Post by: Andy k on December 06, 2008, 04:17:16 PM
I'm attempting to fix my parents computer that recently fell under attack by this Yoog Search thingy. I'm not sure where the problem initiated from, but my father downloads more music that anyone could ever listen to, from limewire...just to have it. My mother is about 11% computer literate and loves to open E-mails. Little brother is 18 and this was the only comp available to him for the last 6ish years ( yeah.. you know what I mean).
So onto the description. First thing that was noticed is that the "Wallpaper" has changed to the ACTIVE DESKTOP RECOVERY form and does not wish to change. Right after the wallpaper disapeers on start-up we get an ERROR message that VIEWMGR.exe can no longer function ( i know that somethings use viewmgr.exe as a disguise) and an ERROR message that SUPER ANTI SPYWARE can no longer function.
I tried to run Spybot only to find out everything in the Spybot folder was still there execpt the actual program ( weird). Before I found this site, someone suggested we try ThreatFire. TF found a handful of things but none that fixed our problems here.
My biggest issue that I didnt see mentioned in the other threads was that I can only view cached websites. If I click an active link it either redirects to an advertisment or tells me that the page is unable to be viewed. I managed to install Highjack after a fiew attempts, but I was unable to get either of the combofix links to direct me. I also havent tried to install Malwarebytes yet, I dont want to get to far ahead of myself.
So here's my log, I'll be awaiting further instruction:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:33:13 PM, on 12/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\ppcbooster\ppcb_32.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe
C:\program files\mozilla firefox\firefox.exe
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Documents and Settings\HP_Administrator\Desktop\Downloads\HJTInstall.exe
C:\Documents and Settings\HP_Administrator\Desktop\Downloads\HJTInstall.exe
C:\Documents and Settings\HP_Administrator\Desktop\Downloads\HJTInstall.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome (http://\"http://www.netflix.com/MemberHome\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\winloggn.exe
O4 - HKLM\..\Run: [qlqiekxyksywczo] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\fpnxbexlxzfd.dll"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\winloggn.exe
O4 - HKCU\..\Run: [VnrBlock21] "C:\Program Files\VnrBlock\VnrBlock21.exe"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll (http://\"http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll\")
O18 - Protocol: mediaman - {F00B23B6-E372-4227-BCD9-CDC32EA1521E} - C:\Program Files\MediaMan\CoMProt.dll
O20 - AppInit_DLLs: stwtft.dll
O22 - SharedTaskScheduler: KJhaiufhw3nrih7wefywjfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9612 bytes
Post by: guestolo on December 06, 2008, 04:29:09 PM
download Malwarebytes' Anti-Malware from Here (http://\"http://www.besttechie.net/tools/mbam-setup.exe\") or Here (http://\"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html\")
Save the installer to desktop
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
With that log
Download DDS and save it to your desktop from here (http://\"http://www.techsupportforum.com/sectools/sUBs/dds\") or here (http://\"http://download.bleepingcomputer.com/sUBs/dds.scr\") or here (http://\"http://www.forospyware.com/sUBs/dds\").
Disable any script blocker, and then double click dds.scr to run the tool.
It may be named dds.pif or dds.com, depending on the download, if one won't run, try another download location
- When done, DDS.txt will open.
- Click Yes at the next prompt for Optional Scan.
- Save both reports to your desktop.
2. Attach.txt
[/list]
Post those logs too please
Post by: Andy k on December 06, 2008, 07:00:01 PM
Post by: guestolo on December 07, 2008, 10:01:29 AM
Try running dds.scr or dds.com or dds.pif
Post by: Andy k on December 07, 2008, 01:12:08 PM
Post by: guestolo on December 07, 2008, 01:20:44 PM
When the computer is restarting, right after the single post beep
Start tapping the F8 key
Select Safe mode from the options
Post by: Andy k on December 07, 2008, 01:35:49 PM
I'll try to run those DD's
Edit: nvermind i re-read. I cant open any of those links for DDS though from the infected comp. I'm going to put it on a CD from my working comp and try and run it that way
Post by: guestolo on December 07, 2008, 01:43:55 PM
Disable any script blocker, and then double click dds.scr to run the tool.
It may be named dds.pif or dds.com, depending on the download, if one won't run, try another download location
- When done, DDS.txt will open.
- Click Yes at the next prompt for Optional Scan.
- Save both reports to your desktop.
2. Attach.txt
[/list]
Please post those logs if you can get them to run
Post by: guestolo on December 07, 2008, 01:54:05 PM
Post by: Andy k on December 07, 2008, 02:08:35 PM
DDS.txt
DDS (Version 1.0) - NTFSx86
Run by HP_Administrator at 13:59:25.39 on Sun 12/07/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.259 [GMT -5:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\regsvr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\ppcbooster\ppcb_32.exe
C:\WINDOWS\system32\HPZipm12.exe
svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\HP\KBD\KBD.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\program files\mozilla firefox\firefox.exe
E:\ComboFix.exe
E:\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.netflix.com/MemberHome
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {1201671d-f4c1-433c-8953-f657eeb79e2f} - c:\windows\system32\raabmo.dll
BHO: {13638437-AC6B-EDC4-A908-1161AF0DDF86} - c:\windows\system32\fpnxbexlxzfd.dll
BHO: {2A1CD23B-824B-41A9-BFA5-60CF1CCB2C8A} - c:\windows\system32\ljJASKeE.dll
BHO: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\vtUnmLDv.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [xsjfn83jkemfofght] c:\docume~1\hp_adm~1\locals~1\temp\winloggn.exe
uRun: [VnrBlock21] "c:\program files\vnrblock\VnrBlock21.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [sysrest32.exe] c:\windows\system32\sysrest32.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [xsjfn83jkemfofght] c:\docume~1\hp_adm~1\locals~1\temp\winloggn.exe
mRun: [qlqiekxyksywczo] c:\windows\system32\regsvr32.exe /s "c:\windows\system32\fpnxbexlxzfd.dll"
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\ppcb_32.lnk - c:\program files\ppcbooster\ppcb_32.exe
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\spybot\spybot - search & destroy\advcheck.dll
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\spybot\spybot - search & destroy\aports.dll
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\spybot\spybot - search & destroy\blindman.exe
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\spybot\spybot - search & destroy\borlndmm.dll
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\spybot\spybot - search & destroy\Default configuration.ini
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\spybot\spybot - search & destroy\delphimm.dll
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\spybot\spybot - search & destroy\messages.zres
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\spybot\spybot - search & destroy\OptOut.ini
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\spybot\spybot - search & destroy\SDHelper.dll
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\spybot\spybot - search & destroy\SpybotSD.exe
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\spybot\spybot - search & destroy\spybotsd.xml
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\spybot\spybot - search & destroy\TeaTimer.exe
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\spybot\spybot - search & destroy\Tools.dll
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\spybot\spybot - search & destroy\unins000.dat
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\spybot\spybot - search & destroy\unins000.exe
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\spybot\spybot - search & destroy\UnzDll.dll
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\spybot\spybot - search & destroy\Update.exe
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\spybot\spybot - search & destroy\ZipDll.dll
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\spybot\spybot - search & destroy\dummies\dummy.cd_clint.dll
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\spybot\spybot - search & destroy\dummies\dummy.dap.gif
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\spybot\spybot - search & destroy\dummies\dummy.data.xml
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\spybot\spybot - search & destroy\dummies\dummy.default.gif
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\spybot\spybot - search & destroy\dummies\dummy.related.htm
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: NoDispBackgroundPage = 1 (0x1)
uPolicies-system: NoDispScrSavPage = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: mediaman - {F00B23B6-E372-4227-BCD9-CDC32EA1521E} - c:\program files\mediaman\CoMProt.dll
Notify: igfxcui - igfxdev.dll
Notify: vtUnmLDv - vtUnmLDv.dll
AppInit_DLLs: stwtft.dll raabmo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\vtUnmLDv.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\ljJASKeE
============= SERVICES / DRIVERS ===============
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [2005-5-16 85248]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys []
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2008-4-8 24652]
=============== Created Last 30 ================
2008-12-06 17:00 107,008 a------- c:\windows\system32\raabmo.dll
2008-12-06 17:00 107,008 a------- c:\windows\system32\jmmettub.dll
2008-12-06 16:58 120 ---sh--- c:\windows\system32\alpnokoi.ini
2008-12-06 16:58 72,192 a------- c:\windows\system32\iokonpla.dll
2008-12-06 15:32 <DIR> --d----- c:\program files\Trend Micro
2008-12-06 09:38 <DIR> --d----- c:\program files\ThreatFire
2008-12-06 09:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2008-12-05 16:57 1,479,831 ---sh--- c:\windows\system32\nxkpirvb.ini
2008-12-05 16:57 107,520 a------- c:\windows\system32\stwtft.dll
2008-12-05 16:57 107,520 a------- c:\windows\system32\wnsymeqw.dll
2008-12-05 16:54 906,236 a--sh--- c:\windows\system32\EeKSAJjl.ini
2008-12-05 16:54 906,220 a--sh--- c:\windows\system32\EeKSAJjl.ini2
2008-12-05 16:54 237,568 a------- c:\windows\system32\ljJASKeE.dll
2008-12-05 16:49 39,936 a------- c:\windows\system32\nnnMEutU.dll
2008-12-05 16:49 <DIR> --d----- c:\program files\VnrBlock
2008-12-05 16:49 <DIR> --d----- c:\program files\iCheck
2008-12-05 16:49 16,384 a------- c:\windows\gbg033414.exe
2008-12-05 16:49 16,384 a------- c:\windows\wuan364443.exe
2008-12-05 16:49 16,384 a------- c:\windows\hw5305.exe
2008-12-05 16:49 16,384 a------- c:\windows\feoc827.exe
2008-12-05 16:49 16,384 a------- c:\windows\ykgee3362.exe
2008-12-05 16:48 65,024 a------- c:\windows\system32\opnnkHYo.dll
2008-12-05 16:48 54,255 a------- c:\windows\c20232.exe
2008-12-05 16:48 39,936 a------- c:\windows\system32\vtUnmLDv.dll
2008-12-05 16:48 16,384 a------- c:\windows\gu58826.exe
2008-12-05 16:48 53,942 a------- c:\windows\system32\cont_adsoftinc-remove.exe
2008-12-05 16:48 47,581 a------- c:\windows\system32\pxdiarhejodnod.exe
2008-12-05 16:48 7,680 a------- c:\windows\o255.exe
2008-12-05 16:48 <DIR> --d----- c:\program files\ppcbooster
2008-12-05 16:48 84,982 a------- c:\windows\vtj708346.exe
2008-12-05 16:48 192,820 a------- c:\windows\nohh06760.exe
2008-12-03 06:46 368,128 a------- c:\windows\system32\fpnxbexlxzfd.dll
2008-12-02 11:13 672,256 a------- c:\windows\system32\nso39A.dll
2008-11-12 03:57 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 03:57 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
==================== Find3M ====================
2008-10-26 10:50 93,511 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-26 10:49 45,056 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2008-10-26 10:49 44,032 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2008-10-24 06:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-03 12:41 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-15 07:12 1,846,400 -------- c:\windows\system32\dllcache\win32k.sys
2008-09-09 20:14 1,307,648 -------- c:\windows\system32\msxml6.dll
2008-09-09 20:14 1,307,648 -------- c:\windows\system32\dllcache\msxml6.dll
2008-08-06 16:20 738 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2008-02-22 15:50 630,784 a------- c:\documents and settings\hp_administrator\GoToAssist_chat2way__317_en.exe
2008-01-15 15:36 557,056 a------- c:\documents and settings\hp_administrator\GoToAssist_phone__317_en.exe
2008-01-11 10:25 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2007-06-20 18:30 141 a------- c:\documents and settings\hp_administrator\2950.bat
============= FINISH: 14:03:21.48 ===============
ATTACH
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Version 1.0)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/8/2008 3:07:47 PM
System Uptime: 12/7/2008 1:31:02 PM (1 hours ago)
Motherboard: ASUSTek Computer INC. | | LIMESTONE
Processor: Intel® Pentium® D CPU 2.80GHz | Socket
775 | 2800/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 225 GiB total, 181.701 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 1.404 GiB free.
E: is CDROM (UDF)
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
L: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP12: 12/5/2008 4:54:17 PM - System Checkpoint
RP13: 12/5/2008 4:54:18 PM - Last good restore point
RP14: 12/5/2008 4:54:19 PM - System Checkpoint
RP15: 12/5/2008 4:54:20 PM - Software Distribution Service 3.0
RP16: 12/5/2008 4:54:21 PM - Software Distribution Service 3.0
RP17: 12/5/2008 4:54:26 PM - System Checkpoint
RP18: 12/5/2008 4:54:27 PM - Software Distribution Service 3.0
RP19: 12/5/2008 4:54:29 PM - Printer Driver Send To Microsoft OneNote
Driver Installed
RP20: 12/5/2008 4:54:30 PM - System Checkpoint
RP21: 12/5/2008 4:54:31 PM - System Checkpoint
RP22: 12/5/2008 4:54:32 PM - System Checkpoint
RP23: 12/5/2008 4:54:34 PM - System Checkpoint
RP24: 12/5/2008 4:54:35 PM - System Checkpoint
RP25: 12/5/2008 4:54:36 PM - System Checkpoint
RP26: 12/5/2008 4:54:37 PM - System Checkpoint
RP27: 12/5/2008 4:54:39 PM - System Checkpoint
RP28: 12/5/2008 4:54:40 PM - System Checkpoint
RP29: 12/5/2008 4:54:41 PM - System Checkpoint
RP30: 12/5/2008 4:54:43 PM - System Checkpoint
RP31: 12/5/2008 4:54:44 PM - System Checkpoint
RP32: 12/5/2008 4:54:45 PM - Configured PC-Doctor for Windows
RP33: 12/5/2008 4:54:47 PM - System Checkpoint
RP34: 12/5/2008 4:54:48 PM - System Checkpoint
RP35: 12/5/2008 4:54:50 PM - System Checkpoint
RP36: 12/5/2008 4:54:52 PM - System Checkpoint
RP37: 12/5/2008 4:54:54 PM - System Checkpoint
RP38: 12/5/2008 4:54:55 PM - System Checkpoint
RP39: 12/5/2008 4:54:56 PM - System Checkpoint
RP40: 12/5/2008 4:54:56 PM - System Checkpoint
RP41: 12/5/2008 4:54:58 PM - System Checkpoint
RP42: 12/5/2008 4:54:59 PM - System Checkpoint
RP43: 12/5/2008 4:55:00 PM - Installed Java(tm) 6 Update 7
RP44: 12/5/2008 4:55:01 PM - Installed OpenOffice.org Installer 1.0
RP45: 12/5/2008 4:55:02 PM - Installed MediaMan
RP46: 12/5/2008 4:55:04 PM - System Checkpoint
RP47: 12/5/2008 4:55:05 PM - Installed Verizon Media Manager
RP48: 12/5/2008 4:55:06 PM - System Checkpoint
RP49: 12/5/2008 4:55:08 PM - Software Distribution Service 3.0
RP50: 12/5/2008 4:55:10 PM - System Checkpoint
RP51: 12/5/2008 4:55:12 PM - Installed Microsoft Office Live Meeting
2005
RP52: 12/5/2008 4:55:13 PM - System Checkpoint
RP53: 12/5/2008 4:55:15 PM - System Checkpoint
RP54: 12/5/2008 4:55:16 PM - System Checkpoint
RP55: 12/5/2008 4:55:18 PM - System Checkpoint
RP56: 12/5/2008 4:55:19 PM - Software Distribution Service 3.0
RP57: 12/5/2008 4:55:20 PM - Software Distribution Service 3.0
RP58: 12/5/2008 4:55:20 PM - System Checkpoint
RP59: 12/5/2008 4:55:22 PM - Removed Windows Media Player Firefox
Plugin
RP60: 12/5/2008 4:55:23 PM - Windows Media Center Update
RP61: 12/5/2008 4:55:23 PM - Installed Windows Media Player 10
KB903157.
RP62: 12/5/2008 4:55:24 PM - Installed Windows XP Media Center Edition
2005 Update Rollup 2.
RP63: 12/5/2008 4:55:28 PM - Installed Windows Media Player 11
RP64: 12/5/2008 4:55:28 PM - Installed Windows XP Media Center Edition
2005 KB925766.
RP65: 12/5/2008 4:55:30 PM - Installed Windows XP Wudf01000.
RP66: 12/5/2008 4:55:31 PM - Installed Windows XP MSCompPackV1.
RP67: 12/5/2008 4:55:32 PM - Installed SUPERAntiSpyware Free Edition
RP68: 12/5/2008 4:55:33 PM - Software Distribution Service 3.0
RP69: 12/5/2008 4:55:35 PM - Software Distribution Service 3.0
RP70: 12/5/2008 4:55:35 PM - Software Distribution Service 3.0
RP71: 12/5/2008 4:55:36 PM - System Checkpoint
RP72: 12/5/2008 4:55:37 PM - System Checkpoint
RP73: 12/5/2008 4:55:38 PM - System Checkpoint
RP74: 12/5/2008 4:55:40 PM - System Checkpoint
RP75: 12/5/2008 4:55:41 PM - System Checkpoint
RP76: 12/5/2008 4:55:42 PM - System Checkpoint
RP77: 12/5/2008 4:55:42 PM - System Checkpoint
RP78: 12/5/2008 4:55:43 PM - System Checkpoint
RP79: 12/5/2008 4:55:45 PM - System Checkpoint
RP80: 12/5/2008 4:55:47 PM - Removed MediaMan
RP81: 12/5/2008 4:55:49 PM - Installed MediaMan
RP82: 12/5/2008 4:55:51 PM - System Checkpoint
RP83: 12/5/2008 4:55:53 PM - System Checkpoint
RP84: 12/5/2008 4:55:55 PM - System Checkpoint
RP85: 12/5/2008 4:55:57 PM - System Checkpoint
RP86: 12/5/2008 4:55:58 PM - System Checkpoint
RP87: 12/5/2008 4:55:59 PM - Software Distribution Service 3.0
RP88: 12/5/2008 4:56:00 PM - System Checkpoint
RP89: 12/5/2008 4:56:02 PM - System Checkpoint
RP90: 12/5/2008 4:56:03 PM - System Checkpoint
RP91: 12/5/2008 4:56:04 PM - System Checkpoint
RP92: 12/5/2008 4:56:06 PM - System Checkpoint
RP93: 12/5/2008 4:56:07 PM - System Checkpoint
RP94: 12/5/2008 4:56:10 PM - System Checkpoint
RP95: 12/5/2008 4:56:11 PM - System Checkpoint
RP96: 12/5/2008 4:56:12 PM - System Checkpoint
RP97: 12/5/2008 4:56:13 PM - System Checkpoint
RP98: 12/5/2008 4:56:14 PM - Removed Adobe Reader 9.
RP99: 12/5/2008 4:56:16 PM - System Checkpoint
RP100: 12/5/2008 4:56:17 PM - System Checkpoint
RP101: 12/5/2008 4:56:18 PM - System Checkpoint
RP102: 12/5/2008 4:56:20 PM - System Checkpoint
RP103: 12/5/2008 4:56:22 PM - System Checkpoint
RP104: 12/5/2008 4:56:24 PM - System Checkpoint
RP105: 12/5/2008 4:56:26 PM - System Checkpoint
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Shockwave Player
Agere Systems PCI Soft Modem
AiO_Scan
AiOSoftware
Apple Mobile Device Support
Apple Software Update
Bonjour
BufferChm
CameraDrivers
Contextual Platform Adsoftinc
Copy
CP_AtenaShokunin1Config
cp_dwSharkTaleAlbums1
cp_dwSharkTaleCards1
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CP_PLSBusinessFlyers
CreativeProjects
CreativeProjectsTemplates
CueTour
Destinations
Director
DocProc
DocumentViewer
Fax
FirstClass® Client
Freeze Clip Art
Google Earth
Google Updater
GTK+ Runtime 2.12.8 rev a (remove only)
Help and Support Additions
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Boot Optimizer
HP Deskjet Printer Preload
HP Help and Support 4.0
HP Image Zone 4.8.6
HP Image Zone for Media Center PC
HP Image Zone Plus 4.8.6
HP Photosmart Cameras 4.5
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Software Update
HP Tunes
HPIZplus450
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
IntelliMover Data Transfer Demo
Internet Speed Monitor
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0
Java(tm) 6 Update 5
Java(tm) 6 Update 7
KBD
LimeWire 4.16.6
LS_HSI
MediaMan
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Meeting 2005
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Mozilla Firefox (3.0.4)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 4.0
muvee autoProducer unPlugged - HPD
MyHeritage Family Tree Builder
Netflix Movie Viewer
Norton Security Scan
ObjectDock
OpenOffice.org Installer 1.0
Otto
Overball from HP Media Center (remove only)
PanoStandAlone
PhotoGallery
Photosmart 320,370,7400,8100,8400 Series
Pidgin
Pizza Hut Shortcut
PPC Booster
PrintScreen
PS2
PSPrinters06
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
Remove Microsoft Money 2005 installer
Remove Quicken New User Edition installer
RON Tool Adsoftinc
Safari
Scan
ScannerCopy
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SkinsHP1
Slyder from HP Media Center (remove only)
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
TBS WMP Plug-in
The Print Shop 22
Tradewinds from HP Media Center (remove only)
TrayApp
Unload
Update for Office 2007 (KB946691)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP
Verizon Media Manager
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB890629
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
World of Warcraft
==== Event Viewer Messages ===================
12/2/2008 7:59:13 AM, error: atapi [9] - The device,
\Device\Ide\IdePort2, did not respond within the timeout period.
12/2/2008 7:28:53 AM, error: Service Control Manager [7011] - Timeout
(30000 milliseconds) waiting for a transaction response from the
stisvc service.
12/3/2008 2:06:38 AM, error: atapi [9] - The device,
\Device\Ide\IdePort0, did not respond within the timeout period.
12/5/2008 7:06:44 PM, error: Service Control Manager [7009] - Timeout
(30000 milliseconds) waiting for the Viewpoint Manager Service service
to connect.
12/5/2008 7:06:44 PM, error: Service Control Manager [7000] - The
Viewpoint Manager Service service failed to start due to the following
error: The service did not respond to the start or control request in
a timely fashion.
12/5/2008 7:08:16 PM, error: sr [1] - The System Restore filter
encountered the unexpected error '0xC0000001' while processing the
file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.
12/5/2008 7:18:41 PM, error: DCOM [10005] - DCOM got error "%1058"
attempting to start the service wuauserv with arguments "" in order to
run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/5/2008 7:26:54 PM, error: Service Control Manager [7026] - The
following boot-start or system-start driver(s) failed to load:
SASKUTIL
12/5/2008 7:44:26 PM, error: Service Control Manager [7034] - The
HTTP SSL service terminated unexpectedly. It has done this 1 time(s).
12/5/2008 7:44:31 PM, error: Service Control Manager [7034] - The
Windows Image Acquisition (WIA) service terminated unexpectedly. It
has done this 1 time(s).
12/5/2008 7:44:40 PM, error: Service Control Manager [7034] - The
TCP/IP NetBIOS Helper service terminated unexpectedly. It has done
this 1 time(s).
12/5/2008 7:44:40 PM, error: Service Control Manager [7031] - The
Remote Registry service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 1000
milliseconds: Restart the service.
12/5/2008 7:44:40 PM, error: Service Control Manager [7034] - The
WebClient service terminated unexpectedly. It has done this 1
time(s).
12/5/2008 7:45:01 PM, error: Service Control Manager [7034] - The
SSDP Discovery Service service terminated unexpectedly. It has done
this 1 time(s).
12/5/2008 7:45:06 PM, error: Service Control Manager [7031] - The
DCOM Server Process Launcher service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Reboot the machine.
12/5/2008 7:45:06 PM, error: Service Control Manager [7034] - The
Terminal Services service terminated unexpectedly. It has done this 1
time(s).
12/5/2008 7:45:20 PM, error: Service Control Manager [7031] - The
Remote Procedure Call (RPC) service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Reboot the machine.
12/6/2008 7:38:43 AM, error: HTTP [15005] - Unable to bind to the
underlying transport for 0.0.0.0:2869. The IP Listen-Only list may
contain a reference to an interface which may not exist on this
machine. The data field contains the error number.
12/6/2008 2:52:42 PM, error: sr [1] - The System Restore filter
encountered the unexpected error '0xC0000369' while processing the
file 'MSI3e580.tmp' on the volume 'HarddiskVolume1'. It has stopped
monitoring the volume.
12/6/2008 7:49:59 PM, error: Service Control Manager [7034] - The
Application Layer Gateway Service service terminated unexpectedly. It
has done this 1 time(s).
==== End Of File ===========================
Post by: guestolo on December 07, 2008, 02:14:48 PM
Transfer ComboFix.exe from cd to Desktop
Do you see the extension .exe?
Could you try right clicking on ComboFix.exe and Rename it to ComboFix.com
Seeing as .com extension is running
Then try running combofix again
Remember, don't run it from the CD, transfer to desktop
Post by: Andy k on December 07, 2008, 02:25:35 PM
Post by: guestolo on December 07, 2008, 02:27:49 PM
Once it reboots your computer
It will run again on startup
Ensure none of your Security software interrupts it
A log should open on startup, may take up to another 15 minutes
Post that log please
Post by: Andy k on December 07, 2008, 02:58:08 PM
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.678 [GMT -5:00]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ppcb_32.lnk
c:\program files\Common Files\ecurit~1
c:\program files\Common Files\racle~1
c:\program files\iCheck
c:\program files\iCheck\Uninstall.exe
c:\program files\ppcbooster
c:\program files\ppcbooster\ppcb_32.exe
c:\program files\ppcbooster\ppcbu_32.exe
c:\program files\VnrBlock
c:\program files\VnrBlock\xtarga.gz
c:\program files\wintouch
c:\program files\wintouch\config.cfg.282258999709870e58d09396afe25067
c:\program files\wintouch\config.cfg.86b554f3c84b41eaffbef0d8fa895d43
c:\program files\wintouch\WTUninstaller.exe
c:\temp\tpBe12
c:\windows\fnts~1
c:\windows\IA
c:\windows\IE4 Error Log.txt
c:\windows\nohh06760.exe
c:\windows\system32\alpnokoi.ini
c:\windows\system32\drivers\TDSSrvdc.sys
c:\windows\system32\EeKSAJjl.ini
c:\windows\system32\EeKSAJjl.ini2
c:\windows\system32\fpnxbexlxzfd.dll
c:\windows\system32\iokonpla.dll
c:\windows\system32\jmmettub.dll
c:\windows\system32\ljJASKeE.dll
c:\windows\system32\nnnMEutU.dll
c:\windows\system32\nxkpirvb.ini
c:\windows\system32\opnnkHYo.dll
c:\windows\system32\raabmo.dll
c:\windows\system32\stwtft.dll
c:\windows\system32\TDSSktkl.dll
c:\windows\system32\TDSSlajf.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSoxum.dll
c:\windows\system32\TDSSqkhc.dll
c:\windows\system32\TDSSqrdn.log
c:\windows\system32\TDSSshkx.log
c:\windows\system32\TDSSurxb.dll
c:\windows\system32\TDSSweat.dat
c:\windows\system32\TDSSxehr.dll
c:\windows\system32\vtUnmLDv.dll
c:\windows\system32\wnsymeqw.dll
c:\windows\Tasks\jhtflrtg.job
c:\windows\wr.txt
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Legacy_SYSREST.SYS
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.
2008-12-07 14:20 . 2008-12-07 14:20 <DIR> d-------- C:\comkbofix.com
2008-12-06 15:32 . 2008-12-06 15:32 <DIR> d-------- c:\program files\Trend Micro
2008-12-06 09:38 . 2008-12-06 18:43 <DIR> d-------- c:\program files\ThreatFire
2008-12-06 09:38 . 2008-12-06 18:41 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-06 09:38 . 2008-12-06 09:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2008-12-05 16:49 . 2008-12-05 16:49 16,384 --a------ c:\windows\ykgee3362.exe
2008-12-05 16:49 . 2008-12-05 16:49 16,384 --a------ c:\windows\wuan364443.exe
2008-12-05 16:49 . 2008-12-05 16:49 16,384 --a------ c:\windows\hw5305.exe
2008-12-05 16:49 . 2008-12-05 16:49 16,384 --a------ c:\windows\gbg033414.exe
2008-12-05 16:49 . 2008-12-05 16:49 16,384 --a------ c:\windows\feoc827.exe
2008-12-05 16:48 . 2008-12-05 16:49 84,982 --a------ c:\windows\vtj708346.exe
2008-12-05 16:48 . 2008-12-05 16:49 54,255 --a------ c:\windows\c20232.exe
2008-12-05 16:48 . 2008-12-05 16:49 53,942 --a------ c:\windows\system32\cont_adsoftinc-remove.exe
2008-12-05 16:48 . 2008-12-05 16:49 47,581 --a------ c:\windows\system32\pxdiarhejodnod.exe
2008-12-05 16:48 . 2008-12-05 16:49 16,384 --a------ c:\windows\gu58826.exe
2008-12-05 16:48 . 2008-12-05 16:48 7,680 --a------ c:\windows\o255.exe
2008-12-02 11:13 . 2008-12-02 11:13 672,256 --a------ c:\windows\system32\nso39A.dll
2008-11-12 03:57 . 2008-09-04 12:15 1,106,944 --a------ c:\windows\system32\dllcache\msxml3.dll
2008-11-12 03:57 . 2008-10-24 06:21 455,296 --a------ c:\windows\system32\dllcache\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 19:47 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\LimeWire
2008-12-07 01:12 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\U3
2008-12-06 20:15 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-06 19:53 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-06 14:30 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-06 14:30 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-03 23:00 --------- d-----w c:\program files\Norton Security Scan
2008-12-02 15:33 --------- d-----w c:\program files\LimeWire
2008-12-01 23:31 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\MediaMan
2008-11-27 03:24 --------- d-----w c:\program files\Common Files\Adobe
2008-11-17 16:33 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-06 23:11 --------- d-----w c:\program files\MediaMan
2008-10-25 18:10 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2008-10-25 18:10 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-25 18:03 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 07:07 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-13 23:02 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Verizon
2008-10-13 23:01 --------- d-----w c:\program files\Verizon
2008-10-12 21:54 --------- d-----w c:\documents and settings\All Users\Application Data\MediaMan
2008-10-12 18:43 --------- d-----w c:\program files\Sun
2008-10-12 18:43 --------- d-----w c:\program files\Java
2008-10-10 22:00 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-08-06 21:20 738 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2008-02-22 20:50 630,784 ----a-w c:\documents and settings\HP_Administrator\GoToAssist_chat2way__317_en.exe
2008-01-15 20:36 557,056 ----a-w c:\documents and settings\HP_Administrator\GoToAssist_phone__317_en.exe
2008-01-11 15:25 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2007-06-20 23:30 141 ----a-w c:\documents and settings\HP_Administrator\2950.bat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-05-16 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"RTHDCPL"="RTHDCPL.EXE" [2005-04-13 c:\windows\RTHDCPL.EXE]
c:\documents and settings\Lisa\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-01-19 3450608]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-02-08 147456]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-01-19 3450608]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\spybot\Spybot - Search & Destroy
advcheck.dll [2005-05-31 157344]
aports.dll [2005-05-31 28672]
blindman.exe [2005-05-31 47256]
borlndmm.dll [2005-05-31 22528]
Default configuration.ini [2005-05-31 2161]
delphimm.dll [2005-05-31 15872]
messages.zres [2005-05-31 25726]
OptOut.ini [2005-05-31 2683]
SDHelper.dll [2005-05-31 853672]
SpybotSD.exe [2005-05-31 4393096]
spybotsd.xml [2004-05-12 12507]
TeaTimer.exe [2005-05-31 1415824]
Tools.dll [2005-05-31 461464]
unins000.dat [2001-01-19 20499]
unins000.exe [2001-01-19 649378]
UnzDll.dll [2005-05-31 122368]
Update.exe [2005-05-31 417408]
ZipDll.dll [2005-05-31 139776]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\spybot\Spybot - Search & Destroy\Dummies
dummy.cd_clint.dll [2004-05-12 48640]
dummy.dap.gif [2005-05-31 252]
dummy.data.xml [2005-05-31 402]
dummy.default.gif [2005-05-31 252]
dummy.related.htm [2005-05-31 646]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\spybot\Spybot - Search & Destroy\Help
Deutsch.license.txt [2005-05-31 5289]
English.chm [2005-08-23 192712]
English.license.txt [2005-09-29 5198]
English.Resident.chm [2005-07-21 42564]
Francais.license.txt [2005-05-31 6066]
Italiano.license.txt [2005-05-31 5676]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\spybot\Spybot - Search & Destroy\Includes
Browserpages.sbs [2005-04-27 3134]
CLSIDs.sbs [2005-09-21 373842]
CLSIDs.tnfo [2004-10-11 219575]
Cookies.sbb [2004-06-16 1229]
Cookies.sbi [2006-03-03 751]
Cookies.sbs [2005-10-06 2825]
Dialer.sbi [2006-03-03 114574]
Dialer.sbs [2003-01-01 51]
Domains.sbs [2006-03-02 49727]
Hijackers.sbi [2006-03-03 168644]
Hosts.sbs [2004-05-12 27093]
Keyloggers.sbi [2006-03-03 10868]
Logs.uts [2003-01-01 992]
LSP.sbi [2004-05-12 422]
LSP.sbs [2005-05-31 4873]
Malware.sbi [2006-03-03 122305]
OperaPlugins.sbs [2005-04-26 1270]
ProcWatch.sbs [2004-07-07 69516]
PUPS.sbi [2006-03-03 18662]
RegWatch.sbs [2005-02-18 4490]
Revision.sbi [2006-03-03 398]
Revision.sbs [2005-04-29 167]
Searchpages.sbs [2005-04-27 214]
Security.sbi [2006-03-03 6932]
Services.sbs [2006-03-02 653812]
Spybots.sbi [2006-03-03 88330]
Startup.tnfo [2005-05-31 1821639]
Targets.nfo [2006-03-02 209763]
Tracks.uti [2005-02-17 33196]
Trojans.sbi [2006-03-03 70232]
URL-Blacklist.sbs [2005-11-07 14147]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\spybot\Spybot - Search & Destroy\Languages
Deutsch.sbl [2005-05-31 95877]
English.sbl [2005-12-01 78384]
Espanol.sbl [2005-05-31 91038]
Francais.sbl [2005-05-31 93352]
Italiano.sbl [2005-05-31 89769]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\spybot\Spybot - Search & Destroy\Skins
Colorblind.ini [2005-01-27 536]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\spybot\Spybot - Search & Destroy\Updates
clsid.zip [2005-09-23 374020]
desc.english.zip [2006-03-03 55971]
downloaded.ini [2006-03-05 4069]
help.english.zip [2006-02-17 188648]
helpres.english.zip [2005-07-25 34970]
includes.zip [2006-03-03 1437021]
lang.english.zip [2005-12-23 23453]
online.ini [2006-03-05 44058]
skins.main.zip [2005-01-28 393]
startup.zip [2004-10-14 287255]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-10-02 1283608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=stwtft.dll raabmo.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlackBerry Desktop Redirector.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlackBerry Desktop Redirector.lnk
backup=c:\windows\pss\BlackBerry Desktop Redirector.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Verizon\\Media Manager\\MediaManager.exe"=
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-04-08 24652]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [2005-05-16 85248]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41d10103-c3f3-11dd-815e-0013d405f979}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{801c2bf0-7157-11dd-8123-0013d405f979}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92d34e60-b7d7-11dd-814e-0013d405f979}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92d34e61-b7d7-11dd-814e-0013d405f979}]
\Shell\AutoRun\command - M:\Autoplay.exe -auto
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2fef14e-22ea-11dd-80e9-0013d405f979}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2008-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-12-03 c:\windows\Tasks\CAAntiSpywareScan_Daily as HP_Administrator at 11 46 AM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-28 16:10]
2008-12-02 c:\windows\Tasks\CAAntiSpywareScan_Daily as HP_Administrator at 2 35 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-28 16:10]
2008-12-04 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2008-04-13 19:12]
2008-01-19 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 18:52]
2008-01-19 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2006-11-21 20:08]
2008-12-03 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2008-01-09 03:08]
2008-12-07 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDetect.exe []
2008-12-06 c:\windows\Tasks\WebReg Photosmart C4380 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-11-05 05:12]
.
- - - - ORPHANS REMOVED - - - -
BHO-{1201671d-f4c1-433c-8953-f657eeb79e2f} - c:\windows\system32\raabmo.dll
BHO-{13638437-AC6B-EDC4-A908-1161AF0DDF86} - c:\windows\system32\fpnxbexlxzfd.dll
BHO-{40AEE683-BFBB-4351-BE00-0B82E9428CD0} - c:\windows\system32\ljJASKeE.dll
HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKCU-Run-VnrBlock21 - c:\program files\VnrBlock\VnrBlock21.exe
HKLM-Run-sysrest32.exe - c:\windows\system32\sysrest32.exe
SharedTaskScheduler-{D5BF49A2-94F1-42BD-F434-3604812C807D} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.netflix.com/MemberHome
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Handler: mediaman - {F00B23B6-E372-4227-BCD9-CDC32EA1521E} - c:\program files\MediaMan\CoMProt.dll
c:\windows\Downloaded Program Files\SearchEngineQuery.dll - O16 -: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400}
hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
FireFox -: Profile - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xg71zalf.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.thetechguide.com/forum/index.php?showforum=4
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\mozilla firefox\plugins\npsnapfish.dll
FF -: plugin - c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF -: plugin - c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-12-07 14:46:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\ehome\ehRec.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2008-12-07 14:54:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-07 19:54:44
Pre-Run: 195,021,914,112 bytes free
Post-Run: 197,966,487,552 bytes free
358 --- E O F --- 2008-11-12 14:11:27
Highjack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:59:30 PM, on 12/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\RTHDCPL.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\program files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome (http://\"http://www.netflix.com/MemberHome\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: spybot
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll (http://\"http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll\")
O18 - Protocol: mediaman - {F00B23B6-E372-4227-BCD9-CDC32EA1521E} - C:\Program Files\MediaMan\CoMProt.dll
O20 - AppInit_DLLs: stwtft.dll raabmo.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 7613 bytes
Post by: guestolo on December 07, 2008, 04:19:31 PM
Can you do the following please
We still have a bit more cleanup to do
Can we disable Spybot from running on startup
Open spybot>>Click on MODE>>Advanced mode>>Yes to the Prompt
Click on Settings>>Settings>>Under Automation Uncheck All under Program Start
Under System Start select No Automation
Close Spybot
Delete your copy of ComboFix
Then redownload a fresh copy from the link>>
Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop
Don't run it yet
Next:
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work
[color=\"#0000FF\"]File::
c:\windows\ykgee3362.exe
c:\windows\wuan364443.exe
c:\windows\hw5305.exe
c:\windows\gbg033414.exe
c:\windows\feoc827.exe
c:\windows\vtj708346.exe
c:\windows\c20232.exe
c:\windows\system32\cont_adsoftinc-remove.exe
c:\windows\system32\pxdiarhejodnod.exe
c:\windows\gu58826.exe
c:\windows\o255.exe
c:\windows\Tasks\Symantec NetDetect.job
c:\windows\Tasks\CAAntiSpywareScan_Daily as HP_Administrator at 11 46 AM.job
c:\windows\Tasks\CAAntiSpywareScan_Daily as HP_Administrator at 2 35 PM.job
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92d34e61-b7d7-11dd-814e-0013d405f979}]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[/color]
Save this as txtfile on your laptops desktop, with the exact name of
CFScript
(http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif)
Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
When finished, it shall produce a log for you with the same name C:\ComboFix.txt..
I'll need to see that log again later
But first
Access your Add and Remove programs
Close down all browser windows, uninstall all the following
Don't reboot till the last one is removed
J2SE Runtime Environment 5.0
Javaâ„¢ 6 Update 5
Javaâ„¢ 6 Update 7
Viewpoint Media Player
Then reboot your computer
Back in Windows
[color=\"blue\"]Updating Java:[/color]
- Download the latest version of Java Runtime Environment (JRE) 6 (http://\"http://java.sun.com/javase/downloads/index.jsp\").
- Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11".
- Click the "Download" button to the right.
- In the new Window that opens, in the dropdown box next to Platform: select Windows,>>Check the "agree" box and click Continue.
- Click on the link to download Windows Offline Installation and save to your desktop.
- Then from your desktop double-click on jre-6u11-windows-i586-p.exe that you downloaded to install the newest version.
Can you please do the following
Go here and download your Free version of Avira AntiVir
http://www.download.com/Avira-AntiVir-Pers...cdlpid=10322935 (http://\"http://www.download.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html?part=dl-10322935&subj=dl&tag=button&cdlpid=10322935\")
Save the installer to desktop
Install Avira AntiVir from desktop
Ensure that you have it check for Updates
The first time it updates may take awhile, but allow it time
NOTE: Avira will display a single big Ad on your computer
Don't be alarmed, just click OK at the bottom of the Ad to close it
A scan of your System should then start
If a scan does not start after updating, double click on the Avira icon by the clock (the red/white umbrella)
and select "Scan system now"
Quarantine or delete everything it finds
When the scan is finished
Reboot the computer
Back in Windows
Can you post all the following back please
1. Post a fresh hijackthis log
2. Please post the log from Avira
Open Avira again (Double click on the red Umbrella icon by the clock)
Click on REPORTS under Overview
Double click on the Scan report you just made
Then click on "Report File"
3. Post the log from ComboFix>>C:Combofix.txt
Post by: Andy k on December 07, 2008, 05:11:20 PM
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work
[color=\"#0000FF\"]File::
c:\windows\ykgee3362.exe
c:\windows\wuan364443.exe
c:\windows\hw5305.exe
c:\windows\gbg033414.exe
c:\windows\feoc827.exe
c:\windows\vtj708346.exe
c:\windows\c20232.exe
c:\windows\system32\cont_adsoftinc-remove.exe
c:\windows\system32\pxdiarhejodnod.exe
c:\windows\gu58826.exe
c:\windows\o255.exe
c:\windows\Tasks\Symantec NetDetect.job
c:\windows\Tasks\CAAntiSpywareScan_Daily as HP_Administrator at 11 46 AM.job
c:\windows\Tasks\CAAntiSpywareScan_Daily as HP_Administrator at 2 35 PM.job
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92d34e61-b7d7-11dd-814e-0013d405f979}]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[/color]
Save this as txtfile on your laptops desktop, with the exact name of
CFScript[/quote]
I just want to make sure I'm doing this right. The infected computer is my parents TOWER and I have a LAPTOP that I was replying to you when I couldnt get the infected computer to start-up.
Is all of this latest process being done on ONLY the infected comp or with assistance from BOTH?
Post by: guestolo on December 07, 2008, 05:15:49 PM
Post by: Andy k on December 07, 2008, 07:55:59 PM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:31 PM, on 12/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome (http://\"http://www.netflix.com/MemberHome\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: spybot
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll (http://\"http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll\")
O18 - Protocol: mediaman - {F00B23B6-E372-4227-BCD9-CDC32EA1521E} - C:\Program Files\MediaMan\CoMProt.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 8252 bytes
AV scan
Avira AntiVir Personal
Report file date: Sunday, December 07, 2008 17:51
Scanning for 1076607 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: YOUR-55E5F9E3D2
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 14:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 13:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36
ANTIVIR1.VDF : 7.1.0.197 1170432 Bytes 12/7/2008 22:48:13
ANTIVIR2.VDF : 7.1.0.198 2048 Bytes 12/7/2008 22:48:13
ANTIVIR3.VDF : 7.1.0.199 2048 Bytes 12/7/2008 22:48:14
Engineversion : 8.2.0.42
AEVDF.DLL : 8.1.0.6 102772 Bytes 10/14/2008 16:05:56
AESCRIPT.DLL : 8.1.1.17 336251 Bytes 12/7/2008 22:48:20
AESCN.DLL : 8.1.1.5 123251 Bytes 11/7/2008 21:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 19:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 15:41:39
AEOFFICE.DLL : 8.1.0.32 196987 Bytes 12/7/2008 22:48:19
AEHEUR.DLL : 8.1.0.74 1519990 Bytes 12/7/2008 22:48:19
AEHELP.DLL : 8.1.2.0 119159 Bytes 12/7/2008 22:48:17
AEGEN.DLL : 8.1.1.6 323955 Bytes 12/7/2008 22:48:16
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 16:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 12/7/2008 22:48:15
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 16:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 18:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 19:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: Sunday, December 07, 2008 17:51
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'hphmon06.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'ALCMTR.EXE' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'KBD.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'ObjectDock.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
50 processes with 50 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD5
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '66' files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\HP_Administrator\My Documents\RWD\clipartsamplefree.exe
- Archive type: ZIP SFX (self extracting)
--> resource.0000.pkg
[1] Archive type: ZIP
--> RPCInstall_US.dll
[DETECTION] Is the TR/Dldr.Agent.hym Trojan
--> RPCInstall_INTL.dll
[DETECTION] Is the TR/Dldr.Agent.hym.1 Trojan
--> freezetoolbar_installer.exe
[DETECTION] Contains recognition pattern of the DR/Mostofate.BT.5 dropper
--> blinksetup.exe
[2] Archive type: RSRC
--> Object
[DETECTION] Contains recognition pattern of the DR/Agent.aqr.1 dropper
--> ShopperReports.exe
[DETECTION] Contains recognition pattern of the DR/Shopper.K.13 dropper
--> osfreez118.exe
[2] Archive type: RSRC
--> Object
[DETECTION] Contains recognition pattern of the DR/OneStep.A dropper
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\Program Files\ppcbooster\ppcb_32.exe.vir
[DETECTION] Is the TR/Dldr.Agent.aswp Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\c20232.exe.vir
- Archive type: NSIS
--> ProgramFilesDir/p2pmax.exe
[DETECTION] Is the TR/Agent.10240.19 Trojan
[DETECTION] Is the TR/Drop.Agent.54255 Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\feoc827.exe.vir
[DETECTION] Is the TR/Dldr.VB.iqv Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\gbg033414.exe.vir
[DETECTION] Is the TR/Dldr.VB.iqv Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\gu58826.exe.vir
[DETECTION] Is the TR/Dldr.VB.iqv Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\hw5305.exe.vir
[DETECTION] Is the TR/Dldr.VB.iqv Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\o255.exe.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\vtj708346.exe.vir
- Archive type: NSIS
--> ProgramFilesDir/ppcb_32.exe
[DETECTION] Is the TR/Dldr.Agent.aswp Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\wuan364443.exe.vir
[DETECTION] Is the TR/Dldr.VB.iqv Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\ykgee3362.exe.vir
[DETECTION] Is the TR/Dldr.VB.iqv Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\opnnkHYo.dll.vir
[DETECTION] Is the TR/Agent.asus Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSktkl.dll.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.JW back-door program
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSlajf.dll.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.acs back-door program
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoxum.dll.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.KD back-door program
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSurxb.dll.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.adb back-door program
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSrvdc.sys.vir
[DETECTION] Contains recognition pattern of the RKIT/TDss.G.22 root kit
[NOTE] The file was deleted!
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP105\A0015878.sys
[DETECTION] Contains recognition pattern of the RKIT/TDss.G.22 root kit
[NOTE] The file was deleted!
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP105\A0015879.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.JW back-door program
[NOTE] The file was deleted!
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP105\A0015880.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.adb back-door program
[NOTE] The file was deleted!
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP105\A0015881.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.acs back-door program
[NOTE] The file was deleted!
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP105\A0015882.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.KD back-door program
[NOTE] The file was deleted!
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP105\A0015897.exe
[DETECTION] Is the TR/Dldr.Agent.aswp Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP105\A0015910.dll
[DETECTION] Is the TR/Agent.asus Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP106\A0016548.exe
- Archive type: NSIS
--> ProgramFilesDir/p2pmax.exe
[DETECTION] Is the TR/Agent.10240.19 Trojan
[DETECTION] Is the TR/Drop.Agent.54255 Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP106\A0016549.exe
[DETECTION] Is the TR/Dldr.VB.iqv Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP106\A0016550.exe
[DETECTION] Is the TR/Dldr.VB.iqv Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP106\A0016551.exe
[DETECTION] Is the TR/Dldr.VB.iqv Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP106\A0016552.exe
[DETECTION] Is the TR/Dldr.VB.iqv Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP106\A0016553.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP106\A0016556.exe
- Archive type: NSIS
--> ProgramFilesDir/ppcb_32.exe
[DETECTION] Is the TR/Dldr.Agent.aswp Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP106\A0016557.exe
[DETECTION] Is the TR/Dldr.VB.iqv Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP106\A0016558.exe
[DETECTION] Is the TR/Dldr.VB.iqv Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP13\A0003020.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP15\A0003102.dll
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP67\A0012095.exe
[DETECTION] Is the TR/FakeAV.1.Gen.103 Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP67\A0012096.exe
- Archive type: NSIS
--> [UnknownDir]/stub_109_4_0_4_0.exe
[DETECTION] Is the TR/Dldr.Smartl.A.3 Trojan
[DETECTION] Contains recognition pattern of the DR/Dldr.TSUpdate.O dropper
[NOTE] The file was deleted!
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP67\A0012097.exe
[DETECTION] Contains recognition pattern of the DR/Drop.Agent.bfr dropper
[NOTE] The file was deleted!
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP67\A0012098.exe
[DETECTION] Contains recognition pattern of the DR/Softomate.U.67 dropper
[NOTE] The file was deleted!
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP67\A0012099.exe
[DETECTION] Is the TR/Dldr.FraudLoa.NC Trojan
[NOTE] The file was deleted!
Begin scan in 'D:\' <HP_RECOVERY>
End of the scan: Sunday, December 07, 2008 19:43
Used time: 1:52:16 Hour(s)
The scan has been done completely.
18470 Scanning directories
791431 Files were scanned
48 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
40 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
791381 Files not concerned
18008 Archives were scanned
7 Warnings
40 Notes
Combo Fix
ComboFix 08-12-06.06 - HP_Administrator 2008-12-07 17:17:59.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.412 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
* Created a new restore point
FILE ::
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
c:\windows\c20232.exe
c:\windows\feoc827.exe
c:\windows\gbg033414.exe
c:\windows\gu58826.exe
c:\windows\hw5305.exe
c:\windows\o255.exe
c:\windows\system32\cont_adsoftinc-remove.exe
c:\windows\system32\pxdiarhejodnod.exe
c:\windows\Tasks\CAAntiSpywareScan_Daily as HP_Administrator at 11 46 AM.job
c:\windows\Tasks\CAAntiSpywareScan_Daily as HP_Administrator at 2 35 PM.job
c:\windows\Tasks\Symantec NetDetect.job
c:\windows\vtj708346.exe
c:\windows\wuan364443.exe
c:\windows\ykgee3362.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
c:\windows\c20232.exe
c:\windows\feoc827.exe
c:\windows\gbg033414.exe
c:\windows\gu58826.exe
c:\windows\hw5305.exe
c:\windows\o255.exe
c:\windows\system32\cont_adsoftinc-remove.exe
c:\windows\system32\pxdiarhejodnod.exe
c:\windows\Tasks\CAAntiSpywareScan_Daily as HP_Administrator at 11 46 AM.job
c:\windows\Tasks\CAAntiSpywareScan_Daily as HP_Administrator at 2 35 PM.job
c:\windows\Tasks\Symantec NetDetect.job
c:\windows\vtj708346.exe
c:\windows\wuan364443.exe
c:\windows\ykgee3362.exe
.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.
2008-12-07 14:21 . 2008-12-07 14:54 <DIR> d-------- C:\ComboFix.com
2008-12-07 14:20 . 2008-12-07 14:20 <DIR> d-------- C:\comkbofix.com
2008-12-06 15:32 . 2008-12-06 15:32 <DIR> d-------- c:\program files\Trend Micro
2008-12-06 09:38 . 2008-12-06 18:43 <DIR> d-------- c:\program files\ThreatFire
2008-12-06 09:38 . 2008-12-06 18:41 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-06 09:38 . 2008-12-06 09:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2008-12-02 11:13 . 2008-12-02 11:13 672,256 --a------ c:\windows\system32\nso39A.dll
2008-11-12 03:57 . 2008-09-04 12:15 1,106,944 --a------ c:\windows\system32\dllcache\msxml3.dll
2008-11-12 03:57 . 2008-10-24 06:21 455,296 --a------ c:\windows\system32\dllcache\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 21:59 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-07 21:58 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\LimeWire
2008-12-07 21:15 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-07 01:12 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\U3
2008-12-06 19:53 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-03 23:00 --------- d-----w c:\program files\Norton Security Scan
2008-12-02 15:33 --------- d-----w c:\program files\LimeWire
2008-12-01 23:31 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\MediaMan
2008-11-27 03:24 --------- d-----w c:\program files\Common Files\Adobe
2008-11-17 16:33 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-06 23:11 --------- d-----w c:\program files\MediaMan
2008-10-26 15:49 45,056 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-10-26 15:49 44,032 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-10-25 18:10 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2008-10-25 18:10 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-25 18:03 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 07:07 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:34 337,408 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-13 23:02 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Verizon
2008-10-13 23:01 --------- d-----w c:\program files\Verizon
2008-10-12 21:54 --------- d-----w c:\documents and settings\All Users\Application Data\MediaMan
2008-10-12 18:43 --------- d-----w c:\program files\Sun
2008-10-12 18:43 --------- d-----w c:\program files\Java
2008-10-10 22:00 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-03 17:41 6,066,176 ----a-w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\dllcache\srv.sys
2008-08-06 21:20 738 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2008-02-22 20:50 630,784 ----a-w c:\documents and settings\HP_Administrator\GoToAssist_chat2way__317_en.exe
2008-01-15 20:36 557,056 ----a-w c:\documents and settings\HP_Administrator\GoToAssist_phone__317_en.exe
2008-01-11 15:25 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2007-06-20 23:30 141 ----a-w c:\documents and settings\HP_Administrator\2950.bat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-05-16 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"RTHDCPL"="RTHDCPL.EXE" [2005-04-13 c:\windows\RTHDCPL.EXE]
c:\documents and settings\Lisa\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-01-19 3450608]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-01-19 3450608]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\spybot\Spybot - Search & Destroy
advcheck.dll [2005-05-31 157344]
aports.dll [2005-05-31 28672]
blindman.exe [2005-05-31 47256]
borlndmm.dll [2005-05-31 22528]
Default configuration.ini [2005-05-31 2161]
delphimm.dll [2005-05-31 15872]
messages.zres [2005-05-31 25726]
OptOut.ini [2005-05-31 2683]
SDHelper.dll [2005-05-31 853672]
SpybotSD.exe [2005-05-31 4393096]
spybotsd.xml [2004-05-12 12507]
TeaTimer.exe [2005-05-31 1415824]
Tools.dll [2005-05-31 461464]
UnzDll.dll [2005-05-31 122368]
Update.exe [2005-05-31 417408]
ZipDll.dll [2005-05-31 139776]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\spybot\Spybot - Search & Destroy\Dummies
dummy.cd_clint.dll [2004-05-12 48640]
dummy.dap.gif [2005-05-31 252]
dummy.data.xml [2005-05-31 402]
dummy.default.gif [2005-05-31 252]
dummy.related.htm [2005-05-31 646]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\spybot\Spybot - Search & Destroy\Help
Deutsch.license.txt [2005-05-31 5289]
English.chm [2005-08-23 192712]
English.license.txt [2005-09-29 5198]
English.Resident.chm [2005-07-21 42564]
Francais.license.txt [2005-05-31 6066]
Italiano.license.txt [2005-05-31 5676]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\spybot\Spybot - Search & Destroy\Includes
Browserpages.sbs [2005-04-27 3134]
CLSIDs.sbs [2005-09-21 373842]
CLSIDs.tnfo [2004-10-11 219575]
Cookies.sbb [2004-06-16 1229]
Cookies.sbi [2006-03-03 751]
Cookies.sbs [2005-10-06 2825]
Dialer.sbi [2006-03-03 114574]
Dialer.sbs [2003-01-01 51]
Domains.sbs [2006-03-02 49727]
Hijackers.sbi [2006-03-03 168644]
Hosts.sbs [2004-05-12 27093]
Keyloggers.sbi [2006-03-03 10868]
Logs.uts [2003-01-01 992]
LSP.sbi [2004-05-12 422]
LSP.sbs [2005-05-31 4873]
Malware.sbi [2006-03-03 122305]
OperaPlugins.sbs [2005-04-26 1270]
ProcWatch.sbs [2004-07-07 69516]
PUPS.sbi [2006-03-03 18662]
RegWatch.sbs [2005-02-18 4490]
Revision.sbi [2006-03-03 398]
Revision.sbs [2005-04-29 167]
Searchpages.sbs [2005-04-27 214]
Security.sbi [2006-03-03 6932]
Services.sbs [2006-03-02 653812]
Spybots.sbi [2006-03-03 88330]
Startup.tnfo [2005-05-31 1821639]
Targets.nfo [2006-03-02 209763]
Tracks.uti [2005-02-17 33196]
Trojans.sbi [2006-03-03 70232]
URL-Blacklist.sbs [2005-11-07 14147]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\spybot\Spybot - Search & Destroy\Languages
Deutsch.sbl [2005-05-31 95877]
English.sbl [2005-12-01 78384]
Espanol.sbl [2005-05-31 91038]
Francais.sbl [2005-05-31 93352]
Italiano.sbl [2005-05-31 89769]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\spybot\Spybot - Search & Destroy\Skins
Colorblind.ini [2005-01-27 536]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\spybot\Spybot - Search & Destroy\Updates
clsid.zip [2005-09-23 374020]
desc.english.zip [2006-03-03 55971]
downloaded.ini [2006-03-05 4069]
help.english.zip [2006-02-17 188648]
helpres.english.zip [2005-07-25 34970]
includes.zip [2006-03-03 1437021]
lang.english.zip [2005-12-23 23453]
online.ini [2006-03-05 44058]
skins.main.zip [2005-01-28 393]
startup.zip [2004-10-14 287255]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-10-02 1283608]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlackBerry Desktop Redirector.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlackBerry Desktop Redirector.lnk
backup=c:\windows\pss\BlackBerry Desktop Redirector.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Verizon\\Media Manager\\MediaManager.exe"=
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-04-08 24652]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [2005-05-16 85248]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41d10103-c3f3-11dd-815e-0013d405f979}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{801c2bf0-7157-11dd-8123-0013d405f979}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92d34e60-b7d7-11dd-814e-0013d405f979}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2fef14e-22ea-11dd-80e9-0013d405f979}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2008-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-12-04 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2008-04-13 19:12]
2008-01-19 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 18:52]
2008-01-19 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2006-11-21 20:08]
2008-12-03 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2008-01-09 03:08]
2008-12-06 c:\windows\Tasks\WebReg Photosmart C4380 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-11-05 05:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.netflix.com/MemberHome
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Handler: mediaman - {F00B23B6-E372-4227-BCD9-CDC32EA1521E} - c:\program files\MediaMan\CoMProt.dll
c:\windows\Downloaded Program Files\SearchEngineQuery.dll - O16 -: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400}
hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
FireFox -: Profile - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\xg71zalf.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.thetechguide.com/forum/index.php?showforum=4
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\mozilla firefox\plugins\npsnapfish.dll
FF -: plugin - c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF -: plugin - c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-12-07 17:22:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-12-07 17:27:41
ComboFix-quarantined-files.txt 2008-12-07 22:27:31
ComboFix2.txt 2008-12-07 19:54:48
Pre-Run: 202,217,492,480 bytes free
Post-Run: 202,202,443,776 bytes free
314 --- E O F --- 2008-11-12 14:11:27
Post by: guestolo on December 07, 2008, 09:54:48 PM
Quote
But I still have the Yoog default search bar instead of Google
Is that in both IE and firefox?
Can you do the following
Go to the following link
http://www.billsway.com/vbspage/ (http://\"http://www.billsway.com/vbspage/\")
Scroll down the page
and download the "Registry Search Tool"
Unzip RegSrch.zip to the desktop
Double click on RegSrch.vbs
**If you get a warning from your Anti Virus please ignore it and allow this to run.**
When it starts, you will be prompted to enter a search phrase.
Enter this:
Yoog
Click OK, it will disappear and won't look as if it's doing anything. When it's done searching, a prompt will come up saying how many instances it found. Click OK, and a notepad will open up.
Can you save this text file to your desktop
Then come here and post it's whole contents
ALSO:
go to this link
http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")
Copy and paste the following bold line to the space next to 'Upload a File'
If using Firefox, you may have to paste to the Filename field of the File Upload box that opens
Or Browse to the file
c:\windows\system32\nso39A.dll
Then use the SEND FILE button
Let it finish scanning
Could you post back the results this scan back here please
Or better yet, just link to the results page
EDIT>>In addition, I see Spybot didn't get installed correctly
Can you send the following folder to your recycle bin please
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\spybot
Post by: Andy k on December 08, 2008, 11:33:17 AM
; RegSrch.vbs © Bill James
; Registry search results for string "Yoog" 12/8/2008 11:23:13 AM
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it\www]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com\www]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it\www]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it\www]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com\www]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it\www]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it\www]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com\www]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it\www]
[HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\Software\Microsoft\Internet Explorer\SearchScopes\{4AE28838-F260-452E-AC17-B117A4330749}]
"URL"="http://www9.yoog.com/search.php?q={searchTerms}"
[HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\Software\Microsoft\Internet Explorer\SearchScopes\{4AE28838-F260-452E-AC17-B117A4330749}]
"DisplayName"="Yoog Search"
[HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it]
[HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it\www]
[HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com]
[HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com\www]
[HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it]
[HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it\www]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gyoogle.it\www]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogee.com\www]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoogle.it\www]
Virus Total has me queued for the next 20 mins, I'll link to the results after thats finished
Post by: Andy k on December 08, 2008, 11:59:45 AM
Post by: JohnOwen on December 08, 2008, 01:15:40 PM
Thought i would register to post this. I got the dreaded yoog search on friday on a company laptop. I have not been able to find any reference to it at all. I have been in touch with our anti virus people (AVG enterprise) and Kaspersky which i use on the laptop. Neither of which has been able to offer a solution. However i have managed to get rid of it reliably today.
I use a Windows Vista Ultimate Laptop. I found 3 references to Yoog search in my add/remove programs. These involved Addcertion programs which i removed. After, i uninstalled Firefox (My default browser) I then tore apart the registry for all traces of Mozilla (easiest way i found is to just the registry for Mozilla) After i removed these entries i removed the Yoog Search from IE7 and restarted the computer. I downloaded and reinstall firefox and all is OK.
I dont know what Yoog is all about. The main problems i had was onoly being able to browse cached pages and the odd random popup.
I also connected to our test environment i made a couple of searches using Yoog search and our network monitor did not pick up any information being sent that shouldn't be.
Hope this helps....
Sorry just to add, if you are using firefox. Dont worry about exporting your bookmarks, download foxmarks. Sync them online and you can simply sync again once firefox is reinstalled
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
Post by: guestolo on December 08, 2008, 01:51:11 PM
I'm just trying to get more info about it
Had another user that reinstall Firefox also, we may go that route, but for now
Andy
Can I bug you to do the following please
Find and delete that file
c:\windows\system32\nso39A.dll < -this file
Can you next please do the following
Download and save to desktop
RegQuery.exe (http://\"http://rathat.geekstogo.com/Applications/RegQuery.exe\") by Novicate
Double click to run it
In the "Enter Key Name" field
Copy and Paste the following
[HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\Software\Microsoft\Internet Explorer\SearchScopes]
Then click on "Query"
A text file should open, can you copy and paste back here the contents please
Do the same with the next one
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
Are you having problems in both Firefox and IE?
Post by: Andy k on December 08, 2008, 02:02:01 PM
First one
Windows Registry Editor Version 5.00
[HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{4AE28838-F260-452E-AC17-B117A4330749}"
"Version"=dword:00000001
[HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\Software\Microsoft\Internet Explorer\SearchScopes\{4AE28838-F260-452E-AC17-B117A4330749}]
"URL"="http://www9.yoog.com/search.php?q={searchTerms}"
"DisplayName"="Yoog Search"
[HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\Software\Microsoft\Internet Explorer\SearchScopes\{D29F7DBF-938D-4CF9-9D4A-3BC684827B7E}]
"DisplayName"="Google"
"URL"="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
Second
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{4AE28838-F260-452E-AC17-B117A4330749}"
"Version"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4AE28838-F260-452E-AC17-B117A4330749}]
"URL"="http://www9.yoog.com/search.php?q={searchTerms}"
"DisplayName"="Yoog Search"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D29F7DBF-938D-4CF9-9D4A-3BC684827B7E}]
"DisplayName"="Google"
"URL"="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
Post by: Andy k on December 08, 2008, 02:06:59 PM
Can I bug you to do the following please[/quote]
LOL
I'm actually enjoying this. I wish I knew exactly how to manipulate the information you are requesting of me. I'm a very curious individual. I'm resisting the urge to ask "WHY?" on every instruction.
Just a heads up, I am leaving for work in about 30 mins and I wont back with this computer until about 8pm Eastern so you can take a breather from this.
Post by: guestolo on December 08, 2008, 02:12:08 PM
Can you try a step for me please
In IE7, beside the Address bar, is a Search bar
To the right of the search bar is a magnifying glass and a drop down arrow
Left click the drop down arrow
and select>>"Change Search Defaults"
If you see "Yoog Search" in the list
Highlight it and Remove it
Then highlight Google and set to Default
Close IE7
Access your Add and Remove Programs and if the following are still present
Contextual Platform Adsoftinc
RON Tool Adsoftinc
Try and remove both of them
Afterwards, restart IE7
Can you then use RegQuery.exe and query those 2 strings you just did
and post the findings please
Quote
Just a heads up, I am leaving for work in about 30 mins and I wont back with this computer until about 8pm Eastern so you can take a breather from this.Not a problem, I'm actually trying to find an installer for this so I can play with it on my own computer
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: Andy k on December 08, 2008, 02:13:47 PM
Post by: guestolo on December 08, 2008, 02:15:49 PM
Post by: Andy k on December 08, 2008, 02:17:34 PM
[HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{D29F7DBF-938D-4CF9-9D4A-3BC684827B7E}"
"Version"=dword:00000001
[HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\Software\Microsoft\Internet Explorer\SearchScopes\{D29F7DBF-938D-4CF9-9D4A-3BC684827B7E}]
"DisplayName"="Google"
"URL"="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{D29F7DBF-938D-4CF9-9D4A-3BC684827B7E}"
"Version"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D29F7DBF-938D-4CF9-9D4A-3BC684827B7E}]
"DisplayName"="Google"
"URL"="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
I did the same removal on FireFox, hope that wasn't a mistake
Post by: guestolo on December 08, 2008, 02:19:21 PM
I'm curious if they were still there
Is IE7 acting back to Normal now?
What about Firefox?
Post by: Andy k on December 08, 2008, 02:22:19 PM
IE7 seems fine, and I thought FireFox was good, but I just got a pop-up add titled "Contextual Adds by Addsoft"
Post by: guestolo on December 08, 2008, 02:27:21 PM
I'll let you get to work, I want to check my settings in Firefox
We can always reinstall Firefox
But there may be an easy solution, not sure
Let me get back to you
Post by: Andy k on December 08, 2008, 02:29:24 PM
lol
Post by: guestolo on December 08, 2008, 02:33:12 PM
Can you do the following
Set Windows to Show Hidden files/folder
In MyComputer select TOOLS>>FOLDER OPTIONS>>VIEW
Select the Radio button to Show hidden files/folders
Apply and OK it
Navigate to the following folder
C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\*********.default
In that folder right click on prefs.js and select EDIT
Copy/paste back here the contents of that file please
EDIT>>Since your gone to work, I may as well edit this post
Before you post back the contents of prefs.js
Can we run Malwarebytes Anti-Malware please
Here's instructions:
download Malwarebytes' Anti-Malware from Here (http://\"http://www.besttechie.net/tools/mbam-setup.exe\") or Here (http://\"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html\")
Save the installer to desktop
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Post by: Andy k on December 08, 2008, 07:46:00 PM
Post by: Andy k on December 08, 2008, 07:58:49 PM
Database version: 1475
Windows 5.1.2600 Service Pack 3
12/8/2008 7:57:01 PM
mbam-log-2008-12-08 (19-57-01).txt
Scan type: Quick Scan
Objects scanned: 61250
Time elapsed: 8 minute(s), 27 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhc90cj0ea2v (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\HP_Administrator\GoToAssist_chat2way__317_en.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Prefs Script
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs (http://\"http://www.mozilla.org/unix/customizing.html#prefs\")
*/
user_pref("4chan.ch_frames", true);
user_pref("4chan.chan_frames", false);
user_pref("4chan.disable_all_page_features", false);
user_pref("4chan.enable_inline_post_expand", true);
user_pref("4chan.enable_post_expander", true);
user_pref("4chan.enable_quick_reply", true);
user_pref("4chan.enable_thread_watch", true);
user_pref("4chan.force_menu_background_colour", false);
user_pref("4chan.hidden_posts", "");
user_pref("4chan.hiddenboards", "");
user_pref("4chan.hide_closed_boards", false);
user_pref("4chan.hp_enable", true);
user_pref("4chan.ii_enable", true);
user_pref("4chan.ii_enable_spoiler", true);
user_pref("4chan.ii_last_shown_ad", 1218058436);
user_pref("4chan.ii_limit_size", false);
user_pref("4chan.ii_max_height", 1000);
user_pref("4chan.ii_max_width", 1000);
user_pref("4chan.ii_width_newline_threshold", 500);
user_pref("4chan.last_run_version", "0.4.5.12");
user_pref("4chan.menu_background_colour", "white");
user_pref("4chan.nav_bottom_space", false);
user_pref("4chan.nav_enable", true);
user_pref("4chan.parser_max_replies", 100);
user_pref("4chan.parser_runtime_parsing", true);
user_pref("4chan.qr_close", true);
user_pref("4chan.qr_default_email", "");
user_pref("4chan.qr_default_username", "");
user_pref("4chan.qr_focus_after_quote", true);
user_pref("4chan.qr_inline", true);
user_pref("4chan.qr_quote_new_line", false);
user_pref("4chan.qr_show_quote", true);
user_pref("4chan.qr_show_quote_reply", false);
user_pref("4chan.reports_show_button", true);
user_pref("4chan.show_menu_bar", true);
user_pref("4chan.show_right_click", true);
user_pref("4chan.show_to_first_post_button", true);
user_pref("4chan.switch_menu_click_behaviour", false);
user_pref("4chan.tw_inline_pos_x", 10);
user_pref("4chan.tw_inline_pos_y", 40);
user_pref("4chan.tw_show_inline", true);
user_pref("accessibility.typeaheadfind.flashBar", 0);
user_pref("app.update.disable_button.showUpdateHistory", false);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1228680445);
user_pref("app.update.lastUpdateTime.background-update-timer", 1228680445);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1228681045);
user_pref("app.update.lastUpdateTime.microsummary-generator-update-timer", 1228680445);
user_pref("app.update.lastUpdateTime.restart-nag-timer", 1196474986);
user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1228753786);
user_pref("bettergmail2.enabled.addrowhighlights", true);
user_pref("bettergmail2.enabled.airskin", false);
user_pref("bettergmail2.enabled.attachmenticons", true);
user_pref("bettergmail2.enabled.bluegreyskin", false);
user_pref("bettergmail2.enabled.blueskin", false);
user_pref("bettergmail2.enabled.bottomposting", false);
user_pref("bettergmail2.enabled.bottompostinreply", false);
user_pref("bettergmail2.enabled.composeto", false);
user_pref("bettergmail2.enabled.filterassistant", false);
user_pref("bettergmail2.enabled.filterasst", false);
user_pref("bettergmail2.enabled.folders4gmail", false);
user_pref("bettergmail2.enabled.folders4gmailredesigned", false);
user_pref("bettergmail2.enabled.forceencrypted", false);
user_pref("bettergmail2.enabled.gmailblue", false);
user_pref("bettergmail2.enabled.graysandblues", false);
user_pref("bettergmail2.enabled.hidechat", false);
user_pref("bettergmail2.enabled.hidegmailchat", false);
user_pref("bettergmail2.enabled.hideinvites", true);
user_pref("bettergmail2.enabled.hideinvitesbox", true);
user_pref("bettergmail2.enabled.hidespamcount", false);
user_pref("bettergmail2.enabled.htmlsigs", false);
user_pref("bettergmail2.enabled.inboxcount", true);
user_pref("bettergmail2.enabled.inboxcountfirst", true);
user_pref("bettergmail2.enabled.labellinks4gmail", false);
user_pref("bettergmail2.enabled.macros", false);
user_pref("bettergmail2.enabled.macros-sewpafly", false);
user_pref("bettergmail2.enabled.macrosmodified", false);
user_pref("bettergmail2.enabled.none", true);
user_pref("bettergmail2.enabled.redesigned", false);
user_pref("bettergmail2.enabled.rowhighlights", true);
user_pref("bettergmail2.enabled.secure", true);
user_pref("bettergmail2.enabled.showagenda", false);
user_pref("bettergmail2.enabled.showbcc", false);
user_pref("bettergmail2.enabled.showbccalways", false);
user_pref("bettergmail2.enabled.showbccautomatically", false);
user_pref("bettergmail2.enabled.showbccctrlshiftb", false);
user_pref("bettergmail2.enabled.showbccctrlshiftv", false);
user_pref("bettergmail2.enabled.showcc", false);
user_pref("bettergmail2.enabled.showccalways", false);
user_pref("bettergmail2.enabled.showccautomatically", false);
user_pref("bettergmail2.enabled.showccctrlshiftc", false);
user_pref("bettergmail2.enabled.showcollapsiblecalendarandreader", false);
user_pref("bettergmail2.enabled.showeditablesubject", false);
user_pref("bettergmail2.enabled.showmessagedetails", false);
user_pref("bettergmail2.enabled.showmsgdetails", false);
user_pref("bettergmail2.enabled.spamcounthide", false);
user_pref("bettergmail2.loaded", true);
user_pref("browser.anchor_color", "#0000FF");
user_pref("browser.cache.disk.capacity", 65536);
user_pref("browser.display.background_color", "#C0C0C0");
user_pref("browser.display.use_system_colors", true);
user_pref("browser.download.dir", "C:\\Documents and Settings\\HP_Administrator\\Desktop");
user_pref("browser.download.downloadDir", "C:\\Documents and Settings\\HP_Administrator\\My Documents\\My Downloads");
user_pref("browser.download.lastDir", "C:\\Documents and Settings\\HP_Administrator\\Desktop");
user_pref("browser.download.manager.alertOnEXEOpen", false);
user_pref("browser.download.manager.showAlertOnComplete", false);
user_pref("browser.download.manager.showWhenStarting", false);
user_pref("browser.download.save_converter_index", 0);
user_pref("browser.download.useDownloadDir", false);
user_pref("browser.feeds.handler.default", "bookmarks");
user_pref("browser.feeds.showFirstRunUI", false);
user_pref("browser.formfill.enable", false);
user_pref("browser.history_expire_days", 0);
user_pref("browser.history_expire_days.mirror", 180);
user_pref("browser.link.open_external", 2);
user_pref("browser.migration.version", 1);
user_pref("browser.places.importBookmarksHTML", false);
user_pref("browser.places.importDefaults", false);
user_pref("browser.places.leftPaneFolderId", -1);
user_pref("browser.places.migratePostDataAnnotations", false);
user_pref("browser.places.smartBookmarksVersion", 1);
user_pref("browser.places.updateRecentTagsUri", false);
user_pref("browser.preferences.advanced.selectedTabIndex", 1);
user_pref("browser.search.selectedEngine", "Yoog Search");
user_pref("browser.search.useDBForOrder", true);
user_pref("browser.shell.checkDefaultBrowser", false);
user_pref("browser.startup.homepage", "http://www.thetechguide.com/forum/index.php?showforum=4");
user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.4");
user_pref("browser.tabs.warnOnClose", false);
user_pref("browser.visited_color", "#800080");
user_pref("content.interrupt.parsing", true);
user_pref("content.notify.backoffcount", 5);
user_pref("downbar.function.donateTextInterval", "1228759394996");
user_pref("downbar.function.firstRun", false);
user_pref("downbar.function.useTooltipOpacity", true);
user_pref("downbar.function.version", "0.9.6");
user_pref("extensions.adblockplus.checkedadblockinstalled", true);
user_pref("extensions.adblockplus.checkedtoolbar", true);
user_pref("extensions.adblockplus.currentVersion", "1.0");
user_pref("extensions.adblockplus.showinstatusbar", true);
user_pref("extensions.adblockplus.showsubscriptions", false);
user_pref("extensions.enabledItems", "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0,[email protected]:0.7.1,[email protected]:1.9,{D
4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.3,[email protected]:2.11,{EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.16,[email protected]:1.1,{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02,{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,[email protected]:1.0,[email protected]:1.3.0.13,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4");
user_pref("extensions.fastdial.version", "2.11");
user_pref("extensions.googlepreview.insertranks", true);
user_pref("extensions.googlepreview.maxPerPage", 10);
user_pref("extensions.googlepreview.showGP", true);
user_pref("extensions.googlepreview.version", 314);
user_pref("extensions.lastAppVersion", "3.0.4");
user_pref("extensions.piclens.EffectsMode", "auto");
user_pref("extensions.piclens.InstanceId", "gzmv8EM2CU6tUzGr5qbKnA==");
user_pref("extensions.piclens.ShowWelcomeOnUpdate", "true");
user_pref("extensions.piclens.UpdateInfo", "H4sIAAAAAAAAC+1Wz0/CMBT+b3oiZIMpXnZAoidIiFvwQHYo7ZM1dK1p35j897aDEBHlopG4dL297/3+9iXPojbAM6RoF2Cs0CqNB8Q2T6A4GDAeqW06IKquprRWrASbRsQ68xyM0D7UYC4qcHGDOB7Go9ukn9
wlw9ENQY1UzgWbgrKtS9SP2s9nm2kOuaHKCnRVfVJnHPO8rKvVRAq2OZiykhp4BOAryjYfgQdFVxLOXA/1jnYL1Piu73f57hXSZdQ7ewWBN4HOYwZYan7mUxCmFYLCSUnVGi45bgU0HnfDHdCCoBv9s62hUo5ZO/m32U4zV6f7+iKqILJlaA/YI1IQKwWHxb61/RaWl4pdaKP3T+JcYNcnLAjdrjPPrNfWD4nt/Wnzodrv/bBhl9dmrhXiVFMedBh0GHZ5RR2+UCGBeymGQ6dLh44FCQyBP7urOZyxXWO3Cax2j9V3");
user_pref("extensions.piclens.Version", "1.7.0.3459");
user_pref("extensions.speeddial.currentVersion", "0.7.2.6");
user_pref("extensions.speeddial.maximumWidth", 2400);
user_pref("extensions.speeddial.thumbnailImageHeight", 800);
user_pref("extensions.speeddial.thumbnailImageWidth", 800);
user_pref("extensions.speeddial.widthModifier", 80);
user_pref("extensions.update.notifyUser", false);
user_pref("extensions.yapta.currentversion", "1.3.0.13");
user_pref("extensions.yapta.firstrun", false);
user_pref("extensions.yapta.sidebar.autoopen", false);
user_pref("font.size.variable.x-western", 20);
user_pref("googlepreview.insertimages", true);
user_pref("intl.accept_languages", "en-us");
user_pref("intl.charsetmenu.browser.cache", "UTF-8, ISO-8859-1, windows-1252, windows-1250, us-ascii");
user_pref("keyword.URL", "http://www9.yoog.com/search.php?q=");
user_pref("network.cookie.lifetimePolicy", 2);
user_pref("network.cookie.prefsMigrated", true);
user_pref("network.dns.disableIPv6", true);
user_pref("network.http.pipelining", true);
user_pref("network.http.pipelining.maxrequests", 8);
user_pref("network.http.pipelining.ssl", true);
user_pref("network.http.proxy.pipelining", true);
user_pref("network.proxy.no_proxies_on", "*.local");
user_pref("nglayout.initialpaint.delay", 0);
user_pref("plugin.expose_full_path", true);
user_pref("pref.browser.homepage.disable_button.current_page", false);
user_pref("pref.general.disable_button.default_browser", false);
user_pref("pref.privacy.disable_button.cookie_exceptions", false);
user_pref("pref.privacy.disable_button.view_cookies", false);
user_pref("print.print_bgcolor", false);
user_pref("print.print_bgimages", false);
user_pref("print.print_command", "");
user_pref("print.print_downloadfonts", true);
user_pref("print.print_evenpages", true);
user_pref("print.print_in_color", true);
user_pref("print.print_margin_bottom", "0.5");
user_pref("print.print_margin_left", "0.5");
user_pref("print.print_margin_right", "0.5");
user_pref("print.print_margin_top", "0.5");
user_pref("print.print_oddpages", true);
user_pref("print.print_orientation", 0);
user_pref("print.print_pagedelay", 500);
user_pref("print.print_paper_data", 0);
user_pref("print.print_paper_height", " 11.00");
user_pref("print.print_paper_size", 1667591790);
user_pref("print.print_paper_size_type", 1);
user_pref("print.print_paper_size_unit", 0);
user_pref("print.print_paper_width", " 8.50");
user_pref("print.print_printer", "HP Photosmart C4380 series");
user_pref("print.print_reversed", false);
user_pref("print.print_scaling", " 1.00");
user_pref("print.print_shrink_to_fit", true);
user_pref("print.print_to_file", false);
user_pref("print.print_to_filename", "");
user_pref("print.printer_HP_Photosmart_C4380_series.print_bgcolor", false);
user_pref("print.printer_HP_Photosmart_C4380_series.print_bgimages", false);
user_pref("print.printer_HP_Photosmart_C4380_series.print_command", "");
user_pref("print.printer_HP_Photosmart_C4380_series.print_downloadfonts", true);
user_pref("print.printer_HP_Photosmart_C4380_series.print_edge_bottom", 0);
user_pref("print.printer_HP_Photosmart_C4380_series.print_edge_left", 0);
user_pref("print.printer_HP_Photosmart_C4380_series.print_edge_right", 0);
user_pref("print.printer_HP_Photosmart_C4380_series.print_edge_top", 0);
user_pref("print.printer_HP_Photosmart_C4380_series.print_evenpages", true);
user_pref("print.printer_HP_Photosmart_C4380_series.print_footercenter", "");
user_pref("print.printer_HP_Photosmart_C4380_series.print_footerleft", "&PT");
user_pref("print.printer_HP_Photosmart_C4380_series.print_footerright", "&D");
user_pref("print.printer_HP_Photosmart_C4380_series.print_headercenter", "");
user_pref("print.printer_HP_Photosmart_C4380_series.print_headerleft", "&T");
user_pref("print.printer_HP_Photosmart_C4380_series.print_headerright", "&U");
user_pref("print.printer_HP_Photosmart_C4380_series.print_in_color", true);
user_pref("print.printer_HP_Photosmart_C4380_series.print_margin_bottom", "0.5");
user_pref("print.printer_HP_Photosmart_C4380_series.print_margin_left", "0.5");
user_pref("print.printer_HP_Photosmart_C4380_series.print_margin_right", "0.5");
user_pref("print.printer_HP_Photosmart_C4380_series.print_margin_top", "0.5");
user_pref("print.printer_HP_Photosmart_C4380_series.print_oddpages", true);
user_pref("print.printer_HP_Photosmart_C4380_series.print_orientation", 0);
user_pref("print.printer_HP_Photosmart_C4380_series.print_pagedelay", 500);
user_pref("print.printer_HP_Photosmart_C4380_series.print_paper_data", 1);
user_pref("print.printer_HP_Photosmart_C4380_series.print_paper_height", " 11.00");
user_pref("print.printer_HP_Photosmart_C4380_series.print_paper_size", 1667591790);
user_pref("print.printer_HP_Photosmart_C4380_series.print_paper_size_type", 0);
user_pref("print.printer_HP_Photosmart_C4380_series.print_paper_size_unit", 0);
user_pref("print.printer_HP_Photosmart_C4380_series.print_paper_width", " 8.50");
user_pref("print.printer_HP_Photosmart_C4380_series.print_reversed", false);
user_pref("print.printer_HP_Photosmart_C4380_series.print_scaling", " 1.00");
user_pref("print.printer_HP_Photosmart_C4380_series.print_shrink_to_fit", true);
user_pref("print.printer_HP_Photosmart_C4380_series.print_to_file", false);
user_pref("print.printer_HP_Photosmart_C4380_series.print_to_filename", "");
user_pref("print.printer_HP_Photosmart_C4380_series.print_unwriteable_margin_bottom", 0);
user_pref("print.printer_HP_Photosmart_C4380_series.print_unwriteable_margin_left", 0);
user_pref("print.printer_HP_Photosmart_C4380_series.print_unwriteable_margin_right", 0);
user_pref("print.printer_HP_Photosmart_C4380_series.print_unwriteable_margin_top", 0);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_bgcolor", false);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_bgimages", false);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_command", "");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_downloadfonts", true);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_evenpages", true);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_footercenter", "");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_footerleft", "&PT");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_footerright", "&D");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_headercenter", "");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_headerleft", "&T");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_headerright", "&U");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_in_color", true);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_margin_bottom", "0.5");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_margin_left", "0.5");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_margin_right", "0.5");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_margin_top", "0.5");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_oddpages", true);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_orientation", 0);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_pagedelay", 500);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_paper_data", 1);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_paper_height", " 11.00");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_paper_size", 1667591790);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_paper_size_type", 0);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_paper_size_unit", 0);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_paper_width", " 8.50");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_reversed", false);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_scaling", " 1.00");
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_shrink_to_fit", true);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_to_file", false);
user_pref("print.printer_HP_Photosmart_C4380_series_(Copy_2).print_to_filename", "");
user_pref("print.printer_Send_To_OneNote_2007.print_bgcolor", false);
user_pref("print.printer_Send_To_OneNote_2007.print_bgimages", false);
user_pref("print.printer_Send_To_OneNote_2007.print_command", "");
user_pref("print.printer_Send_To_OneNote_2007.print_downloadfonts", true);
user_pref("print.printer_Send_To_OneNote_2007.print_evenpages", true);
user_pref("print.printer_Send_To_OneNote_2007.print_footercenter", "");
user_pref("print.printer_Send_To_OneNote_2007.print_footerleft", "&PT");
user_pref("print.printer_Send_To_OneNote_2007.print_footerright", "&D");
user_pref("print.printer_Send_To_OneNote_2007.print_headercenter", "");
user_pref("print.printer_Send_To_OneNote_2007.print_headerleft", "&T");
user_pref("print.printer_Send_To_OneNote_2007.print_headerright", "&U");
user_pref("print.printer_Send_To_OneNote_2007.print_in_color", true);
user_pref("print.printer_Send_To_OneNote_2007.print_margin_bottom", "0.5");
user_pref("print.printer_Send_To_OneNote_2007.print_margin_left", "0.5");
user_pref("print.printer_Send_To_OneNote_2007.print_margin_right", "0.5");
user_pref("print.printer_Send_To_OneNote_2007.print_margin_top", "0.5");
user_pref("print.printer_Send_To_OneNote_2007.print_oddpages", true);
user_pref("print.printer_Send_To_OneNote_2007.print_orientation", 0);
user_pref("print.printer_Send_To_OneNote_2007.print_pagedelay", 500);
user_pref("print.printer_Send_To_OneNote_2007.print_paper_data", 1);
user_pref("print.printer_Send_To_OneNote_2007.print_paper_height", " 11.00");
user_pref("print.printer_Send_To_OneNote_2007.print_paper_size", 1667591790);
user_pref("print.printer_Send_To_OneNote_2007.print_paper_size_type", 0);
user_pref("print.printer_Send_To_OneNote_2007.print_paper_size_unit", 0);
user_pref("print.printer_Send_To_OneNote_2007.print_paper_width", " 8.50");
user_pref("print.printer_Send_To_OneNote_2007.print_reversed", false);
user_pref("print.printer_Send_To_OneNote_2007.print_scaling", " 1.00");
user_pref("print.printer_Send_To_OneNote_2007.print_shrink_to_fit", true);
user_pref("print.printer_Send_To_OneNote_2007.print_to_file", false);
user_pref("print.printer_Send_To_OneNote_2007.print_to_filename", "");
user_pref("print.printer_hp_psc_1200_series.print_bgcolor", false);
user_pref("print.printer_hp_psc_1200_series.print_bgimages", false);
user_pref("print.printer_hp_psc_1200_series.print_command", "");
user_pref("print.printer_hp_psc_1200_series.print_downloadfonts", true);
user_pref("print.printer_hp_psc_1200_series.print_evenpages", true);
user_pref("print.printer_hp_psc_1200_series.print_footercenter", "");
user_pref("print.printer_hp_psc_1200_series.print_footerleft", "&PT");
user_pref("print.printer_hp_psc_1200_series.print_footerright", "&D");
user_pref("print.printer_hp_psc_1200_series.print_headercenter", "");
user_pref("print.printer_hp_psc_1200_series.print_headerleft", "&T");
user_pref("print.printer_hp_psc_1200_series.print_headerright", "&U");
user_pref("print.printer_hp_psc_1200_series.print_in_color", true);
user_pref("print.printer_hp_psc_1200_series.print_margin_bottom", "0.5");
user_pref("print.printer_hp_psc_1200_series.print_margin_left", "0.5");
user_pref("print.printer_hp_psc_1200_series.print_margin_right", "0.5");
user_pref("print.printer_hp_psc_1200_series.print_margin_top", "0.5");
user_pref("print.printer_hp_psc_1200_series.print_oddpages", true);
user_pref("print.printer_hp_psc_1200_series.print_orientation", 0);
user_pref("print.printer_hp_psc_1200_series.print_pagedelay", 500);
user_pref("print.printer_hp_psc_1200_series.print_paper_data", 1);
user_pref("print.printer_hp_psc_1200_series.print_paper_height", " 11.00");
user_pref("print.printer_hp_psc_1200_series.print_paper_size", 7536737);
user_pref("print.printer_hp_psc_1200_series.print_paper_size_type", 0);
user_pref("print.printer_hp_psc_1200_series.print_paper_size_unit", 0);
user_pref("print.printer_hp_psc_1200_series.print_paper_width", " 8.50");
user_pref("print.printer_hp_psc_1200_series.print_reversed", false);
user_pref("print.printer_hp_psc_1200_series.print_scaling", " 1.00");
user_pref("print.printer_hp_psc_1200_series.print_shrink_to_fit", false);
user_pref("print.printer_hp_psc_1200_series.print_to_file", false);
user_pref("print.printer_hp_psc_1200_series.print_to_filename", "");
user_pref("security.warn_viewing_mixed", false);
user_pref("spellchecker.dictionary", "en-US");
user_pref("ui.submenuDelay", 0);
user_pref("urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey", 1229716335);
user_pref("urlclassifier.tableversion.goog-black-enchash", "1.53409");
user_pref("urlclassifier.tableversion.goog-black-url", "1.22409");
user_pref("urlclassifier.tableversion.goog-white-domain", "1.480");
user_pref("urlclassifier.tableversion.goog-white-url", "1.371");
user_pref("xpinstall.whitelist.add", "");
user_pref("xpinstall.whitelist.add.103", "");
Post by: Andy k on December 08, 2008, 08:44:04 PM
Post by: guestolo on December 08, 2008, 11:16:36 PM
Can you again open Pref.js, ensure Firefox is closed
Delete any line referring to Yoog>>Delete the whole line
Ensure to save the changes
Manually navigate to the following folder
C:\Program Files\Mozilla Firefox\searchplugins
Delete any reference to YOOG
Let me know if that helps
I take it that IE7 is still OK?
Post by: Andy k on December 09, 2008, 12:18:32 AM
I edited the prefs script and used Cntrl + F to find everything with "Yoog" in it.
I looked at all the scripts for the searchplugins and none of them had anything to do with Yoog.
Yoog still persists on both FireFox and IE7
Post by: guestolo on December 09, 2008, 12:29:27 AM
and post the results
Here they are again
[HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\Software\Microsoft\Internet Explorer\SearchScopes]
and
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
In addition, if you still have RSIT.exe
can you run it and post both logs
If you have to, upload them please
Just realized you may not have rsit.exe
Here's the instructions
Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< (http://\"http://images.malwareremoval.com/random/RSIT.exe\") and save it to your desktop.
- Double click on RSIT.exe to launch program.
- Click Continue at the disclaimer screen.
- Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
- Once it has finished, two logs will open: log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].
Post by: Andy k on December 09, 2008, 12:52:51 AM
Windows Registry Editor Version 5.00
[HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{1A1B5A47-1C41-4EBE-A2C9-75B29B51C52F}"
"Version"=dword:00000001
[HKEY_USERS\S-1-5-21-2320644526-2321484764-2373605735-1008\Software\Microsoft\Internet Explorer\SearchScopes\{1A1B5A47-1C41-4EBE-A2C9-75B29B51C52F}]
"DisplayName"="Google"
"URL"="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
Second = no yoog
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{1A1B5A47-1C41-4EBE-A2C9-75B29B51C52F}"
"Version"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1A1B5A47-1C41-4EBE-A2C9-75B29B51C52F}]
"DisplayName"="Google"
"URL"="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
Log.txt
Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Administrator at 2008-12-09 00:50:51
Microsoft Windows XP Professional Service Pack 3
System drive C: has 192 GB (84%) free of 230 GB
Total RAM: 1014 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:58 AM, on 12/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\RegQuery.exe
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome (http://\"http://www.netflix.com/MemberHome\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll (http://\"http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll\")
O18 - Protocol: mediaman - {F00B23B6-E372-4227-BCD9-CDC32EA1521E} - C:\Program Files\MediaMan\CoMProt.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 8263 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IType_exe.job
C:\WINDOWS\tasks\Norton Security Scan.job
C:\WINDOWS\tasks\WebReg Photosmart C4380 series.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-07 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-07 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-07 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP view - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21 98304]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-04-05 77824]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-04-05 114688]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-02-26 245760]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-04-13 14156800]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-05-16 180269]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-07 136600]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlackBerry Desktop Redirector.lnk]
C:\PROGRA~1\RESEAR~1\BLACKB~1\REDIRE~1.EXE [2007-10-02 1319024]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-11-05 258048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2007-02-20 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
C:\PROGRA~1\UPDATE~1\309731\Program\UPDATE~1.EXE [2005-05-16 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Nikon Monitor.lnk]
C:\PROGRA~1\COMMON~1\Nikon\Monitor\NKMONI~1.EXE [2007-05-15 479232]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-04-05 131072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Pidgin\pidgin.exe"="C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Verizon\Media Manager\MediaManager.exe"="C:\Program Files\Verizon\Media Manager\MediaManager.exe:*:Enabled:Verizon Media Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41d10103-c3f3-11dd-815e-0013d405f979}]
shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{801c2bf0-7157-11dd-8123-0013d405f979}]
shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92d34e60-b7d7-11dd-814e-0013d405f979}]
shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2fef14e-22ea-11dd-80e9-0013d405f979}]
shell\AutoRun\command - K:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2008-12-09 00:50:51 ----D---- C:\rsit
2008-12-08 19:47:00 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-12-08 19:46:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-08 19:46:53 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-08 12:43:07 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-08 11:55:39 ----D---- C:\Program Files\WinRAR
2008-12-07 19:52:22 ----A---- C:\WINDOWS\~DFF9E2.tmp
2008-12-07 17:46:45 ----D---- C:\Program Files\Avira
2008-12-07 17:46:45 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-12-07 17:41:49 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-07 17:41:49 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-07 17:41:48 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-07 17:41:48 ----A---- C:\WINDOWS\system32\java.exe
2008-12-07 17:36:23 ----SHD---- C:\RECYCLER
2008-12-07 17:27:44 ----D---- C:\WINDOWS\temp
2008-12-07 17:27:42 ----A---- C:\ComboFix.txt
2008-12-07 17:17:20 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-07 14:22:10 ----A---- C:\WINDOWS\zip.exe
2008-12-07 14:22:10 ----A---- C:\WINDOWS\VFIND.exe
2008-12-07 14:22:10 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-07 14:22:10 ----A---- C:\WINDOWS\SWSC.exe
2008-12-07 14:22:10 ----A---- C:\WINDOWS\SWREG.exe
2008-12-07 14:22:10 ----A---- C:\WINDOWS\sed.exe
2008-12-07 14:22:10 ----A---- C:\WINDOWS\grep.exe
2008-12-07 14:22:10 ----A---- C:\WINDOWS\fdsv.exe
2008-12-07 14:21:42 ----D---- C:\ComboFix.com
2008-12-07 14:20:04 ----D---- C:\WINDOWS\ERDNT
2008-12-07 14:20:04 ----D---- C:\Qoobox
2008-12-07 14:20:03 ----D---- C:\comkbofix.com
2008-12-06 15:32:38 ----D---- C:\Program Files\Trend Micro
2008-12-06 09:38:34 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-06 09:38:14 ----D---- C:\Program Files\ThreatFire
2008-12-06 09:38:14 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-12-05 16:56:42 ----A---- C:\WINDOWS\system32\37365c46-.txt
2008-11-12 09:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 09:09:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 09:09:12 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
======List of files/folders modified in the last 1 months======
2008-12-09 00:50:58 ----D---- C:\WINDOWS\Prefetch
2008-12-09 00:14:46 ----D---- C:\Program Files\Mozilla Firefox
2008-12-09 00:06:29 ----D---- C:\WINDOWS
2008-12-09 00:06:05 ----D---- C:\WINDOWS\Registration
2008-12-09 00:06:01 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-09 00:05:53 ----D---- C:\WINDOWS\system32\Lang
2008-12-08 20:51:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-08 19:46:58 ----D---- C:\WINDOWS\system32\drivers
2008-12-08 19:46:53 ----D---- C:\Program Files
2008-12-08 17:15:53 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-08 13:59:06 ----D---- C:\WINDOWS\system32
2008-12-08 12:49:53 ----HD---- C:\Config.Msi
2008-12-08 12:44:02 ----SHD---- C:\WINDOWS\Installer
2008-12-08 12:43:35 ----HD---- C:\WINDOWS\inf
2008-12-08 12:43:33 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-08 12:43:32 ----D---- C:\Program Files\iTunes
2008-12-08 12:43:11 ----D---- C:\Program Files\iPod
2008-12-08 12:43:10 ----D---- C:\Program Files\Common Files\Apple
2008-12-08 12:41:53 ----D---- C:\Program Files\Bonjour
2008-12-08 12:41:28 ----D---- C:\Program Files\QuickTime
2008-12-07 18:00:43 ----D---- C:\Program Files\Norton Security Scan
2008-12-07 17:41:29 ----D---- C:\Program Files\Java
2008-12-07 17:33:58 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-07 17:33:55 ----D---- C:\Program Files\Viewpoint
2008-12-07 17:22:51 ----A---- C:\WINDOWS\system.ini
2008-12-07 17:20:46 ----D---- C:\WINDOWS\AppPatch
2008-12-07 17:20:46 ----D---- C:\Program Files\Common Files
2008-12-07 17:18:24 ----SD---- C:\WINDOWS\Tasks
2008-12-07 16:59:57 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-07 16:58:08 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-12-07 14:44:41 ----D---- C:\WINDOWS\system32\config
2008-12-07 14:31:37 ----D---- C:\Temp
2008-12-06 20:12:14 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\U3
2008-12-06 14:53:34 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-04 05:23:38 ----D---- C:\WINDOWS\system32\FxsTmp
2008-12-02 10:33:06 ----D---- C:\Program Files\LimeWire
2008-12-01 18:31:08 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\MediaMan
2008-11-26 22:24:25 ----D---- C:\Program Files\Common Files\Adobe
2008-11-26 22:24:25 ----D---- C:\Program Files\Adobe
2008-11-21 08:46:50 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-20 18:05:17 ----D---- C:\WINDOWS\Help
2008-11-20 13:37:49 ----D---- C:\Program Files\Outlook Express
2008-11-17 11:33:40 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-12 09:09:28 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 09:09:25 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 09:08:20 ----D---- C:\WINDOWS\WinSxS
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 CXFALCON;Conexant Falcon II NTSC Video Capture; C:\WINDOWS\system32\drivers\cxfalcon.sys [2005-04-11 85248]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidIr;Microsoft Infrared HID Driver; C:\WINDOWS\system32\DRIVERS\hidir.sys [2008-04-13 19200]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-05 830684]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-04-15 2564032]
R3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2008-04-13 46592]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2001-06-04 14112]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-07 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-07 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-03-17 38912]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
-----------------EOF-----------------
Info.txt
info.txt logfile of random's system information tool 1.04 2008-12-09 00:51:01
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Agere Systems PCI Soft Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
FirstClass® Client-->C:\Program Files\InstallShield Installation Information\{5B35C417-2649-11D6-83D1-0050FC01225C}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly
Freeze Clip Art-->"C:\PROGRA~1\Freeze.com\Freeze Clip Art\UNINSTAL.EXE"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GTK+ Runtime 2.12.8 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
Help and Support Additions-->WScript.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\eHelpSetup.jse eHelpUninstall
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Image Zone 4.8.6-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone for Media Center PC-->MsiExec.exe /X{8D0C57BC-4942-4960-BB6D-142456D6F233}
HP Image Zone Plus 4.8.6-->C:\Program Files\HP\Digital Imaging\{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Photosmart Cameras 4.5-->C:\Program Files\HP\Digital Imaging\{ABA2B37F-AB88-486e-870A-52454A23FEE0}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
HP Tunes-->MsiExec.exe /X{6512B303-F989-4C13-B9F6-A99989E4ED54}
HPIZplus450-->MsiExec.exe /X{0E484A60-A429-49A8-982C-D6475F1E80A9}
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Intel® PRO Network Connections Drivers-->Prounstl.exe
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(tm) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
LimeWire 4.16.6-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaMan-->MsiExec.exe /X{0D9CC359-220B-45CF-B95F-A764D9E23F49}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Meeting 2005-->MsiExec.exe /I{25A0133B-8BAC-4E61-8F43-DC6D9D9FE80B}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Plus! Dancer LE-->MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
Mozilla Firefox (3.0.4)-->C:\program files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC10C922-52E9-4739-ACD0-EB0FF035EE7E}\setup.exe" -l0x9
muvee autoProducer unPlugged - HPD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}\setup.exe" -l0x9
MyHeritage Family Tree Builder-->C:\Program Files\MyHeritage\Bin\Uninstall.exe
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Norton Security Scan-->MsiExec.exe /I{48B82226-75E3-4E90-92CC-D30F79EA6380}
ObjectDock-->C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Overball from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\A8B63E91-BB8C-41FF-B530-5BB13C915612\Uninstall.exe"
Photosmart 320,370,7400,8100,8400 Series-->C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
Pizza Hut Shortcut-->msiexec /qb /x {DEA131FA-2D0E-5A74-00B3-8EA471BD5FC9}
Pizza Hut Shortcut-->MsiExec.exe /I{DEA131FA-2D0E-5A74-00B3-8EA471BD5FC9}
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove Microsoft Money 2005 installer-->c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Money\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Remove Quicken New User Edition installer-->c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Quicken_NUE\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Slyder from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\600C800C-5985-4E74-AFE7-571001AC3FA4\Uninstall.exe"
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{DB5F474C-B584-417F-810B-DEBBC1893C2A}
The Print Shop 22-->MsiExec.exe /I{E34351A4-4B10-4DFF-96BC-84C642D9C625}
Tradewinds from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B3FF79F4-CDA8-4845-A7C0-9CE017719F36\Uninstall.exe"
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Updates from HP-->C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 309731
Verizon Media Manager-->MsiExec.exe /I{4CE0F4F9-2678-4D04-ADF2-3F52AF0EDD00}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB888316-->C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB895678-->C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
======Security center information======
AV: Avira AntiVir PersonalEdition
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0404
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
Post by: guestolo on December 09, 2008, 01:13:24 AM
I suggest that you copy/paste these instructions to Notepad or Print them
First, download a fresh copy of Firefox and save it to desktop from here
http://www.mozilla.com/en-US/firefox/ (http://\"http://www.mozilla.com/en-US/firefox/\")
Export a copy of your bookmarks in Firefox
In Firefox, click on Bookmarks>>Organize Bookmarks>>Import and Backup>>Export as HTML
Save a copy to your desktop
If you would like to remember saved passwords
In Firefox, click on Tools>>Options>>Security>>Saved password>>show passwords
Take a screenshot of the screen
Alt+Prnt Scrn buttons
Woops, forgot to mention, open MSPaint from Start>>All Programs>>Accesories>>Paint
Click on EDIT>>PASTE
Save a copy to desktop
download [color=\"#FF0000\"]ATF Cleaner[/color] (http://\"http://www.atribune.org/ccount/click.php?id=1\")[/url] by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Close Firefox
Access your Add and Remove Programs and uninstall your copy of Firefox
Don't install yet,
But find and delete these folders
C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox <-this folder
and
C:\Program Files\Mozilla Firefox <-this folder
Reinstall Firefox and let me know how things are running
Post by: Andy k on December 09, 2008, 01:46:11 AM
I restarted to see if anything would come back and I dont see any issues.
except Start Up took longer than it was yesterday
My Wallpaper was gone ( I'm guessing because I never actually saved the pic from the internet just clicked the " set as desktop background" )
I got a notification that said my computer might be at risk because Avira was OFF and the umbrella Icon is in the closed position
Oh man, I gotta go back into about:config and speed Firefox way back up again
Post by: guestolo on December 09, 2008, 01:51:09 AM
Is Avira's working properly, Umbrella open?
For my benefit>>ThreatFire is not an AV, I was thinking of PC Tools AV from the same Col
Hold onto Avira if you have already uninstalled Threatfire
After running ATF-Cleaner and cleaning the Prefetch folder
It's expected a delay in startup, not to worry, startup will speed up as the Prefetch folder is repopulated
Try rebooting again, see if things are a little speedier
Everything else good?
Post by: Andy k on December 09, 2008, 02:02:39 AM
But the umbrella is still "closed"
I'll reboot in a second, and yeah everything seems to be really good
Post by: guestolo on December 09, 2008, 02:04:25 AM
But should eventually open
Post by: Andy k on December 09, 2008, 02:07:30 AM
I use a program for aesthetic purposes called Object Dock ( stardock) and I just hide the desktop icons. after going through all of this, if I uncheck "show desktop icons" it removes the desktops wallpaper and only leaves a solid colored screen. any idea whats up with that?
Post by: guestolo on December 09, 2008, 02:11:42 AM
You'll have to check within the program
Or Display properties in Control Panel to change desktop background
I would have to install it to know how it exactly works
Post by: Andy k on December 09, 2008, 02:18:04 AM
Start-up took like 30 seconds WOW
Umbrella is OPEN
Still no YOOG YAY
I have ObjectDock on all of my computers and that's never been an effect of it. this is the first time its happened. It seems to be more a result of desktop settings, but its the very least of my concerns.
Muchos Gracias!!!!
ps. If you aren't sick of me yet, I have a desktop that an old roomate took down ( installed something in safe mode while I was celebrating the end of the semester) and we got it kind of fixed but never quite worked up to par again. I may see what we can do with that in the future
Post by: guestolo on December 09, 2008, 02:26:25 AM
You can set it to run a scheduled scan once a week
I would hold onto Malwarebytes Anti-malware and update and run a quick scan occassionally
Delete RSIT.exe on desktop and it's folder
C:\rsit
Go to START>>RUN>>copy and paste the following then click OK
ComboFix /u
This will uninstall ComboFix and it's components
I suggest that you add SpywareBlaster to your protection software
SpywareBlaster by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
- *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates
After updating, select "Protection Status" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
or again, click on Protection Startus>>enable all protection
Take a look at miekiemoes site with other ideas on How to prevent Malware: (http://\"http://users.telenet.be/bluepatchy/miekiemoes/prevention.html\")
Again, I'm not familiar with Object dock
Is there a way of setting everything back to defaults?
EDIT:
Quote
ps. If you aren't sick of me yet, I have a desktop that an old roomate took down ( installed something in safe mode while I was celebrating the end of the semester) and we got it kind of fixed but never quite worked up to par again. I may see what we can do with that in the futureI thought you were sick of me
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' /> Start a new topic with the other computer when your ready
Post by: Andy k on December 09, 2008, 02:37:28 AM
Post by: guestolo on December 09, 2008, 02:47:17 AM
If not, I can install it on my test box and fiddle around with it, see if we can find the problem
Post by: Andy k on December 10, 2008, 06:36:15 PM
One last thing I would like to do for my parents computer is set a back-up date now that the computer seems to be running better than new!
Post by: guestolo on December 11, 2008, 01:08:26 PM
Quote
One last thing I would like to do for my parents computer is set a back-up date now that the computer seems to be running better than new!
If your talking about making a System Restore date
Simply go to START>>All Programs>>Accessories>>System Tools>>System Restore
Select the radio button to "Create a Restore Point" and then click NEXT
Give it a name, Any name will do under "Restore Point Description"
Then click CREATE
You'll be prompted when it's successful
Then exit out of there