpStart Pre-K-->C:\WINDOWS\IsUninst.exe -fC:\KA\PRE_K\DeIsL1.isu
JumpStart Typing-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSTypeUn.EXE
Jungle Heart (remove only)-->"C:\Program Files\Jungle Heart\Uninstall.exe"
Juniper Networks Network Connect 5.5.0-->"C:\Program Files\Juniper Networks\Network Connect 5.5.0\uninstall.exe"
KBD-->C:\HP\KBD\KBD.EXE uninstalled
LG USB Drivers-->C:\PROGRA~1\LGDRIV~1\LGUSBD~1\UNWISE.EXE C:\PROGRA~1\LGDRIV~1\LGUSBD~1\INSTALL.LOG
LiveUpdate 1.7 (Symantec Corporation)-->C:\Program Files\\Symantec\LiveUpdate\LSETUP.EXE /U
Mad Caps (remove only)-->"C:\Program Files\Mad Caps\Uninstall.exe"
Magic Ball 2-->"C:\Program Files\MSN Games\Magic Ball 2\Uninstall.exe" "C:\Program Files\MSN Games\Magic Ball 2\install.log"
Magic Match 2-->"C:\Program Files\MSN Games\Magic Match 2\Uninstall.exe" "C:\Program Files\MSN Games\Magic Match 2\install.log"
Magic Match Adventures-->"C:\Program Files\MSN Games\Magic Match Adventures\Uninstall.exe" "C:\Program Files\MSN Games\Magic Match Adventures\install.log"
Magic Match-->"C:\Program Files\MSN Games\Magic Match\Uninstall.exe" "C:\Program Files\MSN Games\Magic Match\install.log"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Math 2-->C:\WINDOWS\unvise32.exe C:\Program Files\sz8032\uninstal.log
Math Blaster Ages 6-7-->C:\WINDOWS\UninstMBAges6-7.exe
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Office Outlook 2003-->MsiExec.exe /I{90E00409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition-->MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Express Edition - ENU Service Pack 1 (KB926748)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {9BB5DD65-D02F-43FC-94AF-E8932A4EFB73} /package {AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}
Microsoft Visual C++ 2005 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual C++ 2005 Express Edition - ENU\setup.exe
Microsoft Visual C++ 2005 Express Edition - ENU-->MsiExec.exe /X{AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Milton Bradley Classic Board Games-->C:\Program Files\Hasbro Interactive\Classic Games\MBUninst.exe
Monopoly-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20FA8AEE-E785-4F79-98EB-2067A8F395F4}\setup.exe" -l0x9
Move Networks Player for Internet Explorer-->"C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\unins000.exe"
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
MUSICMATCH® Jukebox-->C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
My Wal-Mart Digital Photo Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAF8B012-D559-4B8D-95C0-D98E1172E5C3}\setup.exe" -l0x9 -removeonly
Mystery Case Files - Huntsville-->"C:\Program Files\Oberon Media\Mystery Case Files - Huntsville\Uninstall.exe" "C:\Program Files\Oberon Media\Mystery Case Files - Huntsville\install.log"
Mystery Solitaire - Secret Island-->"C:\Program Files\MSN Games\Mystery Solitaire - Secret Island\Uninstall.exe" "C:\Program Files\MSN Games\Mystery Solitaire - Secret Island\install.log"
NCH Toolbox-->C:\Program Files\NCH Swift Sound\ToolBox\uninst.exe
Need For Speed - Porsche Unleashed-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Need For Speed - Porsche Unleashed\uninst.log"
Nick Blockade (remove only)-->"C:\Program Files\Nick Blockade\Uninstall.exe"
Nicktoons Challenge! (remove only)-->C:\Program Files\Nicktoons Challenge!\Uninstall.exe
NVIDIA GART Driver-->C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA GART Driver
Ocean Life 1 Screensaver-->C:\WINDOWS\ss3unstl.exe "Ocean Life 1 Screensaver"
Ocean Life 2 Screensaver-->C:\WINDOWS\ss3unstl.exe "Ocean Life 2 Screensaver"
Operation-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Hasbro Interactive\Operation\DeIsL1.isu"
PacaJuma Quest (remove only)-->"C:\Program Files\PacaJuma Quest\Uninstall.exe"
PagePrintables-->C:\PROGRA~1\PAGEPR~1\UNWISE.EXE C:\PROGRA~1\PAGEPR~1\INSTALL.LOG
Paint Shop Pro 7-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Pajama Sam Life is Rough When You Lose Your Stuff-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{56C632F1-E684-4033-8390-1C39A1719B01}
Pajama Sam No Need to Hide When It's Dark Outside-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Infogrames Interactive\PajamaNHD\Uninst.isu" -c"C:\Program Files\Infogrames Interactive\PajamaNHD\Uninst.dll
Palm Desktop-->MsiExec.exe /X{7DBBC522-F642-4D6C-A03F-22E49EB63437}
Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PCFriendly-->C:\Program Files\PCFriendly\inuninst.exe
PDO Desktop-->C:\WINDOWS\uninst.exe -f"C:\Program Files\PDO Desktop\DeIsL1.isu" -c"C:\Program Files\PDO Desktop\_ISREG32.DLL"
Photo Viewer 2.3-->"C:\Program Files\Photo Viewer\uninstall.exe"
Photosmart 140,240,7200,7600,7700,7900 Series-->C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
Playhouse Disney's Stanley Wild for Sharks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{733D0C6D-1561-11D6-B234-0050DACD394D}\setup.exe" -l0x9 Uninstall
Print Workshop 2004 LE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{952682F8-F40D-11D7-AD8E-0050DA87D0EB}\SETUP.EXE" -l0x9
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
pumpkinpatch ScreenSaver-->C:\WINDOWS\pumpkinpatch.scr /U
Puzzle Detective-->"C:\Program Files\MSN Games\Puzzle Detective\Uninstall.exe" "C:\Program Files\MSN Games\Puzzle Detective\install.log"
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2004-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Rainbow Web-->"C:\Program Files\Oberon Media\Rainbow Web\Uninstall.exe" "C:\Program Files\Oberon Media\Rainbow Web\install.log"
Reader Rabbit Preschool-->C:\Program Files\The Learning Company\Reader Rabbit Preschool\uninstal.exe
Reader's Digest Super Word Power-->"C:\Program Files\MSN Games\Readers Digest Super Word Power\Uninstall.exe" "C:\Program Files\MSN Games\Readers Digest Super Word Power\install.log"
RealArcade-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst" "AddRemove"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roll-->C:\WINDOWS\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
S3 S3Display-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
Saints and Sinners Bingo-->"C:\Program Files\Oberon Media\Saints and Sinners Bingo\Uninstall.exe" "C:\Program Files\Oberon Media\Saints and Sinners Bingo\install.log"
Sandlot Games Client Services 1.2.2-->"C:\Program Files\Common Files\Sandlot Shared\unins001.exe"
Sandlot Games Client Services-->"C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
SandScript(tm)-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\SandScript(tm).rguninst" "AddRemove"
Scholastic's I SPY School Days-->C:\PROGRA~1\SCHOLA~1\ISPYSC~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPYSC~1\INSTALL.LOG
Scholastic's I SPY Spooky Mansion-->C:\PROGRA~1\SCHOLA~1\ISPYSP~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPYSP~1\INSTALL.LOG
Scooby-Doo(tm), Phantom of the Knight(tm)-->C:\Program Files\The Learning Company\Scooby-Doo(tm), Phantom of the Knight(tm)\uninstall.exe
Scrabble Blast Deluxe-->"C:\Program Files\MSN Games\Scrabble Blast Deluxe\Uninstall.exe" "C:\Program Files\MSN Games\Scrabble Blast Deluxe\install.log"
Scrabble Complete-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B36649A3-D0DD-4706-B042-F5B384529C7A}\Setup.exe" -l0x9
Scrabble Deluxe-->"C:\Program Files\MSN Games\Scrabble Deluxe\Uninstall.exe" "C:\Program Files\MSN Games\Scrabble Deluxe\install.log"
Security Update for Microsoft .NET Framework 2.0 (KB917283)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Microsoft .NET Framework 2.0 (KB922770)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Sega Smash Pack II-->C:\WINDOWS\IsUninst.exe -f"c:\program files\Sega\Smash Pack II\Uninst.isu"
Sesame Street Search & Learn Adventures-->C:\CWONDERS\MADTGD\CWRUN.EXE SearchLearnAdventures UninstallExe
Shape Solitaire-->"C:\Program Files\Email Removed\Shape Solitaire\Uninstall.exe" "C:\Program Files\Email Removed\Shape Solitaire\install.log"
Slingo-->"C:\Program Files\MSN Games\Slingo\Uninstall.exe" "C:\Program Files\MSN Games\Slingo\install.log"
Snowy - Treasure Hunter (remove only)-->"C:\Program Files\Snowy - Treasure Hunter\Uninstall.exe"
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SpongeBob Atlantis SquareOff-->C:\PROGRA~1\NICKAR~1\SPONGE~1\UNWISE.EXE C:\PROGRA~1\NICKAR~1\SPONGE~1\INSTALL.LOG
SpongeBob SquarePants 3D Pinball Panic (remove only)-->"C:\Program Files\SpongeBob SquarePants 3D Pinball Panic\Uninstall.exe"
SpongeBob SquarePants Bubble Rush! (remove only)-->C:\Program Files\SpongeBob SquarePants Bubble Rush!\Uninstall.exe
SpongeBob SquarePants Collapse! (remove only)-->"C:\Program Files\SpongeBob SquarePants Collapse!\Uninstall.exe"
SpongeBob SquarePants Diner Dash (remove only)-->C:\Program Files\SpongeBob SquarePants Diner Dash\Uninstall.exe
SpongeBob SquarePants Jellyfish Shuffleboard (remove only)-->"C:\Program Files\SpongeBob SquarePants Jellyfish Shuffleboard\Uninstall.exe"
SpongeBob SquarePants Krabby Quest (remove only)-->"C:\Program Files\SpongeBob SquarePants Krabby Quest\Uninstall.exe"
SpongeBob SquarePants Obstacle Odyssey (remove only)-->"C:\Program Files\SpongeBob SquarePants Obstacle Odyssey\Uninstall.exe"
SpongeBob SquarePants Obstacle Odyssey 2 (remove only)-->C:\Program Files\SpongeBob SquarePants Obstacle Odyssey 2\Uninstall.exe
SpongeBob SquarePants Pizza Toss (remove only)-->"C:\Program Files\SpongeBob SquarePants Pizza Toss\Uninstall.exe"
SpongeBob SquarePants® Operation Krabby Patty-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\THQ\SpongeBob SquarePants\Operation Krabby Patty\Uninst.isu"
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Stop the Morbuzakh (remove only)-->C:\Program Files\LEGO Software\Stop the Morbuzakh\Uninst.exe
Stunt Track Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Stunt Track Driver\Stunt Track Driver.isu"
Super GameHouse BlackJack-->"C:\Program Files\Oberon Media\Super GameHouse BlackJack\Uninstall.exe" "C:\Program Files\Oberon Media\Super GameHouse BlackJack\install.log"
Super GameHouse Solitaire Vol. 1-->C:\PROGRA~1\MSNGAM~2\GAMESP~1\SUPERG~1.1\UNWISE.EXE /U C:\PROGRA~1\MSNGAM~2\GAMESP~1\SUPERG~1.1\INSTALL.LOG
Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Symantec AntiVirus Client-->MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}
Talk to Me-->"C:\Program Files\Auralog\Talk to Me 7.0\Bin\unsetup.exe" -file "C:\Program Files\Auralog\Talk to Me 7.0\unsetup.aui"
Tarzan Activity Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD709E16-1ED6-46CF-ACF7-FB8F01BC0444}\setup.exe" -l0x9 Tarzan Activity Center
The Fairly OddParents - Timmy`s Roach Rampage (remove only)-->C:\Program Files\The Fairly OddParents - Timmy`s Roach Rampage\Uninstall.exe
The Fairly OddParents-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBA98386-2B74-4C54-B085-543E7D5A3FAC}\setup.exe" -l0x9 \ /uninst
The Font Factory-->C:\PROGRA~1\CHATTE~1\UNWISE.EXE C:\PROGRA~1\CHATTE~1\INSTALL.LOG
Time Force-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC2092E0-55C4-11D5-B4F8-00A0CCE39AAB}\SETUP.EXE" TimeForceUninstall
Timez Attack Free-->C:\TimezAttackFree\Uninstall.exe
Tonka Raceway-->C:\HASBRO\TONKA_RACEWAY\Uninstall_Tonka_Raceway.EXE
Top Ten Solitaire-->"C:\Program Files\Oberon Media\Top Ten Solitaire\Uninstall.exe" "C:\Program Files\Oberon Media\Top Ten Solitaire\install.log"
trickortreaters ScreenSaver-->C:\WINDOWS\trickortreaters.scr /U
Trivial Pursuit 90s Edition-->"C:\Program Files\MSN Games\Trivial Pursuit 90s Edition\Uninstall.exe" "C:\Program Files\MSN Games\Trivial Pursuit 90s Edition\install.log"
Tumble Bees To Go-->"C:\Program Files\Oberon Media\Tumble Bees To Go\Uninstall.exe" "C:\Program Files\Oberon Media\Tumble Bees To Go\install.log"
TurboTax Deluxe 2003-->C:\Program Files\TurboTax\Deluxe 2003\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2003\Uninstall.log" -NoGui
TurboTax Deluxe 2004-->C:\Program Files\TurboTax\Deluxe 2004\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2004\Uninstall.log" -NoGui
TurboTax Deluxe 2005-->C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006-->C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005-->MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Twistingo-->"C:\Program Files\Email Removed\Twistingo\Uninstall.exe" "C:\Program Files\Email Removed\Twistingo\install.log"
U.B. Funkeys-->C:\Program Files\U.B. Funkeys\uninstall.exe
Ultimate Game Pak-->C:\WINDOWS\iun506.exe C:\Program Files\Ultimate Game Pak\irunin.ini
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
VIA Rhine-Family Fast-Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver-->VTsetvga.exe -s -rRundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\hg201hp.inf
ViviCam V35-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\Setup.exe" -l0x9
Wal-Mart Music Downloads Store-->MsiExec.exe /I{1DB2FBA5-D57A-42A7-8E87-5B3EEBED8283}
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WeatherBug-->C:\PROGRA~1\AWS\WEATHE~1\REMOVE.EXE C:\PROGRA~1\AWS\WEATHE~1\INSTALL.LOG
WexTech AnswerWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
Windows XP Winter Fun Pack Screensavers-->MsiExec.exe /I{27D0C7AB-59F1-4D4D-A0BB-05A31AC919EA}
WinZip-->"C:\PROGRA~1\Winzip\Winzip32.exe" /uninstall
Word Search Deluxe (remove only)-->"C:\Program Files\Word Search Deluxe\Uninstall.exe"
Word Whomp To Go-->"C:\Program Files\Oberon Media\Word Whomp To Go\Uninstall.exe" "C:\Program Files\Oberon Media\Word Whomp To Go\install.log"
Wordsheets-->C:\PROGRA~1\WORDSH~1\UNWISE.EXE C:\PROGRA~1\WORDSH~1\INSTALL.LOG
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
Yahtzee-->"C:\Program Files\MSN Games\Yahtzee\Uninstall.exe" "C:\Program Files\MSN Games\Yahtzee\install.log"
Yahtzee-->C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL1.isu
Yu_Gi_Oh!_Monsters_1 Screen Saver-->C:\WINDOWS\Yu_Gi_Oh!_Monsters_1.scr /u
Yu_Gi_Oh!_Time_to_Duel_1 Screen Saver-->C:\WINDOWS\Yu_Gi_Oh!_Time_to_Duel_1.scr /u
Zone Deluxe Games-->MsiExec.exe /I{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}
Hosts File Missing
Post by: guestolo on October 26, 2008, 06:58:28 PM
Can you do the following, I still want to run ComboFix on this machine
Delete your copy of ComboFix
Then, please do the following
REDownload this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
By default it will save a copy to C:\Combofix.txt
I'll need to see this log later
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post back the log from ComboFix
**Do you have the install CD for Norton's?
Don't try and reinstall it yet, just enquiring
Post by: scrappingmama on October 26, 2008, 07:32:33 PM
Combofix worked. It had to do a reboot because of what it called "Rootkit activity", but otherwise it all ran okay.
Anyway, here is a copy of the ComboFix log (I did get MS Money reinstalled to get to my backup and save me data to an external hard drive) --
ComboFix 08-10-25.01 - Owner 2008-10-26 19:49:34.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.697 [GMT -5:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Owner\Cookies\habisaty.db
C:\Documents and Settings\Owner\Cookies\ogigy.sys
C:\Documents and Settings\Owner\Cookies\tyvatymawi.inf
C:\Documents and Settings\Owner\Cookies\ytehyryn.dl
C:\Documents and Settings\Owner\Cookies\zujakerob.bin
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\iluzux.dll
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\lisy.sys
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\maku.bin
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\meguteja.vbs
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\pyvojimy.inf
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\system32\AutoRun.inf
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSserv
-------\Legacy_TDSSserv
((((((((((((((((((((((((( Files Created from 2008-09-27 to 2008-10-27 )))))))))))))))))))))))))))))))
.
2008-10-26 19:19 . 2008-10-26 19:29 <DIR> d-------- C:\Program Files\Microsoft Money
2008-10-26 15:57 . 2008-10-26 15:57 <DIR> d-------- C:\rsit
2008-10-26 15:31 . 2008-10-26 15:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-26 14:13 . 2008-10-26 14:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-26 14:13 . 2008-10-26 14:13 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-26 14:13 . 2008-10-26 14:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-26 14:13 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-26 14:13 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-26 02:18 . 2008-10-26 02:18 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-10-26 01:57 . 2008-10-26 01:51 1,554,567 --a------ C:\SDFix.exe
2008-10-25 22:53 . 2008-10-25 22:53 19,748 --a------ C:\WINDOWS\rogip.sys
2008-10-25 22:53 . 2008-10-25 22:53 16,053 --a------ C:\Documents and Settings\All Users\Application Data\gosy.reg
2008-10-25 22:53 . 2008-10-25 22:53 14,938 --a------ C:\WINDOWS\ykupyja.sys
2008-10-25 22:53 . 2008-10-25 22:53 14,191 --a------ C:\Documents and Settings\All Users\Application Data\voweva.vbs
2008-10-25 22:53 . 2008-10-25 22:53 12,670 --a------ C:\WINDOWS\system32\likyluki.bin
2008-10-25 22:53 . 2008-10-25 22:53 11,758 --a------ C:\Documents and Settings\Owner\Application Data\aqixikixyd.dll
2008-10-25 22:53 . 2008-10-25 22:53 11,333 --a------ C:\Documents and Settings\All Users\Application Data\acoho.dat
2008-10-25 22:53 . 2008-10-25 22:53 11,306 --a------ C:\WINDOWS\ojeqopom.ban
2008-10-25 22:53 . 2008-10-25 22:53 10,560 --a------ C:\WINDOWS\system32\sowapiwoci.bin
2008-10-25 22:53 . 2008-10-25 22:53 10,233 --a------ C:\WINDOWS\system32\gukylyw.lib
2008-10-25 17:13 . 2008-10-25 17:13 18,041 --a------ C:\WINDOWS\system32\koda.bat
2008-10-25 17:13 . 2008-10-25 17:13 17,867 --a------ C:\Documents and Settings\All Users\Application Data\esurebale.pif
2008-10-25 17:13 . 2008-10-25 17:13 16,260 --a------ C:\WINDOWS\sopiryxuk.scr
2008-10-25 17:13 . 2008-10-25 17:13 15,827 --a------ C:\WINDOWS\nyfupa.vbs
2008-10-25 17:13 . 2008-10-25 17:13 15,772 --a------ C:\WINDOWS\yfywak.reg
2008-10-25 17:13 . 2008-10-25 17:13 15,164 --a------ C:\WINDOWS\ebog.lib
2008-10-25 14:51 . 2008-10-25 14:51 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
2008-09-29 14:41 . 2008-10-25 23:17 <DIR> d-------- C:\Program Files\iTunes
2008-09-29 14:41 . 2008-09-29 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-29 14:39 . 2008-10-25 23:12 <DIR> d-------- C:\Program Files\Bonjour
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 04:36 --------- d-----w C:\Program Files\Wal-Mart Music Downloads Store
2008-10-26 04:19 --------- d-----w C:\Program Files\THQ
2008-10-26 04:19 --------- d-----w C:\Program Files\sz8032
2008-10-26 04:19 --------- d-----w C:\Program Files\sz8022
2008-10-26 04:19 --------- d-----w C:\Program Files\Scholastic
2008-10-26 04:19 --------- d-----w C:\Program Files\RecordNow!
2008-10-26 04:19 --------- d-----w C:\Program Files\QuickTime
2008-10-26 04:19 --------- d-----w C:\Program Files\Print Workshop 2004 LE
2008-10-26 04:18 --------- d-----w C:\Program Files\Microsoft Works
2008-10-26 04:18 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-10-26 04:18 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-10-26 04:18 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2008-10-26 04:18 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-10-26 04:18 --------- d-----w C:\Program Files\Lavasoft
2008-10-26 04:17 --------- d-----w C:\Program Files\Juniper Networks
2008-10-26 04:17 --------- d-----w C:\Program Files\Java
2008-10-26 04:17 --------- d-----w C:\Program Files\ItsDeductibleEX
2008-10-26 04:17 --------- d-----w C:\Program Files\ItsDeductible2006
2008-10-26 04:17 --------- d-----w C:\Program Files\ItsDeductible2005
2008-10-26 04:17 --------- d-----w C:\Program Files\iPod
2008-10-26 04:17 --------- d-----w C:\Program Files\Iomega
2008-10-26 04:17 --------- d-----w C:\Program Files\IntelliMover Data Transfer Demo
2008-10-26 04:17 --------- d-----w C:\Program Files\Infogrames Interactive
2008-10-26 04:17 --------- d-----w C:\Program Files\HP
2008-10-26 04:17 --------- d-----w C:\Program Files\Hewlett-Packard
2008-10-26 04:17 --------- d-----w C:\Program Files\Hasbro Interactive
2008-10-26 04:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-26 04:15 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-26 04:15 --------- d-----w C:\Program Files\Common Files\Apple
2008-10-26 04:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-25 13:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-20 19:25 --------- d-----w C:\Documents and Settings\Owner\Application Data\AirSet Desktop Sync
2008-10-16 01:30 30 ----a-w C:\Documents and Settings\Owner\jagex_runescape_preferences.dat
2008-03-17 17:38 103,536 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2004-11-01 23:37 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2004-05-20 856064]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"VTTimer"="VTTimer.exe" [2005-03-08 C:\WINDOWS\system32\VTTimer.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 C:\WINDOWS\ALCXMNTR.EXE]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Southwest Airlines\\Ding\\Ding.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-04-10 23552]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 45568]
S2 ltmdmntc;ltmdmntc;C:\WINDOWS\System32\drivers\ltmdmntc.sys [ ]
S2 W55U01;WINBOND W55U01 USB;C:\WINDOWS\system32\Drivers\W55U01.sys [2005-08-12 15232]
S2 X4HS32;X4HS32;C:\Program Files\EXEtender\X4HS32.Sys [ ]
S3 BulkUsb;Usbscan.Sys;C:\WINDOWS\system32\Drivers\usbscan.sys [2004-08-04 15104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9748cf25-b2a6-11dc-b0ef-000ea6306fee}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/keylauncher/?code=3654261420322001 (http://\"http://www.mgae.com/keylauncher/?code=3654261420322001\")
.
Contents of the 'Scheduled Tasks' folder
2008-10-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe []
2004-03-17 C:\WINDOWS\Tasks\Easy Internet Sign-up.job
- C:\Program Files\Easy Internet signup\HPSdpApp.exe []
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKLM-Run-QuickTime Task - C:\Program Files\QuickTime\QTTask.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O16 -: {5445BE81-B796-11D2-B931-002018654E2E} - hxxps://cim.accenture.com/system/web/view/live/messaging/ie/SecMgr.cab
C:\WINDOWS\Downloaded Program Files\SecMgr.inf
O16 -: {B33422AC-C567-4F7D-BB28-6583371EC4EE} - hxxps://portal.accenture.com/NAVIGATOR/CMS/WebAuthor/Client/PlaceholderControlSupport/NRDHtml.cab
C:\WINDOWS\Downloaded Program Files\NRDHtml.inf
C:\WINDOWS\Downloaded Program Files\ncbmprdr.dll
O16 -: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} - hxxps://portal.accenture.com/NAVIGATOR/CMS/WebAuthor/Client/PlaceholderControlSupport/nrdhtml.cab
C:\WINDOWS\Downloaded Program Files\NRDHtml.inf
C:\WINDOWS\Downloaded Program Files\ncbmprdr.dll
C:\WINDOWS\Downloaded Program Files\NRDHtml.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-10-26 19:58:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSijso.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\NavLogon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-10-26 20:01:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-27 01:01:47
Pre-Run: 36,789,424,128 bytes free
Post-Run: 38,041,493,504 bytes free
216
Post by: guestolo on October 26, 2008, 07:38:20 PM
Just want to double check one entry
Download
[color=\"red\"]SDFix[/color] (http://\"http://downloads.andymanchesta.com/RemovalTools/SDFix.exe\")
Save it to your desktop
Reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
In Safe mode
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Go to START>>My Computer>>Double click to open the C:\ folder
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
Post by: scrappingmama on October 26, 2008, 08:46:30 PM
c:\PROGRA~1\Symantec\S32EVNT1.DLL. An installable Virtual Device Driver failed Dll initialization. Choose 'Close' to terminate the application.
Close wouldn't work (after six tries) so I clicked "ignore".
After it was done running it prompted for a reboot. Again, I got the above message but this time "Close" worked. It popped up again later and again "close" worked.
Here is the sdfix report --
SDFix: Version 1.238
Run by Owner on Sun 10/26/2008 at 08:55 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\DOCUME~1\Owner\LOCALS~1\Temp\TDSS5ddb.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\TDSS5dfb.tmp - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-10-26 21:14:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...
disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\Owner\ntuser.dat, 0
scanning hidden files ...
disk error: C:\WINDOWS\
please note that you need administrator rights to perform deep scan
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\Southwest Airlines\\Ding\\Ding.exe"="C:\\Program Files\\Southwest Airlines\\Ding\\Ding.exe:*:Disabled:DING!"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Disabled:Bonjour"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Finished!
AND HERE IS HIJACK THIS --
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:09 PM, on 10/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab (http://\"http://www1.snapfish.com/SnapfishActivia.cab\")
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - https://cim.accenture.com/system/web/view/l...g/ie/SecMgr.cab (http://\"https://cim.accenture.com/system/web/view/live/messaging/ie/SecMgr.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409226343 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218409226343\")
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (http://\"http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409212234 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218409212234\")
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (http://\"https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab\")
O16 - DPF: {B33422AC-C567-4F7D-BB28-6583371EC4EE} (Microsoft CMS HTML Editor) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/NRDHtml.cab (http://\"https://portal.accenture.com/NAVIGATOR/CMS/WebAuthor/Client/PlaceholderControlSupport/NRDHtml.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (http://\"http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab\")
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab (http://\"http://a.download.toontown.com/sv1.0.15.44/ttinst.cab\")
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://amr1-extranet.accenture.com/dana-ca...perSetupSP1.cab (http://\"https://amr1-extranet.accenture.com/dana-cached/setup/JuniperSetupSP1.cab\")
O16 - DPF: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} (Microsoft CMS HTML Editor Toolbar) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/nrdhtml.cab (http://\"https://portal.accenture.com/NAVIGATOR/CMS/WebAuthor/Client/PlaceholderControlSupport/nrdhtml.cab\")
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Unknown owner - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (file missing)
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
--
End of file - 9279 bytes
Post by: guestolo on October 26, 2008, 09:07:37 PM
If so, please do so then reboot the computer
Back in Windows
Run this uninstall tool from Norton's
http://service1.symantec.com/SUPPORT/tsgen...&view=docid (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2007080716282639?Open&docid=2005033108162039&nsf=tsgeninfo.nsf&view=docid\")
Do step 3 at the bottom of the screen
After removal, can you do the following
Do a "System scan only" with Hijackthis and put a check next to these entries:
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Download [color=\"#FF0000\"]ATF-Cleaner[/color] (http://\"http://www.atribune.org/ccount/click.php?id=1\") by Atribune.
Save it to your desktop
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Exit ATF-Cleaner from the Main menu
Go here and download your Free version of Avira AntiVir
http://www.download.com/Avira-AntiVir-Pers...cdlpid=10322935 (http://\"http://www.download.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html?part=dl-10322935&subj=dl&tag=button&cdlpid=10322935\")
Save the installer to desktop
Install Avira AntiVir from desktop
Ensure that you have it check for Updates
The first time it updates may take awhile, but allow it time
NOTE: Avira will display a single big Ad on your computer
Don't be alarmed, just click OK at the bottom of the Ad to close it
A scan of your System should then start
If a scan does not start after updating, double click on the Avira icon by the clock (the red/white umbrella)
and select "Scan system now"
Quarantine or delete everything it finds
When the scan is finished
Reboot the computer
Back in Windows
Can you post all the following back please
It may take more than one reply to do so
1. Post a fresh hijackthis log
2. Please post the log from Avira
Open Avira again (Double click on the red Umbrella icon by the clock)
Click on REPORTS under Overview
Double click on the Scan report you just made
Then click on "Report File"
Post by: scrappingmama on October 26, 2008, 09:33:24 PM
Symantec Antivirus Client
1: The InstallScript engine on this machine is older than the versino required to run this setup. If available, please install teh latest version of ISScript.msi, or contact your support personnel for further assistance.
AND
Then at the end it throws a message - "Fatal error during installation."
Do you want me to continue with the rest of your steps anyway?
Post by: guestolo on October 26, 2008, 09:43:21 PM
Afterwards, post a fresh hijackthis log and let's see what's left of Symantec's
Post by: scrappingmama on October 26, 2008, 10:13:39 PM
For this step, I hooked the infected computer back up to the network/internet and I went to the Symantec link you provided. I downloaded and ran the Norton Removal Tool. The system rebooted and tried to go to the Symantec link on restart. Interestingly enough, I could no longer get to the link. So, I tried going to www.symantec.com and I couldn't get there. I also tried Atribune and Lavasoft and I can't get to any of them any longer. I can get to other sites fine (like this one), but no site that seems like it would protect my computer. Something seems to be blocking it again.
I was able to still run HJT, so I did the steps that you outlined for removing the items and here is the next log --
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:35 PM, on 10/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab (http://\"http://www1.snapfish.com/SnapfishActivia.cab\")
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - https://cim.accenture.com/system/web/view/l...g/ie/SecMgr.cab (http://\"https://cim.accenture.com/system/web/view/live/messaging/ie/SecMgr.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409226343 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218409226343\")
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (http://\"http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409212234 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218409212234\")
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (http://\"https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab\")
O16 - DPF: {B33422AC-C567-4F7D-BB28-6583371EC4EE} (Microsoft CMS HTML Editor) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/NRDHtml.cab (http://\"https://portal.accenture.com/NAVIGATOR/CMS/WebAuthor/Client/PlaceholderControlSupport/NRDHtml.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (http://\"http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab\")
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab (http://\"http://a.download.toontown.com/sv1.0.15.44/ttinst.cab\")
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://amr1-extranet.accenture.com/dana-ca...perSetupSP1.cab (http://\"https://amr1-extranet.accenture.com/dana-cached/setup/JuniperSetupSP1.cab\")
O16 - DPF: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} (Microsoft CMS HTML Editor Toolbar) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/nrdhtml.cab (http://\"https://portal.accenture.com/NAVIGATOR/CMS/WebAuthor/Client/PlaceholderControlSupport/nrdhtml.cab\")
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Unknown owner - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (file missing)
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
--
End of file - 7981 bytes
Post by: guestolo on October 26, 2008, 10:20:07 PM
Can you do the following
Download HostsXpert [color=\"red\"]Here[/color] (http://\"http://www.funkytoad.com/download/HostsXpert.zip\") and unzip it to your desktop.
Next, open HostsXpert
- Make sure that the "make hosts writable?" button in the upper left corner is checked>>Should read 'Make Readonly'
- then click on 'Restore MS host files'>>OK
- Close HostsXpert.
Afterwards: I had you run the wrong Norton removal tool
Can you download and run this one please
NoNav.exe (http://\"http://ca.huji.ac.il/bf/mcafee/NoNav.exe\")
Afterwards: follow all the next steps I posted earlier
Here they are again
======================================================================
Do a "System scan only" with Hijackthis and put a check next to these entries:
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Download [color=\"#FF0000\"]ATF-Cleaner[/color] (http://\"http://www.atribune.org/ccount/click.php?id=1\") by Atribune.
Save it to your desktop
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Exit ATF-Cleaner from the Main menu
Go here and download your Free version of Avira AntiVir
http://www.download.com/Avira-AntiVir-Pers...cdlpid=10322935 (http://\"http://www.download.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html?part=dl-10322935&subj=dl&tag=button&cdlpid=10322935\")
Save the installer to desktop
Install Avira AntiVir from desktop
Ensure that you have it check for Updates
The first time it updates may take awhile, but allow it time
NOTE: Avira will display a single big Ad on your computer
Don't be alarmed, just click OK at the bottom of the Ad to close it
A scan of your System should then start
If a scan does not start after updating, double click on the Avira icon by the clock (the red/white umbrella)
and select "Scan system now"
Quarantine or delete everything it finds
When the scan is finished
Reboot the computer
Back in Windows
Can you post all the following back please
It may take more than one reply to do so
1. Post a fresh hijackthis log
2. Please post the log from Avira
Open Avira again (Double click on the red Umbrella icon by the clock)
Click on REPORTS under Overview
Double click on the Scan report you just made
Then click on "Report File"
Post by: scrappingmama on October 26, 2008, 11:19:05 PM
I am heading off to bed. Three late nights in a row is killing me.
I have clicked the option to Delete any future detections so hopefully it will keep going through the night. I will post all logs and reports in the morning.
Thanks again for all of your help.
Post by: guestolo on October 26, 2008, 11:22:44 PM
I'll look for the logs later tomorrow
P.S, It's just past 10 pm my time
Post by: scrappingmama on October 27, 2008, 07:37:21 AM
Okay, new day and new start. Here are the logs --
HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:08:28 AM, on 10/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab (http://\"http://www1.snapfish.com/SnapfishActivia.cab\")
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - https://cim.accenture.com/system/web/view/l...g/ie/SecMgr.cab (http://\"https://cim.accenture.com/system/web/view/live/messaging/ie/SecMgr.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409226343 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218409226343\")
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (http://\"http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409212234 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218409212234\")
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (http://\"https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab\")
O16 - DPF: {B33422AC-C567-4F7D-BB28-6583371EC4EE} (Microsoft CMS HTML Editor) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/NRDHtml.cab (http://\"https://portal.accenture.com/NAVIGATOR/CMS/WebAuthor/Client/PlaceholderControlSupport/NRDHtml.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (http://\"http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab\")
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab (http://\"http://a.download.toontown.com/sv1.0.15.44/ttinst.cab\")
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://amr1-extranet.accenture.com/dana-ca...perSetupSP1.cab (http://\"https://amr1-extranet.accenture.com/dana-cached/setup/JuniperSetupSP1.cab\")
O16 - DPF: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} (Microsoft CMS HTML Editor Toolbar) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/nrdhtml.cab (http://\"https://portal.accenture.com/NAVIGATOR/CMS/WebAuthor/Client/PlaceholderControlSupport/nrdhtml.cab\")
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
--
End of file - 8226 bytes
AVIRA AntiVir Personal
Report file date: Sunday, October 26, 2008 23:54
Scanning for 1708013 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: BIGMAMA
Version information:
BUILD.DAT : 8.2.0.334 16933 Bytes 10/16/2008 14:55:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 15:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 14:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 19:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 14:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 17:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 20:54:15
ANTIVIR2.VDF : 7.0.7.59 4366336 Bytes 10/19/2008 04:52:40
ANTIVIR3.VDF : 7.0.7.93 198656 Bytes 10/26/2008 04:52:42
Engineversion : 8.2.0.9
AEVDF.DLL : 8.1.0.6 102772 Bytes 10/27/2008 04:52:54
AESCRIPT.DLL : 8.1.1.9 319867 Bytes 10/27/2008 04:52:53
AESCN.DLL : 8.1.1.3 123252 Bytes 10/27/2008 04:52:52
AERDL.DLL : 8.1.1.2 438644 Bytes 10/27/2008 04:52:51
AEPACK.DLL : 8.1.2.4 369014 Bytes 10/27/2008 04:52:50
AEOFFICE.DLL : 8.1.0.29 196988 Bytes 10/27/2008 04:52:49
AEHEUR.DLL : 8.1.0.63 1479032 Bytes 10/27/2008 04:52:49
AEHELP.DLL : 8.1.1.2 115062 Bytes 10/27/2008 04:52:46
AEGEN.DLL : 8.1.0.42 319861 Bytes 10/27/2008 04:52:46
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/27/2008 04:52:45
AECORE.DLL : 8.1.2.8 172406 Bytes 10/27/2008 04:52:44
AEBB.DLL : 8.1.0.3 53618 Bytes 10/27/2008 04:52:43
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 15:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 16:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 10/27/2008 04:52:42
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 18:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 15:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 19:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 00:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 19:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 19:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 20:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 20:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: Sunday, October 26, 2008 23:54
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'ADService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned
Scan process 'sqlbrowser.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'AppServices.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ewidoctrl.exe' - '1' Module(s) have been scanned
Scan process 'dsNcService.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'Weather.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'point32.exe' - '1' Module(s) have been scanned
Scan process 'VTTimer.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
39 processes with 39 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '56' files ).
Starting the file scan:
Begin scan in 'C:\' <PRESARIO>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\ActiveScan\pskavs.dll
[DETECTION] Contains recognition pattern of the W95/Blumblebee.1738 Windows virus
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\ltmdmntc.old
[DETECTION] Is the TR/StartPage.vn.1 Trojan
[NOTE] The file was deleted!
Begin scan in 'D:\' <PRESARIO_RP>
End of the scan: Monday, October 27, 2008 01:01
Used time: 1:07:19 Hour(s)
The scan has been done completely.
9218 Scanning directories
401861 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
3 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
401857 Files not concerned
15069 Archives were scanned
1 Warnings
3 Notes
Post by: guestolo on October 27, 2008, 07:51:07 AM
Open Malwarebytes Antimalware
Click the Update tab and try and update
If it will update, can you run a Quick Scan and post the new log
If it won't update, can you again open HostXpert and Restore MS Host file then try updating again with MBAM
Let me know
In addition, can you again delete your copy of ComboFix
Temporarily disable AntiVir protections
Right click it's icon by the clock and Uncheck "AntVir Guard Enable"
Redownload ComboFix from the following link
Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\")
Run it again and post it's new log
Post by: scrappingmama on October 27, 2008, 01:03:32 PM
I also was able to get to Combofix.exe on the infected machine too so I downloaded a new one and ran again (log attached).
Malwarebytes' Anti-Malware 1.30
Database version: 1328
Windows 5.1.2600 Service Pack 2
10/27/2008 1:12:17 PM
mbam-log-2008-10-27 (13-12-16).txt
Scan type: Quick Scan
Objects scanned: 60517
Time elapsed: 4 minute(s), 17 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ba4271e-5c1e-48e2-b432-d8bf420dd31d} (Rogue.DeusCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Combofix.exe
ComboFix 08-10-26.01 - Owner 2008-10-27 13:25:42.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.659 [GMT -5:00]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSserv
-------\Legacy_TDSSserv
-------\Legacy_TDSSSERV.SYS
((((((((((((((((((((((((( Files Created from 2008-09-27 to 2008-10-27 )))))))))))))))))))))))))))))))
.
2008-10-26 23:50 . 2008-10-26 23:50 <DIR> d-------- C:\Program Files\Avira
2008-10-26 23:50 . 2008-10-26 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-26 23:25 . 2008-10-26 23:25 <DIR> d-------- C:\temp\NoNav
2008-10-26 23:25 . 2008-10-26 23:25 <DIR> d-------- C:\temp
2008-10-26 22:31 . 2008-10-26 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-26 20:48 . 2008-10-26 20:48 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-26 20:47 . 2008-10-26 21:20 <DIR> d-------- C:\SDFix
2008-10-26 19:19 . 2008-10-26 19:29 <DIR> d-------- C:\Program Files\Microsoft Money
2008-10-26 15:57 . 2008-10-26 15:57 <DIR> d-------- C:\rsit
2008-10-26 15:31 . 2008-10-26 15:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-26 14:13 . 2008-10-26 14:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-26 14:13 . 2008-10-26 14:13 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-26 14:13 . 2008-10-26 14:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-26 14:13 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-26 14:13 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-26 02:18 . 2008-10-26 02:18 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-10-26 01:57 . 2008-10-26 01:51 1,554,567 --a------ C:\SDFix.exe
2008-10-25 22:53 . 2008-10-25 22:53 19,748 --a------ C:\WINDOWS\rogip.sys
2008-10-25 22:53 . 2008-10-25 22:53 16,053 --a------ C:\Documents and Settings\All Users\Application Data\gosy.reg
2008-10-25 22:53 . 2008-10-25 22:53 14,938 --a------ C:\WINDOWS\ykupyja.sys
2008-10-25 22:53 . 2008-10-25 22:53 14,191 --a------ C:\Documents and Settings\All Users\Application Data\voweva.vbs
2008-10-25 22:53 . 2008-10-25 22:53 12,670 --a------ C:\WINDOWS\system32\likyluki.bin
2008-10-25 22:53 . 2008-10-25 22:53 11,758 --a------ C:\Documents and Settings\Owner\Application Data\aqixikixyd.dll
2008-10-25 22:53 . 2008-10-25 22:53 11,333 --a------ C:\Documents and Settings\All Users\Application Data\acoho.dat
2008-10-25 22:53 . 2008-10-25 22:53 11,306 --a------ C:\WINDOWS\ojeqopom.ban
2008-10-25 22:53 . 2008-10-25 22:53 10,560 --a------ C:\WINDOWS\system32\sowapiwoci.bin
2008-10-25 22:53 . 2008-10-25 22:53 10,233 --a------ C:\WINDOWS\system32\gukylyw.lib
2008-10-25 17:13 . 2008-10-25 17:13 18,041 --a------ C:\WINDOWS\system32\koda.bat
2008-10-25 17:13 . 2008-10-25 17:13 17,867 --a------ C:\Documents and Settings\All Users\Application Data\esurebale.pif
2008-10-25 17:13 . 2008-10-25 17:13 16,260 --a------ C:\WINDOWS\sopiryxuk.scr
2008-10-25 17:13 . 2008-10-25 17:13 15,827 --a------ C:\WINDOWS\nyfupa.vbs
2008-10-25 17:13 . 2008-10-25 17:13 15,772 --a------ C:\WINDOWS\yfywak.reg
2008-10-25 17:13 . 2008-10-25 17:13 15,164 --a------ C:\WINDOWS\ebog.lib
2008-10-25 14:51 . 2008-10-25 14:51 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
2008-09-29 14:41 . 2008-10-27 09:13 <DIR> d-------- C:\Program Files\iTunes
2008-09-29 14:41 . 2008-09-29 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-29 14:39 . 2008-10-25 23:12 <DIR> d-------- C:\Program Files\Bonjour
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-27 14:13 --------- d-----w C:\Program Files\iPod
2008-10-26 04:36 --------- d-----w C:\Program Files\Wal-Mart Music Downloads Store
2008-10-26 04:19 --------- d-----w C:\Program Files\THQ
2008-10-26 04:19 --------- d-----w C:\Program Files\sz8032
2008-10-26 04:19 --------- d-----w C:\Program Files\sz8022
2008-10-26 04:19 --------- d-----w C:\Program Files\Scholastic
2008-10-26 04:19 --------- d-----w C:\Program Files\RecordNow!
2008-10-26 04:19 --------- d-----w C:\Program Files\QuickTime
2008-10-26 04:19 --------- d-----w C:\Program Files\Print Workshop 2004 LE
2008-10-26 04:18 --------- d-----w C:\Program Files\Microsoft Works
2008-10-26 04:18 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-10-26 04:18 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-10-26 04:18 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2008-10-26 04:18 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-10-26 04:18 --------- d-----w C:\Program Files\Lavasoft
2008-10-26 04:17 --------- d-----w C:\Program Files\Juniper Networks
2008-10-26 04:17 --------- d-----w C:\Program Files\Java
2008-10-26 04:17 --------- d-----w C:\Program Files\ItsDeductibleEX
2008-10-26 04:17 --------- d-----w C:\Program Files\ItsDeductible2006
2008-10-26 04:17 --------- d-----w C:\Program Files\ItsDeductible2005
2008-10-26 04:17 --------- d-----w C:\Program Files\Iomega
2008-10-26 04:17 --------- d-----w C:\Program Files\IntelliMover Data Transfer Demo
2008-10-26 04:17 --------- d-----w C:\Program Files\Infogrames Interactive
2008-10-26 04:17 --------- d-----w C:\Program Files\HP
2008-10-26 04:17 --------- d-----w C:\Program Files\Hewlett-Packard
2008-10-26 04:17 --------- d-----w C:\Program Files\Hasbro Interactive
2008-10-26 04:15 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-26 04:15 --------- d-----w C:\Program Files\Common Files\Apple
2008-10-26 04:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-25 13:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-20 19:25 --------- d-----w C:\Documents and Settings\Owner\Application Data\AirSet Desktop Sync
2008-10-16 01:30 30 ----a-w C:\Documents and Settings\Owner\jagex_runescape_preferences.dat
2008-03-17 17:38 103,536 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2004-11-01 23:37 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-10-26_20.01.28.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 20:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-10-27 01:48:35 9,252,864 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-10-27 01:48:35 802,816 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 20:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-10-27 01:48:21 9,252,864 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-10-27 01:48:22 802,816 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2008-09-29 19:42:35 102,400 ----a-r C:\WINDOWS\Installer\{41B9E2CF-0B3F-442A-B5B3-592A4A355634}\iTunesIco.exe
+ 2008-10-27 14:13:43 102,400 ----a-r C:\WINDOWS\Installer\{41B9E2CF-0B3F-442A-B5B3-592A4A355634}\iTunesIco.exe
- 2008-10-27 00:58:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-10-27 18:32:19 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-10-27 00:58:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-27 18:32:19 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-27 18:06:06 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102020081027\index.dat
+ 2008-10-27 18:06:06 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102720081028\index.dat
- 2008-10-27 00:58:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-27 18:32:19 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-09 18:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 23:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-06-27 20:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 15:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2004-05-20 856064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"VTTimer"="VTTimer.exe" [2005-03-08 C:\WINDOWS\system32\VTTimer.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Southwest Airlines\\Ding\\Ding.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-04-10 23552]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 45568]
S2 ltmdmntc;ltmdmntc;C:\WINDOWS\System32\drivers\ltmdmntc.sys [ ]
S2 W55U01;WINBOND W55U01 USB;C:\WINDOWS\system32\Drivers\W55U01.sys [2005-08-12 15232]
S2 X4HS32;X4HS32;C:\Program Files\EXEtender\X4HS32.Sys [ ]
S3 BulkUsb;Usbscan.Sys;C:\WINDOWS\system32\Drivers\usbscan.sys [2004-08-04 15104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9748cf25-b2a6-11dc-b0ef-000ea6306fee}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/keylauncher/?code=3654261420322001 (http://\"http://www.mgae.com/keylauncher/?code=3654261420322001\")
.
Contents of the 'Scheduled Tasks' folder
2008-10-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe []
2004-03-17 C:\WINDOWS\Tasks\Easy Internet Sign-up.job
- C:\Program Files\Easy Internet signup\HPSdpApp.exe []
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O16 -: {5445BE81-B796-11D2-B931-002018654E2E} - hxxps://cim.accenture.com/system/web/view/live/messaging/ie/SecMgr.cab
C:\WINDOWS\Downloaded Program Files\SecMgr.inf
O16 -: {B33422AC-C567-4F7D-BB28-6583371EC4EE} - hxxps://portal.accenture.com/NAVIGATOR/CMS/WebAuthor/Client/PlaceholderControlSupport/NRDHtml.cab
C:\WINDOWS\Downloaded Program Files\NRDHtml.inf
C:\WINDOWS\Downloaded Program Files\ncbmprdr.dll
O16 -: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} - hxxps://portal.accenture.com/NAVIGATOR/CMS/WebAuthor/Client/PlaceholderControlSupport/nrdhtml.cab
C:\WINDOWS\Downloaded Program Files\NRDHtml.inf
C:\WINDOWS\Downloaded Program Files\ncbmprdr.dll
C:\WINDOWS\Downloaded Program Files\NRDHtml.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-10-27 13:31:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSijso.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\urlmon.dll
-> ?:\WINDOWS\system32\urlmon.dll
-> ?:\WINDOWS\system32\DSOUND.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-10-27 13:36:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-27 18:36:00
ComboFix2.txt 2008-10-27 17:38:42
ComboFix3.txt 2008-10-27 01:01:53
Pre-Run: 41,382,154,240 bytes free
Post-Run: 41,430,233,088 bytes free
224
Post by: guestolo on October 27, 2008, 01:50:27 PM
Can you do the following
Insert your USB thumbdrive into this computer
Have Avira scan it please
You can just right click on the drive thru MyComputer
and select to scan with Avira
When done, leave the Thumbdrive inserted to the computer for now
Then:
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work
[color=\"#0000FF\"]KillAll::
Driver::
TDSSserv.sys
File::
C:\WINDOWS\rogip.sys
C:\Documents and Settings\All Users\Application Data\gosy.reg
C:\WINDOWS\ykupyja.sys
C:\Documents and Settings\All Users\Application Data\voweva.vbs
C:\WINDOWS\system32\likyluki.bin
C:\Documents and Settings\Owner\Application Data\aqixikixyd.dll
C:\Documents and Settings\All Users\Application Data\acoho.dat
C:\WINDOWS\ojeqopom.ban
C:\WINDOWS\system32\sowapiwoci.bin
C:\WINDOWS\system32\gukylyw.lib
C:\WINDOWS\system32\koda.bat
C:\Documents and Settings\All Users\Application Data\esurebale.pif
C:\WINDOWS\sopiryxuk.scr
C:\WINDOWS\nyfupa.vbs
C:\WINDOWS\yfywak.reg
C:\WINDOWS\ebog.lib
C:\WINDOWS\system32\drivers\TDSSijso.sys
Folder::
C:\temp\NoNav
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9748cf25-b2a6-11dc-b0ef-000ea6306fee}]
[/color]
Save this as txtfile on your desktop
CFScript
Then
(http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif)
Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
When finished, it shall produce a log for you with the same name C:\ComboFix.txt..
I'll need to see that log again
With that log, can you also post a fresh Hijackthis log and let me know how things are now running
Post by: scrappingmama on October 27, 2008, 03:03:03 PM
ComboFix 08-10-27.01 - Owner 2008-10-27 15:04:00.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.666 [GMT -5:00]
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\Documents and Settings\All Users\Application Data\acoho.dat
C:\Documents and Settings\All Users\Application Data\esurebale.pif
C:\Documents and Settings\All Users\Application Data\gosy.reg
C:\Documents and Settings\All Users\Application Data\voweva.vbs
C:\Documents and Settings\Owner\Application Data\aqixikixyd.dll
C:\WINDOWS\ebog.lib
C:\WINDOWS\nyfupa.vbs
C:\WINDOWS\ojeqopom.ban
C:\WINDOWS\rogip.sys
C:\WINDOWS\sopiryxuk.scr
C:\WINDOWS\system32\drivers\TDSSijso.sys
C:\WINDOWS\system32\gukylyw.lib
C:\WINDOWS\system32\koda.bat
C:\WINDOWS\system32\likyluki.bin
C:\WINDOWS\system32\sowapiwoci.bin
C:\WINDOWS\yfywak.reg
C:\WINDOWS\ykupyja.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\acoho.dat
C:\Documents and Settings\All Users\Application Data\esurebale.pif
C:\Documents and Settings\All Users\Application Data\gosy.reg
C:\Documents and Settings\All Users\Application Data\voweva.vbs
C:\Documents and Settings\Owner\Application Data\aqixikixyd.dll
C:\temp\NoNav
C:\temp\NoNav\ESUGUnEn.exe
C:\temp\NoNav\nolu.inf
C:\temp\NoNav\nolu.reg
C:\temp\NoNav\NONAV.BAT
C:\temp\NoNav\nonav.inf
C:\temp\NoNav\nonav.pif
C:\temp\NoNav\nonav.reg
C:\temp\NoNav\nonav.txt
C:\temp\NoNav\noquar.inf
C:\temp\NoNav\noquar.reg
C:\temp\NoNav\RTVSTOP.EXE
C:\temp\NoNav\UnEngVar.BAT
C:\temp\NoNav\UnEngVar.Txt
C:\WINDOWS\ebog.lib
C:\WINDOWS\nyfupa.vbs
C:\WINDOWS\ojeqopom.ban
C:\WINDOWS\rogip.sys
C:\WINDOWS\sopiryxuk.scr
C:\WINDOWS\system32\drivers\TDSSijso.sys
C:\WINDOWS\system32\gukylyw.lib
C:\WINDOWS\system32\koda.bat
C:\WINDOWS\system32\likyluki.bin
C:\WINDOWS\system32\sowapiwoci.bin
C:\WINDOWS\yfywak.reg
C:\WINDOWS\ykupyja.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSserv
-------\Legacy_TDSSserv
-------\Legacy_TDSSSERV.SYS
((((((((((((((((((((((((( Files Created from 2008-09-27 to 2008-10-27 )))))))))))))))))))))))))))))))
.
2008-10-26 23:50 . 2008-10-26 23:50 <DIR> d-------- C:\Program Files\Avira
2008-10-26 23:50 . 2008-10-26 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-26 23:25 . 2008-10-27 15:04 <DIR> d-------- C:\temp
2008-10-26 22:31 . 2008-10-26 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-26 20:48 . 2008-10-26 20:48 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-26 20:47 . 2008-10-26 21:20 <DIR> d-------- C:\SDFix
2008-10-26 19:19 . 2008-10-26 19:29 <DIR> d-------- C:\Program Files\Microsoft Money
2008-10-26 15:57 . 2008-10-26 15:57 <DIR> d-------- C:\rsit
2008-10-26 15:31 . 2008-10-26 15:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-26 14:13 . 2008-10-26 14:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-26 14:13 . 2008-10-26 14:13 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-26 14:13 . 2008-10-26 14:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-26 14:13 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-26 14:13 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-26 02:18 . 2008-10-26 02:18 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-10-26 01:57 . 2008-10-26 01:51 1,554,567 --a------ C:\SDFix.exe
2008-10-25 14:51 . 2008-10-25 14:51 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
2008-10-25 14:51 . 2008-10-27 15:02 77,824 --a------ C:\WINDOWS\system32\TDSSeuvq.dll
2008-10-25 14:51 . 2008-10-27 15:02 31,232 --a------ C:\WINDOWS\system32\TDSSckvy.dll
2008-10-25 14:51 . 2008-10-27 15:02 30,720 --a------ C:\WINDOWS\system32\TDSSfhvv.dll
2008-10-25 14:51 . 2008-10-27 15:02 29,696 --a------ C:\WINDOWS\system32\TDSSurta.dll
2008-10-25 14:51 . 2008-10-27 15:02 26,112 --a------ C:\WINDOWS\system32\TDSSesan.dll
2008-10-25 14:51 . 2008-10-27 15:02 2,840 --a------ C:\WINDOWS\system32\TDSSnhvw.dll
2008-10-25 14:51 . 2008-10-27 15:02 164 --a------ C:\WINDOWS\system32\TDSSierd.dat
2008-09-29 14:41 . 2008-10-27 09:13 <DIR> d-------- C:\Program Files\iTunes
2008-09-29 14:41 . 2008-09-29 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-29 14:39 . 2008-10-25 23:12 <DIR> d-------- C:\Program Files\Bonjour
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-27 14:13 --------- d-----w C:\Program Files\iPod
2008-10-26 04:36 --------- d-----w C:\Program Files\Wal-Mart Music Downloads Store
2008-10-26 04:19 --------- d-----w C:\Program Files\THQ
2008-10-26 04:19 --------- d-----w C:\Program Files\sz8032
2008-10-26 04:19 --------- d-----w C:\Program Files\sz8022
2008-10-26 04:19 --------- d-----w C:\Program Files\Scholastic
2008-10-26 04:19 --------- d-----w C:\Program Files\RecordNow!
2008-10-26 04:19 --------- d-----w C:\Program Files\QuickTime
2008-10-26 04:19 --------- d-----w C:\Program Files\Print Workshop 2004 LE
2008-10-26 04:18 --------- d-----w C:\Program Files\Microsoft Works
2008-10-26 04:18 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-10-26 04:18 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-10-26 04:18 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2008-10-26 04:18 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-10-26 04:18 --------- d-----w C:\Program Files\Lavasoft
2008-10-26 04:17 --------- d-----w C:\Program Files\Juniper Networks
2008-10-26 04:17 --------- d-----w C:\Program Files\Java
2008-10-26 04:17 --------- d-----w C:\Program Files\ItsDeductibleEX
2008-10-26 04:17 --------- d-----w C:\Program Files\ItsDeductible2006
2008-10-26 04:17 --------- d-----w C:\Program Files\ItsDeductible2005
2008-10-26 04:17 --------- d-----w C:\Program Files\Iomega
2008-10-26 04:17 --------- d-----w C:\Program Files\IntelliMover Data Transfer Demo
2008-10-26 04:17 --------- d-----w C:\Program Files\Infogrames Interactive
2008-10-26 04:17 --------- d-----w C:\Program Files\HP
2008-10-26 04:17 --------- d-----w C:\Program Files\Hewlett-Packard
2008-10-26 04:17 --------- d-----w C:\Program Files\Hasbro Interactive
2008-10-26 04:15 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-26 04:15 --------- d-----w C:\Program Files\Common Files\Apple
2008-10-26 04:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-25 13:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-20 19:25 --------- d-----w C:\Documents and Settings\Owner\Application Data\AirSet Desktop Sync
2008-10-16 01:30 30 ----a-w C:\Documents and Settings\Owner\jagex_runescape_preferences.dat
2008-03-17 17:38 103,536 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2004-11-01 23:37 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-10-26_20.01.28.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 20:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-10-27 01:48:35 9,252,864 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-10-27 01:48:35 802,816 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 20:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-10-27 01:48:21 9,252,864 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-10-27 01:48:22 802,816 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2008-09-29 19:42:35 102,400 ----a-r C:\WINDOWS\Installer\{41B9E2CF-0B3F-442A-B5B3-592A4A355634}\iTunesIco.exe
+ 2008-10-27 14:13:43 102,400 ----a-r C:\WINDOWS\Installer\{41B9E2CF-0B3F-442A-B5B3-592A4A355634}\iTunesIco.exe
- 2008-10-27 00:58:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-10-27 20:02:04 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-10-27 00:58:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-27 20:02:04 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-27 18:06:06 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102020081027\index.dat
+ 2008-10-27 18:42:19 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102720081028\index.dat
- 2008-10-27 00:58:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-27 20:02:04 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-09 18:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 23:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-06-27 20:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 15:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2004-05-20 856064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"VTTimer"="VTTimer.exe" [2005-03-08 C:\WINDOWS\system32\VTTimer.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Southwest Airlines\\Ding\\Ding.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-04-10 23552]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 45568]
S2 ltmdmntc;ltmdmntc;C:\WINDOWS\System32\drivers\ltmdmntc.sys [ ]
S2 W55U01;WINBOND W55U01 USB;C:\WINDOWS\system32\Drivers\W55U01.sys [2005-08-12 15232]
S2 X4HS32;X4HS32;C:\Program Files\EXEtender\X4HS32.Sys [ ]
S3 BulkUsb;Usbscan.Sys;C:\WINDOWS\system32\Drivers\usbscan.sys [2004-08-04 15104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2008-10-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe []
2004-03-17 C:\WINDOWS\Tasks\Easy Internet Sign-up.job
- C:\Program Files\Easy Internet signup\HPSdpApp.exe []
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-10-27 15:10:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSijso.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-10-27 15:18:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-27 20:18:52
ComboFix2.txt 2008-10-27 18:36:11
ComboFix3.txt 2008-10-27 17:38:42
ComboFix4.txt 2008-10-27 01:01:53
Pre-Run: 41,345,298,432 bytes free
Post-Run: 41,392,779,264 bytes free
233
HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:40:46 PM, on 10/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab (http://\"http://www1.snapfish.com/SnapfishActivia.cab\")
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - https://cim.accenture.com/system/web/view/l...g/ie/SecMgr.cab (http://\"https://cim.accenture.com/system/web/view/live/messaging/ie/SecMgr.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409226343 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218409226343\")
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (http://\"http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409212234 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218409212234\")
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (http://\"https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab\")
O16 - DPF: {B33422AC-C567-4F7D-BB28-6583371EC4EE} (Microsoft CMS HTML Editor) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/NRDHtml.cab (http://\"https://portal.accenture.com/NAVIGATOR/CMS/WebAuthor/Client/PlaceholderControlSupport/NRDHtml.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (http://\"http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab\")
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab (http://\"http://a.download.toontown.com/sv1.0.15.44/ttinst.cab\")
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://amr1-extranet.accenture.com/dana-ca...perSetupSP1.cab (http://\"https://amr1-extranet.accenture.com/dana-cached/setup/JuniperSetupSP1.cab\")
O16 - DPF: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} (Microsoft CMS HTML Editor Toolbar) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/nrdhtml.cab (http://\"https://portal.accenture.com/NAVIGATOR/CMS/WebAuthor/Client/PlaceholderControlSupport/nrdhtml.cab\")
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
--
End of file - 8197 bytes
Things seem to running okay, but I'm missing a lot of files/executables so most of my apps no longer work. Also, I still keep getting a Windows Install on report that tries to install TrayApp.
What do you recommend I use for AV and other protection on this computer and my new Vista laptop?
Thanks.
Post by: guestolo on October 27, 2008, 06:04:59 PM
We're going to redo that step
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work
[color=\"#0000FF\"]KillAll::
Driver::
TDSSserv.sys
File::
C:\WINDOWS\system32\TDSSeuvq.dll
C:\WINDOWS\system32\TDSSckvy.dll
C:\WINDOWS\system32\TDSSfhvv.dll
C:\WINDOWS\system32\TDSSurta.dll
C:\WINDOWS\system32\TDSSesan.dll
C:\WINDOWS\system32\TDSSnhvw.dll
C:\WINDOWS\system32\TDSSierd.dat
C:\WINDOWS\system32\drivers\TDSSijso.sys
Registry::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
[/color]
Save this as txtfile on your desktop
CFScript
Then
(http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif)
Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
When finished, it shall produce a log for you with the same name C:\ComboFix.txt..
I'll need to see that log again later
NOTE: Do you have a disk for your HP Printer/Scanner
If so, when prompted for trayapp, can you put the CD in and see what happens
Can you again temporarily disable Avira, by right click it's icon and unchecking "AntiVir Guard Enable"
Please do a scan with [color=\"#3333FF\"]Kaspersky Online Scanner[/color] (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html\")
[color=\"green\"]Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.[/color]
Click on the Accept button and install any components it needs.
- The program will install and then begin downloading the latest definition files.
- After the files have been downloaded on the left side of the page in the Scan section select My Computer.
- This will start the program and scan your system.
- The scan will take a while, so be patient and let it run.
- Once the scan is complete, click on View scan report
- Now, click on the Save Report as button.
- In the drop down box labeled Files of type change the type to Text file.
- Save the file to your desktop.
- Copy and paste that information in your next post along with the log from ComboFix please
Ensure to reenable the Guard for Avira when the scan is completed
Post by: scrappingmama on October 27, 2008, 08:05:52 PM
Once we get this computer clean enough for me to move things off of, I think it is time to re-image it and start with a fresh install. At this point, none of the applications (except IE) work so it is only data I have to be careful to get.
I am just about to run the Kaspersky scan but I will leave it running tonight. I will post the log in the morning if I have time before I go to work.
Here is the combofix log --
ComboFix 08-10-27.02 - Owner 2008-10-27 20:22:58.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.592 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\cfscript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\system32\drivers\TDSSijso.sys
C:\WINDOWS\system32\TDSSckvy.dll
C:\WINDOWS\system32\TDSSesan.dll
C:\WINDOWS\system32\TDSSeuvq.dll
C:\WINDOWS\system32\TDSSfhvv.dll
C:\WINDOWS\system32\TDSSierd.dat
C:\WINDOWS\system32\TDSSnhvw.dll
C:\WINDOWS\system32\TDSSurta.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\TDSSckvy.dll
C:\WINDOWS\system32\TDSSesan.dll
C:\WINDOWS\system32\TDSSfhvv.dll
C:\WINDOWS\system32\TDSSierd.dat
C:\WINDOWS\system32\TDSSnhvw.dll
C:\WINDOWS\system32\TDSSurta.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSserv.sys
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-28 )))))))))))))))))))))))))))))))
.
2008-10-26 23:50 . 2008-10-26 23:50 <DIR> d-------- C:\Program Files\Avira
2008-10-26 23:50 . 2008-10-26 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-26 23:25 . 2008-10-27 15:04 <DIR> d-------- C:\temp
2008-10-26 22:31 . 2008-10-26 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-26 20:48 . 2008-10-26 20:48 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-26 20:47 . 2008-10-26 21:20 <DIR> d-------- C:\SDFix
2008-10-26 19:19 . 2008-10-26 19:29 <DIR> d-------- C:\Program Files\Microsoft Money
2008-10-26 15:57 . 2008-10-26 15:57 <DIR> d-------- C:\rsit
2008-10-26 15:31 . 2008-10-26 15:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-26 14:13 . 2008-10-26 14:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-26 14:13 . 2008-10-26 14:13 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-26 14:13 . 2008-10-26 14:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-26 14:13 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-26 14:13 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-26 02:18 . 2008-10-26 02:18 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-10-26 01:57 . 2008-10-26 01:51 1,554,567 --a------ C:\SDFix.exe
2008-10-25 14:51 . 2008-10-25 14:51 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
2008-09-29 14:41 . 2008-10-27 09:13 <DIR> d-------- C:\Program Files\iTunes
2008-09-29 14:41 . 2008-09-29 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-29 14:39 . 2008-10-25 23:12 <DIR> d-------- C:\Program Files\Bonjour
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-27 14:13 --------- d-----w C:\Program Files\iPod
2008-10-26 04:36 --------- d-----w C:\Program Files\Wal-Mart Music Downloads Store
2008-10-26 04:19 --------- d-----w C:\Program Files\THQ
2008-10-26 04:19 --------- d-----w C:\Program Files\sz8032
2008-10-26 04:19 --------- d-----w C:\Program Files\sz8022
2008-10-26 04:19 --------- d-----w C:\Program Files\Scholastic
2008-10-26 04:19 --------- d-----w C:\Program Files\RecordNow!
2008-10-26 04:19 --------- d-----w C:\Program Files\QuickTime
2008-10-26 04:19 --------- d-----w C:\Program Files\Print Workshop 2004 LE
2008-10-26 04:18 --------- d-----w C:\Program Files\Microsoft Works
2008-10-26 04:18 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-10-26 04:18 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-10-26 04:18 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2008-10-26 04:18 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-10-26 04:18 --------- d-----w C:\Program Files\Lavasoft
2008-10-26 04:17 --------- d-----w C:\Program Files\Juniper Networks
2008-10-26 04:17 --------- d-----w C:\Program Files\Java
2008-10-26 04:17 --------- d-----w C:\Program Files\ItsDeductibleEX
2008-10-26 04:17 --------- d-----w C:\Program Files\ItsDeductible2006
2008-10-26 04:17 --------- d-----w C:\Program Files\ItsDeductible2005
2008-10-26 04:17 --------- d-----w C:\Program Files\Iomega
2008-10-26 04:17 --------- d-----w C:\Program Files\IntelliMover Data Transfer Demo
2008-10-26 04:17 --------- d-----w C:\Program Files\Infogrames Interactive
2008-10-26 04:17 --------- d-----w C:\Program Files\HP
2008-10-26 04:17 --------- d-----w C:\Program Files\Hewlett-Packard
2008-10-26 04:17 --------- d-----w C:\Program Files\Hasbro Interactive
2008-10-26 04:15 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-26 04:15 --------- d-----w C:\Program Files\Common Files\Apple
2008-10-26 04:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-25 13:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-20 19:25 --------- d-----w C:\Documents and Settings\Owner\Application Data\AirSet Desktop Sync
2008-10-16 01:30 30 ----a-w C:\Documents and Settings\Owner\jagex_runescape_preferences.dat
2008-08-29 15:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 14:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-03-17 17:38 103,536 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2004-11-01 23:37 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-10-26_20.01.28.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 20:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-10-27 01:48:35 9,252,864 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-10-27 01:48:35 802,816 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 20:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-10-27 01:48:21 9,252,864 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-10-27 01:48:22 802,816 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2008-05-11 02:33:53 65,536 ----a-r C:\WINDOWS\Installer\{10E1E87C-656C-4D08-86D6-5443D28583BE}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
+ 2008-10-28 01:16:17 65,536 ----a-r C:\WINDOWS\Installer\{10E1E87C-656C-4D08-86D6-5443D28583BE}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
- 2008-09-29 19:42:35 102,400 ----a-r C:\WINDOWS\Installer\{41B9E2CF-0B3F-442A-B5B3-592A4A355634}\iTunesIco.exe
+ 2008-10-27 14:13:43 102,400 ----a-r C:\WINDOWS\Installer\{41B9E2CF-0B3F-442A-B5B3-592A4A355634}\iTunesIco.exe
- 2008-10-27 00:58:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-10-27 20:02:04 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-10-27 00:58:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-27 20:02:04 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-27 18:06:06 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102020081027\index.dat
+ 2008-10-27 18:42:19 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102720081028\index.dat
+ 2008-05-09 18:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 23:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-06-27 20:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 15:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2004-05-20 856064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"VTTimer"="VTTimer.exe" [2005-03-08 C:\WINDOWS\system32\VTTimer.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Southwest Airlines\\Ding\\Ding.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-04-10 23552]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 45568]
S2 ltmdmntc;ltmdmntc;C:\WINDOWS\System32\drivers\ltmdmntc.sys [ ]
S2 W55U01;WINBOND W55U01 USB;C:\WINDOWS\system32\Drivers\W55U01.sys [2005-08-12 15232]
S2 X4HS32;X4HS32;C:\Program Files\EXEtender\X4HS32.Sys [ ]
S3 BulkUsb;Usbscan.Sys;C:\WINDOWS\system32\Drivers\usbscan.sys [2004-08-04 15104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2008-10-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe []
2004-03-17 C:\WINDOWS\Tasks\Easy Internet Sign-up.job
- C:\Program Files\Easy Internet signup\HPSdpApp.exe []
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-10-27 20:28:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-10-27 20:36:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-28 01:35:58
ComboFix2.txt 2008-10-27 20:18:58
ComboFix3.txt 2008-10-27 18:36:11
ComboFix4.txt 2008-10-27 17:38:42
ComboFix5.txt 2008-10-28 01:22:02
Pre-Run: 41,295,572,992 bytes free
Post-Run: 41,344,692,224 bytes free
192
Post by: guestolo on October 27, 2008, 08:37:55 PM
It is your option to Clean Install the system
If your having that much problems with programs, it may be the better route
and will ensure the system is clean
Post by: scrappingmama on October 28, 2008, 07:56:07 PM
While clean install may be my final result, having a clean system now is imperative so that I can back up all my data safely. I really appreciate all that you have done and I will post the Kaspersky results when they are complete.
What antivirus, internet security, antispyware, etc. packages do you recommend most for XP and Vista? I want to make sure my systems are better protected.
Post by: scrappingmama on October 28, 2008, 10:24:31 PM
Here are the results of the scan --
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, October 28, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, October 28, 2008 01:00:23
Records in database: 1352247
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan statistics:
Files scanned: 116389
Threat name: 5
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 25:52:06
File name / Threat name / Threats count
C:\Documents and Settings\Owner\Desktop\GetRidofHijackers\smitfraudfix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Owner\Desktop\nerodownload\Nero-7.7.5.1_eng_trial.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bm 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSckvy.dll.vir Infected: Backdoor.Win32.TDSS.atb 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSfhvv.dll.vir Infected: Trojan.Win32.Agent.akki 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSurta.dll.vir Infected: Backdoor.Win32.TDSS.asz 1
The selected area was scanned.
Post by: guestolo on October 29, 2008, 07:44:45 AM
The worst was found in ComboFix's quarantined area
Can you please post one last Hijackthis log, let me know what problems your still experiencing
Post by: scrappingmama on October 29, 2008, 09:03:51 PM
New HJT Log --
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:22 PM, on 10/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Java\jre6\bin\jusched.exe
c:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab (http://\"http://www1.snapfish.com/SnapfishActivia.cab\")
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - https://cim.accenture.com/system/web/view/l...g/ie/SecMgr.cab (http://\"https://cim.accenture.com/system/web/view/live/messaging/ie/SecMgr.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409226343 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218409226343\")
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (http://\"http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409212234 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218409212234\")
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (http://\"https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab\")
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=24931 (http://\"http://javadl.sun.com/webapps/download/AutoDL?BundleId=24931\")
O16 - DPF: {B33422AC-C567-4F7D-BB28-6583371EC4EE} (Microsoft CMS HTML Editor) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/NRDHtml.cab (http://\"https://portal.accenture.com/NAVIGATOR/CMS/WebAuthor/Client/PlaceholderControlSupport/NRDHtml.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (http://\"http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab\")
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab (http://\"http://a.download.toontown.com/sv1.0.15.44/ttinst.cab\")
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://amr1-extranet.accenture.com/dana-ca...perSetupSP1.cab (http://\"https://amr1-extranet.accenture.com/dana-cached/setup/JuniperSetupSP1.cab\")
O16 - DPF: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} (Microsoft CMS HTML Editor Toolbar) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/nrdhtml.cab (http://\"https://portal.accenture.com/NAVIGATOR/CMS/WebAuthor/Client/PlaceholderControlSupport/nrdhtml.cab\")
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - c:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
--
End of file - 8613 bytes
Post by: guestolo on October 30, 2008, 08:33:01 PM
Does Avira work?
Does Windows Updates still work?
Since your willing to reinstall, ensure that you scan your backups with Avira or another updated virus scanner
In addition, after you CLEAN install
Look at the following
You don't have to protect your computer with Avira AntiVirus, if you don't prefer
But please look at the following advice
[color=\"#4169E1\"]How to Prevent Malware:[/color] (http://\"http://users.telenet.be/bluepatchy/miekiemoes/prevention.html\")
Post by: scrappingmama on October 30, 2008, 09:10:15 PM
Windows update was not set to automatic and that is another thing that likely caused a lot of my issues.
Avira is working and I have read up on the AV/spyware/malware, etc. comparisons and Avira ranks better than most though it looks like the next level might be a bit better.
I scanned my back ups at the same time you had me scan my USB thumbdrive and everything was okay.
What are some of the products I can run together or is there one that does it all (antivirus, antispyware, antimalware)?
Post by: guestolo on October 30, 2008, 09:25:45 PM
How to Prevent Malware???
Post by: scrappingmama on October 31, 2008, 08:02:01 PM
Also, I have a new Vista laptop. If I use Avira on my current XP desktop, I plan on also using it on my new Vista laptop. However, factory install includes a Norton option to install. It pops up on every start up. I didn't install it but I think I need to get rid of it to install Avira, right?
Thanks again for everything. This has been an unfortunate but productive learning experience.
Post by: guestolo on November 02, 2008, 12:58:07 PM
If not, we should do some final cleanup procedures
I like Avira, and also Avast, you will only want to use one
Install SpywareBlaster, the latest version
Is Norton installed on the Vista laptop right now
Check your uninstall Programs and see if you can find it in the list
Post by: guestolo on November 02, 2008, 01:00:52 PM
If not, we should do some final cleanup procedures
I like Avira, and also Avast, you will only want to use one
Install SpywareBlaster, the latest version
Is Norton installed on the Vista laptop right now
Check your uninstall Programs and see if you can find it in the list
For spyware protection, Vista has Windows Defender installed by default
It will help prevent installation of spyware, also use SpywareBlaster
Meikemoes site gives the links and great info
You can also install Windows Defender on your XP box if you like
I can link you to it
You can set scheduled scanning
For on-demand spyware scanning, Malwarebytes Anti-Malware does a good jog
Update and run a Quick scan occassionally
Post by: scrappingmama on November 02, 2008, 01:26:30 PM
On the Vista laptop, it does have Windows Defender already installed. It is a Dell from Best Buy and they load up a bunch of junk you don't need. Norton is already "installed" but you have to accept it which I haven't done. I see it in the add/remove programs. I'm assuming I have to use the Norton uninstall program that you sent me earlier for my current laptop.
So, for the 'infected' XP box, I will use Avira with SpywareBlaster or Windows Defender (if you have the link).
For the new Vista laptop, I will use Avira with Windows Defender.
Does that all sound correct?
If you think there is extra cleanup then please send me the steps when you get a chance.
Post by: guestolo on November 02, 2008, 01:45:15 PM
SpywareBlaster just sets registry killbits to silently protect you
They won't interfere with each other
Can I see the following
Can you run RSIT.exe one last time and post the log that opens
Let's ensure it looks good, then we'll do some final steps
Post by: scrappingmama on November 02, 2008, 04:46:58 PM
Avira Premium = Keep viruses, malware, adware, and spyware out of your PC.
Avast = Scan your computer for viruses, worms, and Trojan horses.
Here you go --
Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-11-02 15:44:37
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 37 GB (34%) free of 109 GB
Total RAM: 959 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:44:39 PM, on 11/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Documents and Settings\Owner\Desktop\GetRidofHijackers\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html (http://\"http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab (http://\"http://www1.snapfish.com/SnapfishActivia.cab\")
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - https://cim.accenture.com/system/web/view/l...g/ie/SecMgr.cab (http://\"https://cim.accenture.com/system/web/view/live/messaging/ie/SecMgr.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409226343 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218409226343\")
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (http://\"http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409212234 (http://\"http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218409212234\")
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (http://\"https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab\")
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=24931 (http://\"http://javadl.sun.com/webapps/download/AutoDL?BundleId=24931\")
O16 - DPF: {B33422AC-C567-4F7D-BB28-6583371EC4EE} (Microsoft CMS HTML Editor) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/NRDHtml.cab (http://\"https://portal.accenture.com/NAVIGATOR/CMS/WebAuthor/Client/PlaceholderControlSupport/NRDHtml.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (http://\"http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab\")
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab (http://\"http://a.download.toontown.com/sv1.0.15.44/ttinst.cab\")
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://amr1-extranet.accenture.com/dana-ca...perSetupSP1.cab (http://\"https://amr1-extranet.accenture.com/dana-cached/setup/JuniperSetupSP1.cab\")
O16 - DPF: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} (Microsoft CMS HTML Editor Toolbar) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/nrdhtml.cab (http://\"https://portal.accenture.com/NAVIGATOR/CMS/WebAuthor/Client/PlaceholderControlSupport/nrdhtml.cab\")
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - c:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
--
End of file - 8643 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Easy Internet Sign-up.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - c:\Program Files\Java\jre6\bin\ssv.dll [2008-10-27 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - c:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-27 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - c:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-27 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-08 53248]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\point32.exe [2005-03-23 217088]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"SunJavaUpdateSched"=c:\Program Files\Java\jre6\bin\jusched.exe [2008-10-27 136600]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe [2004-05-20 856064]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-07 315392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"=C:\Program Files\ewido\security suite\shellhook.dll [2004-09-30 39488]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Southwest Airlines\Ding\Ding.exe"="C:\Program Files\Southwest Airlines\Ding\Ding.exe:*:Disabled:DING!"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
======List of files/folders created in the last 1 months======
2008-11-01 00:12:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-01 00:12:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-01 00:11:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-01 00:11:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-01 00:11:06 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-01 00:10:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-01 00:10:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-01 00:10:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-01 00:10:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-01 00:09:55 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-11-01 00:09:27 ----D---- C:\Program Files\MSXML 6.0
2008-11-01 00:07:19 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-11-01 00:06:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-01 00:06:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-01 00:06:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-01 00:05:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-01 00:04:59 ----HDC---- C:\WINDOWS\$NtUninstallKB901190$
2008-11-01 00:04:39 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-01 00:04:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-01 00:04:07 ----D---- C:\WINDOWS\SQL9_KB948109_ENU
2008-11-01 00:03:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-01 00:03:18 ----D---- C:\Program Files\MSXML 4.0
2008-11-01 00:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-11-01 00:02:29 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-10-31 07:53:15 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-31 07:37:06 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-31 07:37:06 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-30 21:10:09 ----D---- C:\Program Files\iPod
2008-10-30 21:10:06 ----D---- C:\Program Files\iTunes
2008-10-30 21:10:06 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-30 21:09:03 ----D---- C:\Program Files\QuickTime
2008-10-30 07:22:31 ----D---- C:\Program Files\MSN Messenger
2008-10-30 06:33:15 ----SHD---- C:\RECYCLER
2008-10-27 19:49:09 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-27 19:49:09 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-27 19:49:09 ----A---- C:\WINDOWS\system32\java.exe
2008-10-27 19:49:09 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-10-27 19:36:07 ----D---- C:\WINDOWS\temp
2008-10-27 19:36:05 ----A---- C:\ComboFix.txt
2008-10-26 22:50:34 ----D---- C:\Program Files\Avira
2008-10-26 22:50:34 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-26 22:25:06 ----D---- C:\temp
2008-10-26 21:31:43 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-26 19:48:07 ----D---- C:\WINDOWS\ERUNT
2008-10-26 19:47:09 ----D---- C:\SDFix
2008-10-26 18:45:00 ----A---- C:\WINDOWS\zip.exe
2008-10-26 18:45:00 ----A---- C:\WINDOWS\VFIND.exe
2008-10-26 18:45:00 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-26 18:45:00 ----A---- C:\WINDOWS\SWSC.exe
2008-10-26 18:45:00 ----A---- C:\WINDOWS\SWREG.exe
2008-10-26 18:45:00 ----A---- C:\WINDOWS\sed.exe
2008-10-26 18:45:00 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-26 18:45:00 ----A---- C:\WINDOWS\grep.exe
2008-10-26 18:45:00 ----A---- C:\WINDOWS\fdsv.exe
2008-10-26 18:44:59 ----D---- C:\WINDOWS\ERDNT
2008-10-26 18:44:59 ----D---- C:\Qoobox
2008-10-26 18:19:48 ----D---- C:\Program Files\Microsoft Money
2008-10-26 14:57:28 ----D---- C:\rsit
2008-10-26 14:31:48 ----D---- C:\Program Files\Trend Micro
2008-10-26 13:13:29 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-26 13:13:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-26 13:13:24 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-26 01:18:36 ----D---- C:\Program Files\Microsoft ActiveSync
2008-10-26 01:18:31 ----D---- C:\Program Files\Common Files\Designer
2008-10-26 01:18:17 ----D---- C:\Program Files\Common Files\ODBC
2008-10-26 00:57:40 ----A---- C:\SDFix.exe
======List of files/folders modified in the last 1 months======
2008-11-02 13:14:36 ----SHD---- C:\WINDOWS\Installer
2008-11-02 13:12:47 ----D---- C:\WINDOWS\Prefetch
2008-11-02 13:12:46 ----D---- C:\WINDOWS\Debug
2008-11-02 09:21:42 ----HD---- C:\Config.Msi
2008-11-02 09:21:18 ----D---- C:\WINDOWS\system32
2008-11-02 09:21:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-01 22:52:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-01 22:51:22 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-01 00:20:40 ----D---- C:\WINDOWS
2008-11-01 00:12:21 ----HD---- C:\WINDOWS\inf
2008-11-01 00:12:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-01 00:12:20 ----D---- C:\WINDOWS\system32\drivers
2008-11-01 00:12:18 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-01 00:12:16 ----A---- C:\WINDOWS\imsins.BAK
2008-11-01 00:10:14 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-01 00:09:55 ----AD---- C:\Program Files
2008-11-01 00:08:00 ----D---- C:\Program Files\Internet Explorer
2008-11-01 00:04:40 ----D---- C:\WINDOWS\WinSxS
2008-11-01 00:02:36 ----D---- C:\Program Files\Windows Media Player
2008-10-31 08:12:13 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-30 21:09:07 ----D---- C:\Program Files\Common Files\Apple
2008-10-30 21:08:50 ----SD---- C:\WINDOWS\Tasks
2008-10-30 21:03:10 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-27 19:49:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-27 19:48:52 ----D---- C:\Program Files\Java
2008-10-27 19:39:34 ----A---- C:\WINDOWS\hpdj5100.ini
2008-10-27 19:39:33 ----D---- C:\Program Files\Hewlett-Packard
2008-10-27 19:27:54 ----A---- C:\WINDOWS\system.ini
2008-10-27 19:26:33 ----D---- C:\WINDOWS\system32\config
2008-10-27 19:24:54 ----D---- C:\WINDOWS\AppPatch
2008-10-27 19:24:54 ----D---- C:\Program Files\Common Files
2008-10-26 23:56:23 ----D---- C:\WINDOWS\system32\ActiveScan
2008-10-26 19:54:24 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-26 14:29:28 ----D---- C:\HJT
2008-10-26 01:18:22 ----D---- C:\Program Files\Microsoft Office
2008-10-25 22:36:34 ----D---- C:\Program Files\Wal-Mart Music Downloads Store
2008-10-25 22:20:09 ----D---- C:\Program Files\Windows NT
2008-10-25 22:19:41 ----D---- C:\Program Files\THQ
2008-10-25 22:19:35 ----D---- C:\Program Files\sz8032
2008-10-25 22:19:35 ----D---- C:\Program Files\sz8022
2008-10-25 22:19:32 ----D---- C:\Program Files\Scholastic
2008-10-25 22:19:32 ----D---- C:\Program Files\RecordNow!
2008-10-25 22:19:24 ----D---- C:\Program Files\Print Workshop 2004 LE
2008-10-25 22:19:20 ----D---- C:\Program Files\Outlook Express
2008-10-25 22:19:09 ----D---- C:\Program Files\NetMeeting
2008-10-25 22:18:21 ----D---- C:\Program Files\Movie Maker
2008-10-25 22:18:12 ----D---- C:\Program Files\Microsoft Works
2008-10-25 22:18:12 ----D---- C:\Program Files\Microsoft Visual Studio 8
2008-10-25 22:18:04 ----D---- C:\Program Files\Microsoft SQL Server
2008-10-25 22:18:04 ----D---- C:\Program Files\Microsoft Plus! Digital Media Edition
2008-10-25 22:18:01 ----D---- C:\Program Files\Microsoft IntelliPoint
2008-10-25 22:18:00 ----D---- C:\Program Files\Lavasoft
2008-10-25 22:17:52 ----D---- C:\Program Files\Juniper Networks
2008-10-25 22:17:31 ----D---- C:\Program Files\ItsDeductibleEX
2008-10-25 22:17:31 ----D---- C:\Program Files\ItsDeductible2006
2008-10-25 22:17:30 ----D---- C:\Program Files\ItsDeductible2005
2008-10-25 22:17:30 ----D---- C:\Program Files\Iomega
2008-10-25 22:17:29 ----D---- C:\Program Files\IntelliMover Data Transfer Demo
2008-10-25 22:17:27 ----D---- C:\Program Files\Infogrames Interactive
2008-10-25 22:17:22 ----D---- C:\Program Files\HP
2008-10-25 22:17:09 ----D---- C:\Program Files\Hasbro Interactive
2008-10-25 22:16:48 ----D---- C:\Program Files\Common Files\System
2008-10-25 22:15:56 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-25 22:15:46 ----D---- C:\Program Files\Common Files\Adobe
2008-10-25 22:12:35 ----D---- C:\Program Files\Bonjour
2008-10-25 22:12:28 ----D---- C:\Program Files\Adobe
2008-10-25 22:07:16 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-10-25 07:33:54 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-20 13:25:49 ----D---- C:\Documents and Settings\Owner\Application Data\AirSet Desktop Sync
2008-10-15 10:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-14 18:23:24 ----A---- C:\WINDOWS\EUCHRE~1.INI
2008-10-07 12:19:42 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-03 37376]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-04-11 10624]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2002-08-29 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2002-08-29 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 dsNcAdpt;Juniper Network Connect Adapter; C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-04-10 23552]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 45568]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-07-02 652497]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2004-01-20 28256]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-03-15 20352]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2002-07-29 23808]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2005-03-08 172544]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2007-04-16 194362]
S2 ltmdmntc;ltmdmntc; \??\C:\WINDOWS\System32\drivers\ltmdmntc.sys []
S2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys []
S2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\System32\DRIVERS\nvcap.sys [2003-07-30 126348]
S2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2003-07-30 13006]
S2 W55U01;WINBOND W55U01 USB; C:\WINDOWS\System32\Drivers\W55U01.sys [2005-08-12 15232]
S2 X4HS32;X4HS32; \??\C:\Program Files\EXEtender\X4HS32.Sys []
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 BulkUsb;Usbscan.Sys; C:\WINDOWS\System32\Drivers\usbscan.sys [2004-08-03 15104]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2003-01-16 41984]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-03 166912]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-05-06 394752]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SQTECH905C;ViviCam 35; C:\WINDOWS\System32\Drivers\Capt905c.sys [2005-01-25 33307]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]
S3 USBIO;USBIO Driver (usbio.sys); C:\WINDOWS\System32\Drivers\usbio.sys [2001-05-07 19805]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-03 5504]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk; C:\Program Files\Iomega\AutoDisk\ADService.exe [2002-09-24 151552]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-26 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-26 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 dsNcService;Juniper Network Connect Service; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [2007-04-10 407136]
R2 ewido security suite control;ewido security suite control; C:\Program Files\ewido\security suite\ewidoctrl.exe [2004-11-11 16448]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 Iomega App Services;Iomega App Services; C:\PROGRA~1\Iomega\System32\AppServices.exe [2002-09-04 73728]
R2 JavaQuickStarterService;Java Quick Starter; c:\Program Files\Java\jre6\bin\jqs.exe [2008-10-27 152984]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-08-19 77824]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe []
S4 Iomega Activity Disk2;Iomega Activity Disk2; []
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe []
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
-----------------EOF-----------------
Post by: guestolo on November 02, 2008, 06:51:15 PM
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
Post by: scrappingmama on November 03, 2008, 08:54:20 PM
"Doras Carnival Adventure (remove only)"
"Nick Video Jigsaw Jam (remove only)"
32 Bit HP CIO Components Installer
3D Groove Playback Engine
Action Replay Code Manager
Active Disk
Ad-Aware SE Personal
Adobe Download Manager 2.2 (Remove Only)
Adobe Flash Player ActiveX
Adobe Photoshop Album Starter Edition
Adobe Reader 7.0.9
Adobe Shockwave Player
Adventures of Bleeposaurus (remove only)
AirSet Desktop Sync
Alphabet Express
Amazing Windows XP Screen Saver 1.2
American Greetings® CreataCard® Silver 5
Anark Client 1.0
Ancient Hearts & Spades
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
Avira AntiVir Personal - Free Antivirus
Barbie ® as Princess Bride (tm)
Big Kahuna Reef
Bleeposaurus 2: Dragonfire (remove only)
Boggle
Boggle (remove only)
Bonjour
BOSS Fonts Manager
Bricks of Atlantis
Candy Land - Dora the Explorer Edition
Card Classics
CatDog
CDBurnerXP Pro 3
Centipede
Chaotic
Charm Solitaire
CK Creative Clips and Fonts Sampler
CleanUp!
Compaq Connections
Compaq Instant Support
Compaq Organize
Corel Applications
Coupon Printer for Windows
Danny Phantom Ghost Sweep (remove only)
Data Converter
DesignPro 5.4 Limited Edition
Diego`s Dinosaur Adventure (remove only)
Diner Dash
DING!
Direct Show Ogg Vorbis Filter (remove only)
Disney/Pixar's Buzz Lightyear 2nd Grade
Disney's Mickey Mouse Preschool
Disney's Phonics Quest
Disney's Ready for Math with Pooh
Disney's Toontown Online
Disney's Winnie the Pooh Preschool
Dora Backpack
Dora Knows Your Name
Dora Lost City
Dora the Explorer Screen Saver
Dora`s Magic Castle (remove only)
Doras Rapido River Rafting Race (remove only)
Doras Star Catching Game (remove only)
Dora's World Adventure
Dream Vacation Solitaire
Drop Heads (remove only)
Easy Internet Sign-up
ebgcInfra
ebgcRes
ebgcRes
ebgcSDK
EPSON Printer Software
ewido security suite
EXEtender Player
FA Addition Subtraction
Fairly Odd Parents - Big Super Hero Wish (remove only)
Fairly Odd Parents Information Stupor Highway (remove only)
FamilyFeudOnlineParty (remove only)
Fatman Adventures 2 (remove only)
Feeding Frenzy (remove only)
Garmin Communicator Plugin
Google Earth
Gutterball
Halloween Screen Saver
HijackThis 2.0.2
Holiday Snowflakes Screen Saver 1.2
Hooked on Phonics Learn to Read
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 9.0
HP Deskjet Preloaded Printer Drivers
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photo & Imaging 3.1
HP Photo and Imaging 2.0 - Deskjet Series
HP Photo and Imaging 2.0 - Photosmart Cameras
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Print Diagnostic Utility
HP Product Detection
HP PSC & OfficeJet 3.0
HP Solution Center 9.0
HP Update
HPSSupply
Human 3D LR1n
In A Flash 3
In A Flash Photo 3
Insaniquarium Deluxe
Inspheration
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
IomegaWare 4.0.2
ItsDeductible Express
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java(tm) 6 Update 10
Jewel Quest
Jewel Quest II (remove only)
Jewel Quest Solitaire (remove only)
Jimmy Neutron Boy Genius
Jimmy Neutron Invention Revenge (remove only)
JumpStart Animal Adventures
JumpStart Explorers
JumpStart Learning Games ABC's
JumpStart Numbers
JumpStart Pre-K
JumpStart Typing
Jungle Heart (remove only)
Juniper Networks Network Connect 5.5.0
KBD
LG USB Drivers
Mad Caps (remove only)
Magic Ball 2
Magic Match
Magic Match 2
Magic Match Adventures
Malwarebytes' Anti-Malware
Math 2
Math Blaster Ages 6-7
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Outlook 2003
Microsoft Office XP Media Content
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Express Edition - ENU Service Pack 1 (KB926748)
Microsoft Web Publishing Wizard 1.52
Microsoft Works 7.0
Milton Bradley Classic Board Games
Monopoly
Move Networks Player for Internet Explorer
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
MUSICMATCH® Jukebox
My Wal-Mart Digital Photo Center
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
NCH Toolbox
Need For Speed - Porsche Unleashed
Nick Blockade (remove only)
Nicktoons Challenge! (remove only)
NVIDIA GART Driver
Ocean Life 1 Screensaver
Ocean Life 2 Screensaver
Operation
PacaJuma Quest (remove only)
PagePrintables
Paint Shop Pro 7
Pajama Sam Life is Rough When You Lose Your Stuff
Pajama Sam No Need to Hide When It's Dark Outside
Palm Desktop
Panda ActiveScan
PC-Doctor for Windows
PCFriendly
PDO Desktop
Photo Viewer 2.3
Photosmart 140,240,7200,7600,7700,7900 Series
Playhouse Disney's Stanley Wild for Sharks
Print Workshop 2004 LE
PS2
pumpkinpatch ScreenSaver
Puzzle Detective
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2004
Quicken 2009
QuickTime
Rainbow Web
Reader Rabbit Preschool
Reader's Digest Super Word Power
RealArcade
RealPlayer
RecordNow!
Rhapsody Player Engine
Roll
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Saints and Sinners Bingo
Sandlot Games Client Services
Sandlot Games Client Services 1.2.2
SandScript(tm)
Scholastic's I SPY School Days
Scholastic's I SPY Spooky Mansion
Scooby-Doo(tm), Phantom of the Knight(tm)
Scrabble Blast Deluxe
Scrabble Complete
Scrabble Deluxe
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958644)
Sega Smash Pack II
Sesame Street Search & Learn Adventures
Shape Solitaire
Slingo
Snowy - Treasure Hunter (remove only)
Sonic Update Manager
SpongeBob Atlantis SquareOff
SpongeBob SquarePants 3D Pinball Panic (remove only)
SpongeBob SquarePants Bubble Rush! (remove only)
SpongeBob SquarePants Collapse! (remove only)
SpongeBob SquarePants Diner Dash (remove only)
SpongeBob SquarePants Jellyfish Shuffleboard (remove only)
SpongeBob SquarePants Krabby Quest (remove only)
SpongeBob SquarePants Obstacle Odyssey (remove only)
SpongeBob SquarePants Obstacle Odyssey 2 (remove only)
SpongeBob SquarePants Pizza Toss (remove only)
SpongeBob SquarePants® Operation Krabby Patty
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Stop the Morbuzakh (remove only)
Stunt Track Driver
Super GameHouse BlackJack
Super GameHouse Solitaire Vol. 1
Switch Sound File Converter
Talk to Me
Tarzan Activity Center
The Fairly OddParents
The Fairly OddParents - Timmy`s Roach Rampage (remove only)
The Font Factory
Time Force
Timez Attack Free
Tonka Raceway
Top Ten Solitaire
trickortreaters ScreenSaver
Trivial Pursuit 90s Edition
Tumble Bees To Go
TurboTax Deluxe 2003
TurboTax Deluxe 2004
TurboTax Deluxe 2005
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
Twistingo
U.B. Funkeys
Ultimate Game Pak
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
Update for Windows XP (KB951072-v2)
VIA Rhine-Family Fast-Ethernet Adapter
VIA/S3G Display Driver
ViviCam V35
Wal-Mart Music Downloads Store
WD Diagnostics
WeatherBug
WexTech AnswerWorks
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Windows XP Winter Fun Pack Screensavers
WinZip
Word Search Deluxe (remove only)
Word Whomp To Go
Wordsheets
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Yahtzee
Yahtzee
Yu_Gi_Oh!_Monsters_1 Screen Saver
Yu_Gi_Oh!_Time_to_Duel_1 Screen Saver
Zone Deluxe Games
Post by: guestolo on November 04, 2008, 12:08:32 PM
First off, do the following please
Go to START>>RUN>>copy and paste the following then click OK
ComboFix /u
This will uninstall ComboFix and it's components
Next
Access your Add and remove programs and uninstall the following
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
They are older versions of Java that can be removed safely
Remain in Add and Remove Programs
I also suggest that you remove
ewido security suite
It will not be updating soon
Don't reboot yet
Download > [color=\"red\"]OTMoveIt3[/color] (http://\"http://oldtimer.geekstogo.com/OTMoveIt3.exe\") <[/url] by OldTimer.
- Save it to your desktop.
- Double-click OTMoveIt2.exe to run it.
- Click the Cleanup! button
A list will be downloaded>>Allow it Internet access if prompted by your Firewall
Don't change anything in this list - Select Yes at the prompt
Wait for the confirmation box to open to reboot the computer
Don't mouseclick during the wait as you may cause the tool to stall - Select Yes to reboot Now
What applications are not working properly?
You may need to uninstall and reinstall them, or repair them
Can you come back here after you have done the above
We should update your copies of SpywareBlaster and Spybot
Post by: scrappingmama on November 10, 2008, 11:43:24 PM
Post by: scrappingmama on November 17, 2008, 12:54:06 AM
I have been able to reinstall many of the applications, but unless I have uninstalled/resinstalled the program it still doesn't work. This applies mostly to the games now, so that's okay.
I'm ready for the next step.
Post by: guestolo on November 17, 2008, 12:16:51 PM
Save them to your desktop for now, but do not install them yet
Download links
SpywareBlaster 4.1 (http://\"http://www.download.com/SpywareBlaster/3000-8022_4-10196637.html?part=dl-SpywareBl&subj=dl&tag=button&cdlPid=10852839\")
And
Spybot 1.6.0.30 (http://\"http://fileforum.betanews.com/detail/Spybot_Search_and_Destroy/1043809773/1\")
Next>>If possible, open your version of SpywareBlaster
Under Quick Tasks, Disable All Protection
When that's finished, exit SpywareBlaster
Open your version of Spybot 1.4
When it opens, click on the Immunization button
Leave all selections checked, then click on UNDO at the top
When it's complete, close Spybot
Download [color=\"#2E8B57\"]JavaRa[/color] (http://\"http://sourceforge.net/project/downloading.php?groupname=javara&filename=JavaRa.zip&use_mirror=osdn\")
Save it then unzip the contents to your desktop
- Open the JavaRa.exe
- In the drop down box select your language>>English, then click on Select
- Click Remove Older Versions
- JavaRa will search for and remove any outdated version of Java and remove any that are found.
- A log file will open, can you save it to a convenient location, a copy will also be found at C:\JavaRA.log
- Click Additional Tasks
- Place a check next to Remove Useless JRE Files and click Go
- Exit JavaRa
Access your Add and Remove Programs, can you first uninstall
SpywareBlaster, then remove Spybot
Reboot your computer
Back in Windows
Install the latest version of SpywareBlaster
Choose manual updating when installing
After installation, Check for Updates
After updating, click on Protection Status and Enable All Protections
It's important that you check for updates every couple of weeks
Install the latest version of Spybot
When installing, can you untick TeaTimer
After updating, click on the Immunization button
Then click Immunize at the top menu bar
You can then close Spybot
Again, ensure to check for updates every couple of weeks and reImmunize
Go to START>>RUN>>type in cmd
Then click OK
Type the following in Exactly
ipconfig /flushdns
Hit Enter on your Keyboard, this will clear DNS resolver cache
Note the single space after ipconfig, but before the /
Exit the command prompt
Go to START>>RUN>>type in services.msc
Hit OK
In the new window that opens
Look for DNS Client
Double click on it to open it
STOP the service from running
In the dropdown box Startup type, change it to Manual
APPLY and OK it then exit the service config window
Post back and let me know how things are running
Also post a fresh Hijackthis log along with the log from JavaRA