Messages

1

Tech Clinic / something malicious

« on: October 15, 2008, 11:45:46 AM »

sorry, I'm expecting you to read my mind.
I used to have an old version of Mcafee that we were unable to uninstall way back when, but when I just went to look for it it seems that the Avira took care of things. very nice. so disregard the AV issue.

other issues, I cannot access outlook express since the move, may or may not have to do with moving.
I still cannot get into Email Removed, it loads all the way till I try to open a message then won't open anything.
here's your logfile


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:14 AM, on 10/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.arcadetown.com/swf/hamsterball/...tgameloader.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {11A02365-2859-4598-A9D5-4FDE99D67723} (PQIEBrowserConnector Class) - http://www.pqprintcenter.com/plugin/axvers...ntquick1611.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 10987 bytes

2

Tech Clinic / something malicious

« on: October 05, 2008, 12:49:45 PM »

sorry for the long delay, we've been moving.
this fix has worked nicely for the IE issue.
Still concerned about lurking nasties. Can you recommend a fairly fast way to back-up everything and go ahead with a wipe. I still have the malfunctioning virus protection that I cannot seem to get rid of or replace with another AV.
thanks again, as always you're the best.

3

Tech Clinic / something malicious

« on: September 12, 2008, 05:13:47 PM »

everything seems to work fine on Safari, can't access modzilla

4

Tech Clinic / something malicious

« on: September 07, 2008, 03:52:25 PM »

do pictures just not work in Internet Explorer?

Does everything appear ok in both Mozilla Firefox and/or Safari Web browsers?
You have both installed

don't know, I only use IE, don't want the other browsers, they mysteriously appeared.
still no improvement but it's no worse either.

5

Tech Clinic / something malicious

« on: September 04, 2008, 02:57:46 AM »

no detectable changes yet, however sometimes when I open a webpage it's set to work offline, this just happens
webpages still won't display pictures and still can't get into Email Removed messages.

C:\WINDOWS\data7933~.sys moved successfully.
C:\WINDOWS\data7933.sys moved successfully.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09042008_011815

6

Tech Clinic / something malicious

« on: September 03, 2008, 01:03:04 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:15 AM, on 9/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm027YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.arcadetown.com/swf/hamsterball/...tgameloader.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {11A02365-2859-4598-A9D5-4FDE99D67723} (PQIEBrowserConnector Class) - http://www.pqprintcenter.com/plugin/axvers...ntquick1611.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 11009 bytes


ComboFix 08-09-01.01 - Heather 2008-09-01 22:12:44.7 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.197 [GMT -7:00]
Running from: C:\Documents and Settings\Heather\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Heather\Desktop\CFScript.txt
 * Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\0xf9.exe
C:\msavsc.dll
C:\msctrl.dll
C:\msfw.dll
C:\msiemon.dll
C:\mssadv.dll
C:\msscan.dll
C:\WINDOWS\wscmgr.exe
G:\MSOCache\doWTP_RESTORE_0.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\0xf9.exe
C:\Documents and Settings\Heather\Application Data\macromedia\Flash Player\#SharedObjects\HK4ZCHFW\bin.clearspring.com
C:\Documents and Settings\Heather\Application Data\macromedia\Flash Player\#SharedObjects\HK4ZCHFW\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Heather\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Heather\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Heather\Cookies\[email protected][1].txt
C:\msavsc.dll
C:\msctrl.dll
C:\msfw.dll
C:\msiemon.dll
C:\mssadv.dll
C:\msscan.dll
C:\WINDOWS\wscmgr.exe

.
(((((((((((((((((((((((((   Files Created from 2008-08-02 to 2008-09-02  )))))))))))))))))))))))))))))))
.

2008-08-31 00:30 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-08-31 00:22 . 2008-08-31 00:22   0   --a------   C:\WINDOWS\SYSTEM32\REN85.tmp
2008-08-31 00:22 . 2008-08-31 00:22   0   --a------   C:\WINDOWS\SYSTEM32\REN84.tmp
2008-08-20 09:58 . 2002-08-29 03:00   13,463,552   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-08-18 21:41 . 2008-08-31 00:27   605   --a------   C:\WINDOWS\data7933~.sys
2008-08-18 21:41 . 2008-08-31 00:27   605   --a------   C:\WINDOWS\data7933.sys
2008-08-18 13:59 . 2008-08-18 14:24   <DIR>   d--------   C:\WINDOWS\SYSTEM32\CatRoot_bak
2008-08-04 00:34 . 2008-08-04 00:34   <DIR>   d--------   C:\Program Files\Bonjour
2008-08-04 00:23 . 2008-08-04 00:23   <DIR>   d--------   C:\Program Files\Safari

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 04:28   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-01 15:23   24   ----a-w   C:\Documents and Settings\Heather\jagex_runescape_preferences.dat
2008-08-31 07:30   ---------   d-----w   C:\Program Files\Java
2008-08-19 14:38   ---------   d-----w   C:\Documents and Settings\Heather\Application Data\U3
2008-08-18 06:49   ---------   d-----w   C:\Documents and Settings\Heather\Application Data\Apple Computer
2008-08-04 07:37   ---------   d-----w   C:\Program Files\iTunes
2008-08-04 07:36   ---------   d-----w   C:\Program Files\iPod
2008-08-04 07:33   ---------   d-----w   C:\Program Files\QuickTime
2008-07-30 16:53   ---------   d-----w   C:\Program Files\Google
2008-07-27 22:09   ---------   d-----w   C:\Program Files\FastCrawl_at
2008-07-27 21:55   ---------   d-----w   C:\Documents and Settings\Heather\Application Data\GetRightToGo
2008-07-27 21:45   ---------   d-----w   C:\Program Files\EmpiresandDungeons_at
2008-07-27 21:44   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-26 21:12   ---------   d-----w   C:\Program Files\Feudalism_at
2008-07-21 18:29   ---------   d-----w   C:\Program Files\Apple Software Update
2008-07-19 05:10   94,920   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2008-07-19 05:10   94,920   ----a-w   C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-19 05:10   53,448   ----a-w   C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-19 05:10   53,448   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2008-07-19 05:10   45,768   ----a-w   C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-19 05:10   36,552   ----a-w   C:\WINDOWS\SYSTEM32\wups.dll
2008-07-19 05:10   36,552   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2008-07-19 05:09   563,912   ----a-w   C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-19 05:09   563,912   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2008-07-19 05:09   325,832   ----a-w   C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-19 05:09   325,832   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2008-07-19 05:09   205,000   ----a-w   C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-19 05:09   205,000   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2008-07-19 05:09   1,811,656   ----a-w   C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-19 05:09   1,811,656   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2008-07-19 05:07   270,880   ----a-w   C:\WINDOWS\SYSTEM32\mucltui.dll
2008-07-19 05:07   210,976   ----a-w   C:\WINDOWS\SYSTEM32\muweb.dll
2008-07-07 20:32   253,952   ----a-w   C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:32   253,952   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-07-07 18:51   ---------   d-----w   C:\Program Files\Windows Live
2008-07-07 18:48   ---------   dcsh--w   C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-07 18:47   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-24 17:57   3,592,192   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-06-24 16:23   74,240   ----a-w   C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:23   74,240   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2008-06-23 09:20   70,656   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-06-23 09:20   625,664   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-06-23 09:20   13,824   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-06-21 05:23   161,792   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-06-20 17:41   245,248   ----a-w   C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41   245,248   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41   148,992   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45   360,320   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44   138,368   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52   225,920   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-13 13:10   272,128   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2007-11-10 07:20   64,504   ----a-w   C:\Documents and Settings\Heather\Application Data\GDIPFONTCACHEV1.DAT
2007-02-20 19:51   439,296   ----a-w   C:\Documents and Settings\Heather\GoToAssist_phone__317_en.exe
2007-02-18 04:07   8   ----a-w   C:\Documents and Settings\Heather\Application Data\usb.dat.bin
.

(((((((((((((((((((((((((((((   snapshot@2008-08-24_13.25.18.39   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-02-22 08:23:35   135,168   ----a-w   C:\WINDOWS\SYSTEM32\java.exe
+ 2008-06-10 08:21:01   135,168   ----a-w   C:\WINDOWS\SYSTEM32\java.exe
- 2008-02-22 08:23:39   135,168   ----a-w   C:\WINDOWS\SYSTEM32\javaw.exe
+ 2008-06-10 08:21:04   135,168   ----a-w   C:\WINDOWS\SYSTEM32\javaw.exe
- 2008-02-22 09:33:32   139,264   ----a-w   C:\WINDOWS\SYSTEM32\javaws.exe
+ 2008-06-10 09:32:34   139,264   ----a-w   C:\WINDOWS\SYSTEM32\javaws.exe
+ 2008-07-19 05:10:20   36,552   ----a-w   C:\WINDOWS\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-19 05:10:40   45,768   ----a-w   C:\WINDOWS\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 15:24 68856]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 18:12 221184]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36 81920]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 14:37 936960]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 22:31 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2002-08-29 03:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 03:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 03:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 03:00 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-11 07:10:51 124400]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
LaunchU3.exe.lnk - C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2007-10-27 23:47:42 1078]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Sony Pictures Games\\Wheel of Fortune\\Wheel of Fortune.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Rhapsody\\rhapsody.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-12-17 10:50]
S3 VisorUsb;Handspring USB;C:\WINDOWS\system32\DRIVERS\VisorUsb.sys [2001-11-12 17:07]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-01 22:18:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-01 22:22:26
ComboFix-quarantined-files.txt  2008-09-02 05:22:18
ComboFix2.txt  2008-08-24 20:25:45
ComboFix3.txt  2007-09-30 06:47:16

Pre-Run: 45,456,035,840 bytes free
Post-Run: 45,556,490,240 bytes free

182   --- E O F ---   2008-08-13 10:06:54


Avira AntiVir Personal
Report file date: Tuesday, September 02, 2008  19:50

Scanning for 1594576 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Boot mode:        Normally booted
Username:         SYSTEM
Computer name:    NEWMAN

Version information:
BUILD.DAT     : 8.1.0.331      16934 Bytes   8/12/2008 11:46:00
AVSCAN.EXE    : 8.1.4.7       315649 Bytes   6/26/2008 17:57:53
AVSCAN.DLL    : 8.1.4.0        40705 Bytes   5/26/2008 16:56:40
LUKE.DLL      : 8.1.4.5       164097 Bytes   6/12/2008 21:44:19
LUKERES.DLL   : 8.1.4.0        12033 Bytes   5/26/2008 16:58:52
ANTIVIR0.VDF  : 6.40.0.0    11030528 Bytes   7/18/2007 19:33:34
ANTIVIR1.VDF  : 7.0.5.1      8182784 Bytes   6/24/2008 22:54:15
ANTIVIR2.VDF  : 7.0.6.94     2998784 Bytes   8/31/2008 02:47:37
ANTIVIR3.VDF  : 7.0.6.106     129024 Bytes    9/2/2008 02:47:38
Engineversion : 8.1.1.23  
AEVDF.DLL     : 8.1.0.5       102772 Bytes   2/25/2008 18:58:21
AESCRIPT.DLL  : 8.1.0.68      315770 Bytes    9/3/2008 02:47:44
AESCN.DLL     : 8.1.0.23      119156 Bytes   7/10/2008 21:44:49
AERDL.DLL     : 8.1.0.20      418165 Bytes   4/24/2008 21:37:48
AEPACK.DLL    : 8.1.2.1       364917 Bytes   7/15/2008 21:58:35
AEOFFICE.DLL  : 8.1.0.22      192890 Bytes    9/3/2008 02:47:43
AEHEUR.DLL    : 8.1.0.50     1388918 Bytes    9/3/2008 02:47:42
AEHELP.DLL    : 8.1.0.15      115063 Bytes   7/10/2008 21:44:48
AEGEN.DLL     : 8.1.0.36      315764 Bytes    9/3/2008 02:47:40
AEEMU.DLL     : 8.1.0.7       430452 Bytes   7/31/2008 17:33:21
AECORE.DLL    : 8.1.1.8       172406 Bytes   7/31/2008 17:33:21
AEBB.DLL      : 8.1.0.1        53617 Bytes   7/10/2008 21:44:48
AVWINLL.DLL   : 1.0.0.12       15105 Bytes    7/9/2008 17:40:05
AVPREF.DLL    : 8.0.2.0        38657 Bytes   5/16/2008 18:28:01
AVREP.DLL     : 8.0.0.2        98344 Bytes    9/3/2008 02:47:38
AVREG.DLL     : 8.0.0.1        33537 Bytes    5/9/2008 20:26:40
AVARKT.DLL    : 1.0.0.23      307457 Bytes   2/12/2008 17:29:23
AVEVTLOG.DLL  : 8.0.0.16      119041 Bytes   6/12/2008 21:27:49
SQLITE3.DLL   : 3.3.17.1      339968 Bytes   1/23/2008 02:28:02
SMTPLIB.DLL   : 1.2.0.23       28929 Bytes   6/12/2008 21:49:40
NETNT.DLL     : 8.0.0.1         7937 Bytes   1/25/2008 21:05:10
RCIMAGE.DLL   : 8.0.0.51     2371841 Bytes   6/12/2008 22:48:07
RCTEXT.DLL    : 8.0.52.0       86273 Bytes   6/27/2008 22:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Tuesday, September 02, 2008  19:50

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'msn6.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'McciBrowser.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'LaunchU3.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'EM_EXEC.EXE' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'McciTrayApp.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'IntelMEM.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
50 processes with 50 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '71' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
    [WARNING]   The file could not be opened!
C:\pagefile.sys
    [WARNING]   The file could not be opened!
C:\Program Files\EarthLink TotalAccess\Accelerator\temp\codescache\cf\27cf
    [DETECTION] Contains recognition pattern of the JS/StartPage.C Java script virus
    [NOTE]      The file was moved to '48f50204.qua'!
C:\Program Files\EarthLink TotalAccess\Accelerator\temp\codescache\d1\fad1
    [DETECTION] Contains HEUR/HTML.Malware suspicious code
    [NOTE]      The detection was classified as suspicious.
    [NOTE]      The file was moved to '491f0240.qua'!
C:\QooBox\Quarantine\C\0xf9.exe.vir
    [DETECTION] Is the TR/Dldr.VB.gob Trojan
    [NOTE]      The file was moved to '4924066e.qua'!
C:\QooBox\Quarantine\C\msavsc.dll.vir
    [DETECTION] Is the TR/Agent.vgo Trojan
    [NOTE]      The file was moved to '491f066c.qua'!
C:\QooBox\Quarantine\C\msctrl.dll.vir
    [DETECTION] Is the TR/Agent.vgo Trojan
    [NOTE]      The file was moved to '4921066e.qua'!
C:\QooBox\Quarantine\C\msfw.dll.vir
    [DETECTION] Is the TR/Agent.vgo Trojan
    [NOTE]      The file was moved to '49240670.qua'!
C:\QooBox\Quarantine\C\msiemon.dll.vir
    [DETECTION] Is the TR/Agent.vgo Trojan
    [NOTE]      The file was moved to '49270672.qua'!
C:\QooBox\Quarantine\C\mssadv.dll.vir
    [DETECTION] Is the TR/Crypt.FKM.Gen Trojan
    [NOTE]      The file was moved to '49310674.qua'!
C:\QooBox\Quarantine\C\msscan.dll.vir
    [DETECTION] Is the TR/Agent.vgo Trojan
    [NOTE]      The file was moved to '49310675.qua'!
C:\QooBox\Quarantine\C\Program Files\Microsoft Security Adviser\msavsc.exe.vir
    [DETECTION] Is the TR/Agent.vgo Trojan
    [NOTE]      The file was moved to '491f067a.qua'!
C:\QooBox\Quarantine\C\Program Files\Microsoft Security Adviser\msctrl.exe.vir
    [DETECTION] Is the TR/Agent.vgo Trojan
    [NOTE]      The file was moved to '4921067c.qua'!
C:\QooBox\Quarantine\C\Program Files\Microsoft Security Adviser\msfw.exe.vir
    [DETECTION] Is the TR/Agent.vgo Trojan
    [NOTE]      The file was moved to '4924067e.qua'!
C:\QooBox\Quarantine\C\Program Files\Microsoft Security Adviser\msiemon.exe.vir
    [DETECTION] Is the TR/Agent.vgo Trojan
    [NOTE]      The file was moved to '49270680.qua'!
C:\QooBox\Quarantine\C\Program Files\Microsoft Security Adviser\mssadv.exe.vir
    [DETECTION] Is the TR/Crypt.FKM.Gen Trojan
    [NOTE]      The file was moved to '49310682.qua'!
C:\QooBox\Quarantine\C\Program Files\Microsoft Security Adviser\mssadv_sp.exe.vir
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '49310684.qua'!
C:\QooBox\Quarantine\C\Program Files\Microsoft Security Adviser\msscan.exe.vir
    [DETECTION] Is the TR/Agent.vgo Trojan
    [NOTE]      The file was moved to '4931068c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\wscmgr.exe.vir
    [DETECTION] Is the TR/PSW.Delf.abx.2 Trojan
    [NOTE]      The file was moved to '4921068d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\CbEvtSvc.exe.vir
    [DETECTION] Is the TR/Dldr.Exchanger.AM Trojan
    [NOTE]      The file was moved to '4903067c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lphcvw5j0evag.exe.vir
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '4926068b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\phcvw5j0evag.bmp.vir
    [DETECTION] Is the TR/Fakealert.AAF Trojan
    [NOTE]      The file was moved to '49210683.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP19\A0002134.exe
    [DETECTION] Is the TR/Dldr.VB.gob Trojan
    [NOTE]      The file was moved to '48ee069c.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP19\A0002135.dll
    [DETECTION] Is the TR/Agent.vgo Trojan
    [NOTE]      The file was moved to '494ef875.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP19\A0002136.dll
    [DETECTION] Is the TR/Agent.vgo Trojan
    [NOTE]      The file was moved to '48ee069e.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP19\A0002137.dll
    [DETECTION] Is the TR/Agent.vgo Trojan
    [NOTE]      The file was moved to '494ef877.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP19\A0002138.dll
    [DETECTION] Is the TR/Agent.vgo Trojan
    [NOTE]      The file was moved to '48ee069d.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP19\A0002139.dll
    [DETECTION] Is the TR/Crypt.FKM.Gen Trojan
    [NOTE]      The file was moved to '494ef876.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP19\A0002140.dll
    [DETECTION] Is the TR/Agent.vgo Trojan
    [NOTE]      The file was moved to '48ee069f.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP19\A0002141.exe
    [DETECTION] Is the TR/PSW.Delf.abx.2 Trojan
    [NOTE]      The file was moved to '494ef848.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000137.exe
    [DETECTION] Is the TR/Agent.vgo Trojan
    [NOTE]      The file was moved to '48ee06ac.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000138.exe
    [DETECTION] Is the TR/Agent.vgo Trojan
    [NOTE]      The file was moved to '494ef845.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000139.exe
    [DETECTION] Is the TR/Agent.vgo Trojan
    [NOTE]      The file was moved to '48ee06ad.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000140.exe
    [DETECTION] Is the TR/Agent.vgo Trojan
    [NOTE]      The file was moved to '494ef846.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000141.exe
    [DETECTION] Is the TR/Crypt.FKM.Gen Trojan
    [NOTE]      The file was moved to '48ee06af.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000142.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '494ef858.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000143.exe
    [DETECTION] Is the TR/Agent.vgo Trojan
    [NOTE]      The file was moved to '48ee06ae.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000144.exe
    [DETECTION] Is the TR/Dldr.Exchanger.AM Trojan
    [NOTE]      The file was moved to '494ef847.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000146.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to '48ee06a0.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000207.dll
    [DETECTION] Is the TR/Crypt.FKM.Gen Trojan
    [NOTE]      The file was moved to '48ee06b1.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000208.dll
    [DETECTION] Is the TR/Agent.vgo Trojan
    [NOTE]      The file was moved to '494ef85a.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000209.dll
    [DETECTION] Is the TR/Agent.vgo Trojan
    [NOTE]      The file was moved to '48ee06b3.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000210.dll
    [DETECTION] Is the TR/Agent.vgo Trojan
    [NOTE]      The file was moved to '48ee06b2.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000211.dll
    [DETECTION] Is the TR/Agent.vgo Trojan
    [NOTE]      The file was moved to '494ef85b.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000212.dll
    [DETECTION] Is the TR/Agent.vgo Trojan
    [NOTE]      The file was moved to '48ee06b4.qua'!


End of the scan: Tuesday, September 02, 2008  20:54
Used time:  1:03:58 Hour(s)

The scan has been done completely.

  12179 Scanning directories
 317793 Files were scanned
     42 viruses and/or unwanted programs were found
      1 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
     43 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
 317748 Files not concerned
   4025 Archives were scanned
      2 Warnings
     43 Notes

7

Tech Clinic / something malicious

« on: September 01, 2008, 12:24:58 AM »

my son seems to have misplaced the flashdrive, may I proceed with the other instructions regardless until we find it or is success dependant on the flashdrive fix?
thank you, H

8

Tech Clinic / something malicious

« on: August 25, 2008, 01:09:28 PM »

Drive G is not showing up. it could be the external flash that my son was using, we had trouble getting it to end program several re-boots ago. it is not plugged in.

32 Bit HP CIO Components Installer
ABBYY FineReader 5.0 Sprint
Action Replay Code Manager
Adobe Acrobat 4.0
Adobe Flash Player ActiveX
Adobe Reader 8.1.1
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
Apple Mobile Device Support
Apple Software Update
Before You Know It 3.6
Bonjour
CCleaner (remove only)
CCScore
Championship Bass
Chuzzle Deluxe (remove only)
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
DA920EN
DD Tournament Poker 1.2
Dell AIO Printer A920
Dell Digital Jukebox Driver
Dell Media Experience
Dell ResourceCD
Dell Solution Center
Dell Support 5.0.0 (766)
DVDSentry
EA Network Play System
EA SPORTS online 2004
EarthLink Setup Files
EAX(tm) Unified (SHELL)
ebgcInfra
ebgcRes
ebgcSDK
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
EVEREST Home Edition v2.20
FaxTools
FinePixViewer Ver.4.0
FUJIFILM USB Driver
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
HLPPDOCK
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Imaging Device Functions 8.0
HP Officejet J3600 Series
HP Photosmart Cameras 7.0
HP Photosmart Premier Software 6.5
HP Software Update
HP Solution Center 8.0
ImageMixer VCD for FinePix
Indeo® software
In-Fisherman Freshwater Trophies
Insaniquarium Deluxe 1.1
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet
Internet Explorer Default Page
iPod for Windows 2005-09-23
iPod for Windows 2006-03-23
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java DB 10.2.2.0
Java(tm) 6 Update 2
Java(tm) 6 Update 5
Java(tm) SE Development Kit 6 Update 2
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Logitech Desktop Messenger
Logitech MouseWare 9.79.1
Logitech Resource Center
MAX DS Video Converter
Microangelo Toolset 6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Event Monitor
Modem Helper
Modem On Hold
MSN
MSN Music Assistant
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
Muppets - Bright2
MUSICMATCH® Jukebox
My Disney Kitchen
Mystery P.I. - The Vegas Heist 1.0.0.3
Napster for Windows Media Player
Notifier
OfotoXMI
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Secure Module 4.4.00
OTtBP
OTtBPSDK
Pokémon
PowerDVD
Pro Fishing 3D
ProModule: PowerPoint Support
ProModule: Quick Message
ProModule: SongSelect 3.0 Support
ProModule: SongSelect Lyrics Service Import
ProModule: Transitions 1
ProModule: Transitions 2
ProModule: Transitions 3
ProModule: Transitions 4
ProModule: Video Background
ProModule: Visualizations 1
ProModule: Visualizations 2
ProModule: Visualizations 3
ProModule: Visualizations 4
QuickTime
RAW FILE CONVERTER LE
RealArcade
RealPlayer
Rhapsody
Safari
Sansa Media Converter
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
SFR
SHASTA
Shockwave
SKIN0001
SKINXSDK
SmartMusic 10
SongShow Plus
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SonicStage 3.4
SpywareBlaster v3.5.1
SspSamples: Bible Atlas Images
SspSamples: Creative Interlude Sampler 2
SspSamples: Digital Hotcakes
SspSamples: Digital Juice Images
SspSamples: Digital Juice Jumpbacks
SspSamples: Whitmer Photography
SspSamples: WorshipFilms
SspSamples: WorshipScapes Images
SspSamples: WorshipScapes Videos
Starshine Episode 1
staticcr
Tiger Woods PGA TOUR 2004
U3Launcher
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
URGE
Verizon Online DSL
Verizon Online Help and Support
VPRINTOL
Wheel of Fortune (remove only)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 2
WinRAR archiver
WinZip
WinZip Self-Extractor
WIRELESS
WordPerfect Office 11
Yahoo! extras
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Photos Easy Upload Tool
Yahoo! Photos Print-at-Home Tool
Zuma Deluxe

9

Tech Clinic / something malicious

« on: August 24, 2008, 03:02:06 PM »

ComboFix 08-08-23.03 - Heather 2008-08-24 12:49:32.6 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.230 [GMT -7:00]
Running from: C:\Documents and Settings\Heather\Desktop\ComboFix.exe
 * Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\Heather\Application Data\FunWebProducts
C:\Documents and Settings\Heather\Application Data\FunWebProducts\Data\Heather\avatar.dat
C:\Documents and Settings\Heather\Application Data\macromedia\Flash Player\#SharedObjects\HK4ZCHFW\interclick.com
C:\Documents and Settings\Heather\Application Data\macromedia\Flash Player\#SharedObjects\HK4ZCHFW\interclick.com\ud.sol
C:\Documents and Settings\Heather\Application Data\macromedia\Flash Player\#SharedObjects\HK4ZCHFW\static.youku.com
C:\Documents and Settings\Heather\Application Data\macromedia\Flash Player\#SharedObjects\HK4ZCHFW\static.youku.com\v1.0.0236\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Heather\Application Data\macromedia\Flash Player\#SharedObjects\HK4ZCHFW\static.youku.com\v1.0.0288\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Heather\Application Data\macromedia\Flash Player\#SharedObjects\HK4ZCHFW\static.youku.com\v1.0.0307\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Heather\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Heather\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Heather\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\Documents and Settings\Heather\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
C:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
C:\Documents and Settings\Heather\Cookies\[email protected][1].txt
C:\Documents and Settings\Heather\Cookies\[email protected][1].txt
C:\Documents and Settings\Heather\Cookies\heather@bookingbuddy[2].txt
C:\Documents and Settings\Heather\Cookies\[email protected][1].txt
C:\Documents and Settings\Heather\Cookies\heather@revsci[2].txt
C:\Documents and Settings\Heather\Cookies\heather@spamblockerutility[2].txt
C:\Documents and Settings\Heather\Cookies\[email protected][1].txt
C:\Documents and Settings\Heather\Cookies\[email protected][2].txt
C:\Program Files\FunWebProducts
C:\Program Files\Microsoft Security Adviser
C:\Program Files\Microsoft Security Adviser\msavsc.exe
C:\Program Files\Microsoft Security Adviser\msctrl.exe
C:\Program Files\Microsoft Security Adviser\msctrl.log
C:\Program Files\Microsoft Security Adviser\msfw.exe
C:\Program Files\Microsoft Security Adviser\msiemon.exe
C:\Program Files\Microsoft Security Adviser\mssadv.exe
C:\Program Files\Microsoft Security Adviser\mssadv.log
C:\Program Files\Microsoft Security Adviser\mssadv_sp.exe
C:\Program Files\Microsoft Security Adviser\mssadv_sp.log
C:\Program Files\Microsoft Security Adviser\msscan.exe
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\rhcrw5j0evag
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\blphcvw5j0evag.scr
C:\WINDOWS\system32\CbEvtSvc.exe
C:\WINDOWS\system32\lphcvw5j0evag.exe
C:\WINDOWS\system32\phcvw5j0evag.bmp

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CBEVTSVC
-------\Service_CbEvtSvc


(((((((((((((((((((((((((   Files Created from 2008-07-24 to 2008-08-24  )))))))))))))))))))))))))))))))
.

2008-08-20 09:58 . 2002-08-29 03:00   13,463,552   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-08-18 21:41 . 2008-08-18 21:41   382,020   --a------   C:\WINDOWS\wscmgr.exe
2008-08-18 21:41 . 2008-08-24 13:14   605   --a------   C:\WINDOWS\data7933~.sys
2008-08-18 21:41 . 2008-08-24 13:14   605   --a------   C:\WINDOWS\data7933.sys
2008-08-18 13:59 . 2008-08-18 14:24   <DIR>   d--------   C:\WINDOWS\SYSTEM32\CatRoot_bak
2008-08-17 01:13 . 2008-08-18 22:24   46,080   --a------   C:\mssadv.dll
2008-08-17 01:13 . 2008-08-17 01:13   18,432   --a------   C:\0xf9.exe
2008-08-17 01:13 . 2008-08-18 22:24   11,264   --a------   C:\msscan.dll
2008-08-17 01:13 . 2008-08-18 22:24   11,264   --a------   C:\msiemon.dll
2008-08-17 01:13 . 2008-08-18 22:24   11,264   --a------   C:\msfw.dll
2008-08-17 01:13 . 2008-08-18 22:24   11,264   --a------   C:\msctrl.dll
2008-08-17 01:13 . 2008-08-18 22:24   11,264   --a------   C:\msavsc.dll
2008-08-04 00:34 . 2008-08-04 00:34   <DIR>   d--------   C:\Program Files\Bonjour
2008-08-04 00:23 . 2008-08-04 00:23   <DIR>   d--------   C:\Program Files\Safari
2008-07-27 21:30 . 2008-08-02 09:15   <DIR>   d--------   C:\WINDOWS\.jagex_cache_32
2008-07-27 21:30 . 2008-08-24 09:00   24   --a------   C:\Documents and Settings\Heather\jagex_runescape_preferences.dat
2008-07-27 14:59 . 2008-07-27 15:07   4   --a------   C:\WINDOWS\SYSTEM32\fc.trk
2008-07-27 14:58 . 2008-07-27 15:09   <DIR>   d--------   C:\Program Files\FastCrawl_at
2008-07-27 14:53 . 2008-07-27 14:55   <DIR>   d--------   C:\Documents and Settings\Heather\Application Data\GetRightToGo
2008-07-27 00:23 . 2008-07-27 14:45   <DIR>   d--------   C:\Program Files\EmpiresandDungeons_at

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 19:29   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-19 14:38   ---------   d-----w   C:\Documents and Settings\Heather\Application Data\U3
2008-08-18 06:49   ---------   d-----w   C:\Documents and Settings\Heather\Application Data\Apple Computer
2008-08-04 07:37   ---------   d-----w   C:\Program Files\iTunes
2008-08-04 07:36   ---------   d-----w   C:\Program Files\iPod
2008-08-04 07:33   ---------   d-----w   C:\Program Files\QuickTime
2008-07-30 16:53   ---------   d-----w   C:\Program Files\Google
2008-07-27 21:44   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-26 21:12   ---------   d-----w   C:\Program Files\Feudalism_at
2008-07-21 18:29   ---------   d-----w   C:\Program Files\Apple Software Update
2008-07-07 20:32   253,952   ----a-w   C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:32   253,952   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-07-07 18:51   ---------   d-----w   C:\Program Files\Windows Live
2008-07-07 18:48   ---------   dcsh--w   C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-07 18:47   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-24 17:57   3,592,192   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-06-24 16:23   74,240   ----a-w   C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:23   74,240   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2008-06-23 09:20   70,656   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-06-23 09:20   625,664   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-06-23 09:20   13,824   ------w   C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-06-21 05:23   161,792   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-06-20 17:41   245,248   ----a-w   C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41   245,248   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41   148,992   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45   360,320   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44   138,368   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52   225,920   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-13 13:10   272,128   ----a-w   C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2007-11-10 07:20   64,504   ----a-w   C:\Documents and Settings\Heather\Application Data\GDIPFONTCACHEV1.DAT
2007-02-20 19:51   439,296   ----a-w   C:\Documents and Settings\Heather\GoToAssist_phone__317_en.exe
2007-02-18 04:07   8   ----a-w   C:\Documents and Settings\Heather\Application Data\usb.dat.bin
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 15:24 68856]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 18:12 221184]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-17 00:24 180269]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 14:37 936960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"wscmgr"="C:\WINDOWS\wscmgr.exe" [2008-08-18 21:41 382020]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 22:31 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2002-08-29 03:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 03:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 03:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 03:00 455168]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-11 07:10:51 124400]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
LaunchU3.exe.lnk - C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2007-10-27 23:47:42 1078]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Sony Pictures Games\\Wheel of Fortune\\Wheel of Fortune.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Rhapsody\\rhapsody.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-12-17 10:50]
S3 VisorUsb;Handspring USB;C:\WINDOWS\system32\DRIVERS\VisorUsb.sys [2001-11-12 17:07]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{145135b2-6da9-11dd-b086-000cf1e5dee4}]
\Shell\Auto\command - G:\MSOCache\doWTP_RESTORE_0.exe -autorun
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE_0.exe -autorun
.
Contents of the 'Scheduled Tasks' folder

2008-08-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2004-04-17 C:\WINDOWS\Tasks\ISP signup reminder 1.job
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE [2004-08-04 00:56]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\o0wxqnqc.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-24 13:13:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-08-24 13:25:44 - machine was rebooted
ComboFix-quarantined-files.txt  2008-08-24 20:25:40
ComboFix2.txt  2007-09-30 06:47:16

Pre-Run: 42,123,296,768 bytes free
Post-Run: 43,493,605,376 bytes free

220   --- E O F ---   2008-08-13 10:06:54


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:39 PM, on 8/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\wscmgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [wscmgr] C:\WINDOWS\wscmgr.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm027YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.arcadetown.com/swf/hamsterball/...tgameloader.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {11A02365-2859-4598-A9D5-4FDE99D67723} (PQIEBrowserConnector Class) - http://www.pqprintcenter.com/plugin/axvers...ntquick1611.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 10905 bytes

10

Tech Clinic / something malicious

« on: August 22, 2008, 12:33:06 AM »

additional info that may be helpful...
I tried to do a system restore to an earlier date and am locked out, it will not let me choose anything other that today (whatever day it is)
and I can't go back to last month.
any pictures on the web seem to come up ok if I right click to show picture, mostly useless but it's info
hubby's hot mail opens but won't go to any choices on the page
I am totally willing (eager even) to wipe the whole drive and start over if you think that's best, I would like to rescue as much as pssible beforehand
possibly online? don't know the options, never did a wipe before.
thanks again, H

11

Tech Clinic / something malicious

« on: August 19, 2008, 11:49:49 PM »

Good evening. My teenage son was on last fri or sat and said that the screen went white, icons disappeared, homepage changed andjust all around things went wacky then a popup came offering a virus scan (YIKES) I had warned him about those before, guess he forgot. anyway things froze and he shut down. now there are many problems with all web pages, no pictures will come up, many links won't open. also somehow modzilla appeared but who knows what teenagers do and don't cop to. time to put the puter back on lockdown.
any help much appreciated.
H

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:49 PM, on 8/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\wscmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CbEvtSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Documents and Settings\Heather\Application Data\U3\0164630F62036E4A\LaunchPad.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [wscmgr] C:\WINDOWS\wscmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-431566318-4074410564-2899063045-1008.bak\..\Run: [Sonic RecordNow!]  (User '?')
O4 - HKUS\S-1-5-21-431566318-4074410564-2899063045-1008.bak\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet (User '?')
O4 - HKUS\S-1-5-21-431566318-4074410564-2899063045-1008.bak\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-431566318-4074410564-2899063045-1008.bak\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User '?')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm027YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.arcadetown.com/swf/hamsterball/...tgameloader.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {11A02365-2859-4598-A9D5-4FDE99D67723} (PQIEBrowserConnector Class) - http://www.pqprintcenter.com/plugin/axvers...ntquick1611.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CbEvtSvc - Unknown owner - C:\WINDOWS\System32\CbEvtSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 11444 bytes

12

Tech Clinic / Firewall issues

« on: October 03, 2007, 11:04:25 AM »

no changes other than the "intel®PROset resources are not available" alert has not shown up again.
there is no other user profile in regular mode. in safe mode there shows an administrator profile but I have never used it. I still cannot use keyboard in safe mode.
Kerio is still showing as running and inaccesable.

13

Tech Clinic / Firewall issues

« on: October 02, 2007, 07:53:22 PM »

regseeker seems to be stalling on me, it goes through a process and cleans the stuff it finds, then it has a pop up window that only says "ok" I tried clicking ok and also x-ing out of the box, either way the area that tells what is happening says startup clean but it dosen't do anything.
Kerio is still there and dow I get an error pop up every so often that says "intel®PROset   resources are not available"

what else do you have in that big bag of tricks of yours?

14

Tech Clinic / Firewall issues

« on: September 30, 2007, 02:03:58 AM »

ok, Java finally installed correctly (seemingly)
Rhapsody is still completely inaccessable, I was hoping that I didn't have to uninstall and loose the music I currently have in there
Kerio still shows up as running in windows security center. (die Kerio die!!!!)

other than that things seem pretty good, one little thing that bugs me is that the internet explorer icon will not load onto the start panel like everything else that I access regularly does. quite bothersome as that is where I like to load from (habit)

how do things look from your perspective?

15

Tech Clinic / Firewall issues

« on: September 30, 2007, 01:50:23 AM »

here's the report.
I'll follow with a post about how things are running
thanks, Heather



ComboFix 07-09-21.2 - "Heather" 2007-09-29 23:38:08.5 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.256 [GMT -7:00]
 * Created a new restore point

FILE::
c:\windows\system32\drivers\ssi.sys
c:\windows\system32\drivers\fwdrv.sys
c:\windows\system32\drivers\khips.sys
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Heather\Application Data\WeatherBug
C:\Documents and Settings\Heather\Application Data\WeatherBug\102x96_HurricaneCommandCenterWithFlag.jpg
C:\Documents and Settings\Heather\Application Data\WeatherBug\102x96_VZW.jpg
C:\Documents and Settings\Heather\Application Data\WeatherBug\102x96Verizon.jpg
C:\Documents and Settings\Heather\Application Data\WeatherBug\60_Generic2007_Summe_0807r.jpg
C:\Documents and Settings\Heather\Application Data\WeatherBug\60_Generic2007_Summer_Mask_0807.bmp
C:\Documents and Settings\Heather\Application Data\WeatherBug\Ebay_Apr07.jpg
C:\Documents and Settings\Heather\Application Data\WeatherBug\Ebay_Mask_Apr07.bmp
C:\Documents and Settings\Heather\Application Data\WeatherBug\nav_07182007.jpg
C:\Documents and Settings\Heather\Application Data\WeatherBug\topnav_Generic2007.jpg
C:\KAV
C:\KAV\KAV70\English\doc\kav7.0en.pdf
C:\KAV\KAV70\English\kav.en.msi
C:\KAV\KAV70\English\release_notes.html
C:\KAV\KAV70\English\setup.exe
C:\KAV\KAV70\English\setup.reg
C:\Program Files\AWS
C:\Program Files\AWS\WeatherBug\download.txt
C:\Program Files\AWS\WeatherBug\INSTALL.LOG
C:\Program Files\AWS\WeatherBug\Local\1px.gif
C:\Program Files\AWS\WeatherBug\Local\alert_failed.html
C:\Program Files\AWS\WeatherBug\Local\Background60.jpg
C:\Program Files\AWS\WeatherBug\Local\bot_default.html
C:\Program Files\AWS\WeatherBug\Local\bot_failed2.html
C:\Program Files\AWS\WeatherBug\Local\Bot_loading.gif
C:\Program Files\AWS\WeatherBug\Local\bot_loading.html
C:\Program Files\AWS\WeatherBug\Local\center_failed.html
C:\Program Files\AWS\WeatherBug\Local\center_loading.html
C:\Program Files\AWS\WeatherBug\Local\def_bot.gif
C:\Program Files\AWS\WeatherBug\Local\LeftNavbar60.JPG
C:\Program Files\AWS\WeatherBug\Local\MiniReg.jpg
C:\Program Files\AWS\WeatherBug\Local\skinmask60.bmp
C:\Program Files\AWS\WeatherBug\Local\TopNavbar60.JPG
C:\Program Files\AWS\WeatherBug\Local\vssver.scc
C:\Program Files\AWS\WeatherBug\Local\WBug_Loading.gif
C:\Program Files\AWS\WeatherBug\Local\weather_window_loading.gif
C:\Program Files\AWS\WeatherBug\Local\WxBug.gif
C:\Program Files\AWS\WeatherBug\Local\wxbuglogo_hor.gif
C:\Program Files\AWS\WeatherBug\Local\WxWindow_failed.html
C:\Program Files\AWS\WeatherBug\Local\WxWindow_loading.html
C:\Program Files\AWS\WeatherBug\Local\WxWindow_noconnection.gif
C:\Program Files\Error Expert
C:\Program Files\Error Expert\Backup\Automatic Backup_09-13-2007_21-54-48.reg
c:\program files\ewido anti-malware
c:\program files\ewido anti-malware\danish.mo
c:\program files\ewido anti-malware\hungarian.mo
c:\program files\ewido anti-malware\s.dat
c:\program files\ewido anti-malware\serbian.mo
c:\program files\ewido anti-malware\t.dat
C:\Program Files\MyWebSearchWB
C:\Program Files\MyWebSearchWB\bar\1.bin\W6FFXTBR.JAR
C:\Program Files\MyWebSearchWB\bar\1.bin\W6NTSTBR.JAR
C:\Program Files\MyWebSearchWB\bar\Cache0034E31.bin
C:\Program Files\MyWebSearchWB\bar\Cache02069BA.bin
C:\Program Files\MyWebSearchWB\bar\Cache3060E43
C:\Program Files\MyWebSearchWB\bar\Cache3061122
C:\Program Files\MyWebSearchWB\bar\Cache306146D.bin
C:\Program Files\MyWebSearchWB\bar\Cache3061681.bin
C:\Program Files\MyWebSearchWB\bar\Cache3062863.bin
C:\Program Files\MyWebSearchWB\bar\Cache321ABE7.bin
C:\Program Files\MyWebSearchWB\bar\Cache4E5449B.bin
C:\Program Files\MyWebSearchWB\bar\Cache8178CD5.bin
C:\Program Files\MyWebSearchWB\bar\History\search
C:\Program Files\MyWebSearchWB\bar\Settings\prevcfg.htm
C:\Rustbfix
C:\Rustbfix\1run.bat
C:\Rustbfix\2run.bat
C:\Rustbfix\avenger.exe
C:\Rustbfix\chkrustb.bat
C:\Rustbfix\LS.exe
C:\Rustbfix\pelog.txt
C:\Rustbfix\SF.exe
C:\Rustbfix\streamtools.zip
C:\Rustbfix\swreg.exe
C:\Rustbfix\tmp1.txt

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_EWIDO_SECURITY_SUITE_CONTROL
-------\LEGACY_FWDRV
-------\LEGACY_KHIPS
-------\LEGACY_SSI
-------\ewido security suite control
-------\fwdrv
-------\khips
-------\SSI


(((((((((((((((((((((((((   Files Created from 2007-08-28 to 2007-09-30  )))))))))))))))))))))))))))))))
.

2007-09-29 14:07   <DIR>   d--------   C:\Deckard
2007-09-28 23:49   <DIR>   d--------   C:\Program Files\Windows Installer Clean Up
2007-09-28 23:49   <DIR>   d--------   C:\Program Files\MSECACHE
2007-09-26 23:55   <DIR>   d--------   C:\DOCUME~1\Heather\APPLIC~1\Move Networks
2007-09-20 22:25   <DIR>   d--------   C:\Program Files\Windows Media Connect 2
2007-09-20 22:24   <DIR>   d--------   C:\WINDOWS\SYSTEM32\LogFiles
2007-09-20 22:24   <DIR>   d--------   C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-09-14 00:31   <DIR>   d--------   C:\Program Files\Trend Micro
2007-09-13 23:32   76,560   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-09-13 22:34   <DIR>   d--------   C:\DOCUME~1\Heather\.housecall6.6

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-23 22:05   ---------   d--------   C:\Program Files\Common Files\Sonic Shared
2007-09-13 19:33   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-09-13 19:22   ---------   d--------   C:\Program Files\Rhapsody
2007-09-13 18:49   ---------   d--------   C:\Program Files\Real
2007-09-13 18:47   ---------   d--------   C:\DOCUME~1\Heather\APPLIC~1\Real
2007-09-08 23:59   ---------   d--------   C:\DOCUME~1\Heather\APPLIC~1\U3
2007-08-16 00:10   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
2007-08-13 15:18   ---------   d--------   C:\DOCUME~1\Heather\APPLIC~1\Ahead
2007-08-13 15:07   ---------   d--------   C:\Program Files\Common Files\LightScribe
2007-08-13 15:00   ---------   d--------   C:\Program Files\Common Files\Ahead
2007-08-13 14:57   ---------   d--------   C:\Program Files\Nero
2007-08-13 14:57   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-08-12 06:57   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
2007-08-12 06:56   ---------   d--------   C:\Program Files\Verizon
2007-02-20 12:51   439296   --a------   C:\DOCUME~1\Heather\GoToAssist_phone__317_en.exe
2007-02-17 21:07   8   --a------   C:\DOCUME~1\Heather\APPLIC~1\usb.dat.bin
2006-02-19 04:28   12288   --a------   C:\WINDOWS\Fonts\RandFont.dll
.

(((((((((((((((((((((((((((((   snapshot_2007-09-21_230848.79   )))))))))))))))))))))))))))))))))))))))))
.
-c----w           414,208 2006-10-19 04:47:16  C:\WINDOWS\$NtUninstallKB929399$\msscp.dll
-c----w           213,216 2005-06-28 17:23:26  C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe
-c----w           371,424 2005-06-28 17:23:54  C:\WINDOWS\$NtUninstallKB929399$\spuninst\updspapi.dll
-c----w        10,834,432 2006-10-19 04:47:20  C:\WINDOWS\$NtUninstallKB936782_WMP11$\wmp.dll
-c----w           213,216 2005-06-28 17:23:26  C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe
-c----w           371,424 2005-06-28 17:23:54  C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\updspapi.dll
-c----w           315,904 2006-11-02 01:31:34  C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe
-c----w           213,216 2005-06-28 17:23:26  C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe
-c----w           371,424 2005-06-28 17:23:54  C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi.dll
----a-w           317,440 2007-06-27 05:10:26  C:\WINDOWS\INF\unregmp2.exe
----a-w           414,720 2006-12-04 23:21:50  C:\WINDOWS\SYSTEM32\msscp.dll
----a-w        10,834,944 2007-06-12 06:51:12  C:\WINDOWS\SYSTEM32\wmp.dll
----a-w           414,720 2006-12-04 23:21:50  C:\WINDOWS\SYSTEM32\DLLCACHE\msscp.dll
----a-w           317,440 2007-06-27 05:10:26  C:\WINDOWS\SYSTEM32\DLLCACHE\unregmp2.exe
----a-w        10,834,944 2007-06-12 06:51:12  C:\WINDOWS\SYSTEM32\DLLCACHE\wmp.dll
.
----a-w           315,904 2006-11-02 01:31:34  C:\WINDOWS\INF\unregmp2.exe
----a-w           414,208 2006-10-19 04:47:16  C:\WINDOWS\SYSTEM32\msscp.dll
----a-w        10,834,432 2006-10-19 04:47:20  C:\WINDOWS\SYSTEM32\wmp.dll
----a-w           414,208 2006-10-19 04:47:16  C:\WINDOWS\SYSTEM32\DLLCACHE\msscp.dll
----a-w           315,904 2006-11-02 01:31:34  C:\WINDOWS\SYSTEM32\DLLCACHE\unregmp2.exe
----a-w        10,834,432 2006-10-19 04:47:20  C:\WINDOWS\SYSTEM32\DLLCACHE\wmp.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 18:12]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 10:50 C:\WINDOWS\LOGI_MWX.EXE]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-17 00:24]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 14:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 15:24]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
DESKTOP.INI [2002-09-03 07:00:00]

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]

C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]

C:\DOCUME~1\Heather\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]

C:\DOCUME~1\Tim\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)

S3 VisorUsb;Handspring USB;C:\WINDOWS\system32\DRIVERS\VisorUsb.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{409de366-aeb2-11db-b001-000cf1e5dee4}]
AutoRun\command- G:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-09-27 00:13:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2004-04-17 03:57:12 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
"2007-01-02 03:58:06 C:\WINDOWS\Tasks\WebReg .job"
- C:\Program Files\HP\digital imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-29 23:45:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-29 23:47:15 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-29 23:47
C:\ComboFix2.txt ... 2007-09-24 01:51
C:\ComboFix3.txt ... 2007-09-21 23:09
.
   --- E O F ---

16

Tech Clinic / Firewall issues

« on: September 29, 2007, 04:15:45 PM »

ok, here are the log's
the security center is still showing Kerio as running
should I try to complete the java installation?
thanks, Heather


Deckard's System Scanner v20070905.67
Run by Heather on 2007-09-29 14:08:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
102: 2007-09-29 21:08:16 UTC - RP532 - Deckard's System Scanner Restore Point
101: 2007-09-29 06:49:47 UTC - RP531 - Installed Windows Installer Clean Up
100: 2007-09-29 01:18:48 UTC - RP530 - System Checkpoint
99: 2007-09-28 01:05:55 UTC - RP529 - System Checkpoint
98: 2007-09-27 00:46:51 UTC - RP528 - System Checkpoint


-- First Restore Point --
1: 2007-07-02 03:46:58 UTC - RP431 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

[color=\"red\"]Total Physical Memory: 510 MiB (512 MiB recommended).[/color]


-- HijackThis (run as Heather.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:10:01 PM, on 9/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Heather\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Heather.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 7030 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070923-150803-593 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
backup-20070923-150803-813 O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
backup-20070923-150803-959 O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 agp440 (Intel AGP Bus Filter) - c:\windows\\systemroot\system32\drivers\agp440.sys (file missing)
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>

S0 SSI - c:\windows\system32\drivers\ssi.sys (file missing)
S1 fwdrv (Firewall Driver) - c:\windows\system32\drivers\fwdrv.sys (file missing)
S1 khips (Kerio HIPS Driver) - c:\windows\system32\drivers\khips.sys (file missing)
S3 catchme - c:\docume~1\heather\locals~1\temp\catchme.sys (file missing)
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 SQTECH905C (DualCamera) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
S3 VisorUsb (Handspring USB) - c:\windows\system32\drivers\visorusb.sys <Not Verified; Handspring, Inc; Visor®>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S4 ewido security suite control - c:\program files\ewido anti-malware\ewidoctrl.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-09-26 17:13:00       284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-01-01 20:58:06       218 --a------ C:\WINDOWS\Tasks\WebReg .job
2004-04-16 20:57:12       258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job


-- Files created between 2007-08-29 and 2007-09-29 -----------------------------

2007-09-28 23:49:49         0 d-------- C:\Program Files\Windows Installer Clean Up
2007-09-28 23:49:30         0 d-------- C:\Program Files\MSECACHE
2007-09-26 23:55:02         0 d-------- C:\Documents and Settings\Heather\Application Data\Move Networks
2007-09-22 23:38:52         0 d-------- C:\Rustbfix
2007-09-21 15:37:22         0 dr-h----- C:\Documents and Settings\Heather\Recent
2007-09-20 22:25:54         0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-20 22:24:04         0 d-------- C:\WINDOWS\system32\LogFiles
2007-09-20 22:24:04         0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-14 00:31:34         0 d-------- C:\Program Files\Trend Micro
2007-09-13 22:34:30         0 d-------- C:\Documents and Settings\Heather\.housecall6.6
2007-09-13 21:49:53         0 d-------- C:\Program Files\Error Expert
2007-09-13 19:44:28         0 d-------- C:\KAV
2007-09-04 10:08:50         0 d-------- C:\Documents and Settings\Heather\Application Data\WeatherBug
2007-09-04 10:08:40         0 d-------- C:\Program Files\MyWebSearchWB
2007-09-04 10:08:34         0 d-------- C:\Program Files\AWS


-- Find3M Report ---------------------------------------------------------------

2007-09-23 22:05:57         0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-09-21 15:37:47         0 d-------- C:\Program Files\ewido anti-malware
2007-09-13 19:22:07         0 d-------- C:\Program Files\Rhapsody
2007-09-13 18:49:19         0 d-------- C:\Program Files\Real
2007-09-13 18:47:50         0 d-------- C:\Documents and Settings\Heather\Application Data\Real
2007-09-13 18:46:27         4 --a------ C:\WINDOWS\system32\D1EE9F
2007-09-08 23:59:52         0 d-------- C:\Documents and Settings\Heather\Application Data\U3
2007-08-25 14:11:36       664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-13 15:18:35         0 d-------- C:\Documents and Settings\Heather\Application Data\Ahead
2007-08-13 15:07:35         0 d-------- C:\Program Files\Common Files\LightScribe
2007-08-13 15:07:34         0 d-------- C:\Program Files\Common Files
2007-08-13 15:00:48         0 d-------- C:\Program Files\Common Files\Ahead
2007-08-13 14:57:51         0 d-------- C:\Program Files\Nero
2007-08-12 06:56:32         0 d-------- C:\Program Files\Verizon
2007-07-09 19:46:46       164 --a------ C:\install.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 06:12 PM]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 10:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 09:35 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 09:32 AM]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [01/07/2006 02:36 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/17/2006 12:24 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 03:41 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [03/11/2007 02:37 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/01/2007 03:24 PM]

C:\Documents and Settings\Heather\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 7:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
DESKTOP.INI [9/3/2002 7:00:00 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc   usnsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{409de366-aeb2-11db-b001-000cf1e5dee4}]
AutoRun\command- G:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2007-09-29 14:11:57 ------------




Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 509.98 MiB / 273.38 MiB
Pagefile Memory (total/avail): 1248.75 MiB / 1075.04 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1965.83 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.47 GiB total, 45.38 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800BB-75FRA0 - 74.5 GiB - 2 partitions
  \PARTITION0 - Unknown - 31.35 MiB
  \PARTITION1 (bootable) - Installable File System - 74.47 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: Sunbelt Kerio Personal Firewall v4.3.268 T (Sunbelt Kerio)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Heather\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NEWMAN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Heather
LOGONSERVER=\\NEWMAN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Heather\LOCALS~1\Temp
TMP=C:\DOCUME~1\Heather\LOCALS~1\Temp
USERDOMAIN=NEWMAN
USERNAME=Heather
USERPROFILE=C:\Documents and Settings\Heather
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Heather (admin)
Tim (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

 --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
 --> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
 --> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
 --> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
 --> Dummy
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Before You Know It 3.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A244658E-84E5-4F3B-87D3-5FB993BF6325}\Setup.exe" -l0x9
Bonjour --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D} /l1033
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Championship Bass --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EA SPORTS\Championship Bass\Uninst.isu"
Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
DA920EN --> MsiExec.exe /X{C1E5DF32-8248-4347-908C-E030EDAE4368}
DD Tournament Poker 1.2 --> "C:\Program Files\ddpoker\UninstallerData\Uninstall poker.exe"
Dell AIO Printer A920 --> C:\WINDOWS\System32\spool\drivers\w32x86\3\DLBKUN5C.EXE -dDell AIO Printer A920
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe"  -uninstall
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support 5.0.0 (766) --> rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
EA Network Play System --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\uninst.isu"
EA SPORTS online 2004 --> C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
EarthLink Setup Files --> MsiExec.exe /X{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}
EAX(tm) Unified (SHELL) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative Labs\EAX(tm) Unified (SHELL)\Uninst.isu"
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
EVEREST Home Edition v2.20 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
FaxTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
FinePixViewer Ver.4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9  -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
Hamsterball --> C:\PROGRA~1\YAHOO!~1\HAMSTE~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!~1\HAMSTE~1\INSTALL.LOG
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Cameras 7.0 --> C:\Program Files\HP\Digital Imaging\{3F556FFA-B0C6-404d-992B-05BB0B10849C}\setup\hpzscr01.exe -datfile hpiscr02.dat
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
ImageMixer VCD for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe"
In-Fisherman Freshwater Trophies --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64963FAF-E357-4B8E-BDB6-A02C9F6C2D4E}
Indeo® software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Uninst.isu" -c"C:\Program Files\Intel\Indeo\SavedSystemFiles\indounin.dll"
Intel® 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iPod for Windows 2005-09-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}
iPod for Windows 2006-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0010_198756\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.79.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech Resource Center --> C:\PROGRA~1\Logitech\RESOUR~1\rem\UNWISE.EXE C:\PROGRA~1\Logitech\RESOUR~1\rem\INSTALL.LOG
Macromedia Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Encarta Encyclopedia Standard 2004 --> MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Heather\Application Data\Move Networks\ie_bin\Uninst.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar1.02.3000.1001\en-us\mtbs.exe c
Muppets - Bright2 --> C:\WINDOWS\IsUninst.exe -fc:\MUPPETS\bright2\Uninst.isu
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~2\unmatch.exe
My Disney Kitchen --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\DISNEY~1\MYDISN~1\DeIsL1.isu
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OpenMG Limited Patch 4.4-06-13-19-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.4-06-13-19-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.4.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{CFB17307-B244-4EAD-AE8E-CDAF440477C2} UNINSTALL
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Poker Superstars --> C:\PROGRA~1\YAHOO!~1\POKERS~1\UNWISE.EXE C:\PROGRA~1\YAHOO!~1\POKERS~1\INSTALL.LOG
Pokémon --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Pokémon\Uninst.isu"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"  -uninstall
Pro Fishing 3D --> C:\WINDOWS\IsUninst.exe -f"C:\Head Games\Pro Fishing 3D\P3DFish.isu"
ProModule: PowerPoint Support --> C:\PROGRA~1\R-TECH~1\SONGSH~1\Modules\POWERP~1\UNWISE.EXE C:\PROGRA~1\R-TECH~1\SONGSH~1\Modules\POWERP~1\INSTALL.LOG
ProModule: Quick Message --> C:\PROGRA~1\R-TECH~1\SONGSH~1\Modules\QUICKM~1\UNWISE.EXE C:\PROGRA~1\R-TECH~1\SONGSH~1\Modules\QUICKM~1\INSTALL.LOG
ProModule: SongSelect 3.0 Support --> C:\PROGRA~1\R-TECH~1\SONGSH~1\Modules\SONGSE~1\UNWISE.EXE C:\PROGRA~1\R-TECH~1\SONGSH~1\Modules\SONGSE~1\INSTALL.LOG
ProModule: SongSelect Lyrics Service Import --> C:\PROGRA~1\R-TECH~1\SONGSH~1\Modules\LYRICS~1\UNWISE.EXE C:\PROGRA~1\R-TECH~1\SONGSH~1\Modules\LYRICS~1\INSTALL.LOG
ProModule: Transitions 1 --> C:\PROGRA~1\R-TECH~1\PROMOD~1\TRANSI~1\UNWISE.EXE C:\PROGRA~1\R-TECH~1\PROMOD~1\TRANSI~1\INSTALL.LOG
ProModule: Transitions 2 --> C:\PROGRA~1\R-TECH~1\PROMOD~1\TRANSI~2\UNWISE.EXE C:\PROGRA~1\R-TECH~1\PROMOD~1\TRANSI~2\INSTALL.LOG
ProModule: Transitions 3 --> C:\PROGRA~1\R-TECH~1\PROMOD~1\TRANSI~3\UNWISE.EXE C:\PROGRA~1\R-TECH~1\PROMOD~1\TRANSI~3\INSTALL.LOG
ProModule: Transitions 4 --> C:\PROGRA~1\R-TECH~1\PROMOD~1\TRANSI~4\UNWISE.EXE C:\PROGRA~1\R-TECH~1\PROMOD~1\TRANSI~4\INSTALL.LOG
ProModule: Video Background --> C:\PROGRA~1\R-TECH~1\PROMOD~1\VIDEOB~1\UNWISE.EXE C:\PROGRA~1\R-TECH~1\PROMOD~1\VIDEOB~1\INSTALL.LOG
ProModule: Visualizations 1 --> C:\PROGRA~1\R-TECH~1\PROMOD~1\VISUAL~1\UNWISE.EXE C:\PROGRA~1\R-TECH~1\PROMOD~1\VISUAL~1\INSTALL.LOG
ProModule: Visualizations 2 --> C:\PROGRA~1\R-TECH~1\PROMOD~1\VISUAL~2\UNWISE.EXE C:\PROGRA~1\R-TECH~1\PROMOD~1\VISUAL~2\INSTALL.LOG
ProModule: Visualizations 3 --> C:\PROGRA~1\R-TECH~1\PROMOD~1\VISUAL~3\UNWISE.EXE C:\PROGRA~1\R-TECH~1\PROMOD~1\VISUAL~3\INSTALL.LOG
ProModule: Visualizations 4 --> C:\PROGRA~1\R-TECH~1\PROMOD~1\VISUAL~4\UNWISE.EXE C:\PROGRA~1\R-TECH~1\PROMOD~1\VISUAL~4\INSTALL.LOG
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Sansa Media Converter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56B810F8-1395-4471-9F7A-560AACF0CB2F}\Setup.exe" -l0x9
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Shockwave --> C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\Install.log
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SongShow Plus --> "C:\Program Files\R-Technics\SongShow Plus\bin\Uninstall.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SonicStage 3.4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SspSamples: Bible Atlas Images --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Images\BIBLEA~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Images\BIBLEA~1\INSTALL.LOG
SspSamples: Creative Interlude Sampler 2 --> C:\PROGRA~1\R-TECH~1\SONGSH~1\UNINST~1\CREATI~1\CREATI~1\UNWISE.EXE C:\PROGRA~1\R-TECH~1\SONGSH~1\UNINST~1\CREATI~1\CREATI~1\INSTALL.LOG
SspSamples: Digital Hotcakes --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Videos\DIGITA~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Videos\DIGITA~1\INSTALL.LOG
SspSamples: Digital Juice Images --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Images\DIGITA~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Images\DIGITA~1\INSTALL.LOG
SspSamples: Digital Juice Jumpbacks --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Videos\DIGITA~2\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Videos\DIGITA~2\INSTALL.LOG
SspSamples: Whitmer Photography --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Images\WHITME~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Images\WHITME~1\INSTALL.LOG
SspSamples: WorshipFilms --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Videos\WORSHI~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Videos\WORSHI~1\INSTALL.LOG
SspSamples: WorshipScapes Images --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Images\WORSHI~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Images\WORSHI~1\INSTALL.LOG
SspSamples: WorshipScapes Videos --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Videos\WORSHI~2\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Videos\WORSHI~2\INSTALL.LOG
Starshine Episode 1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73B3C57B-3ED7-40DB-A554-32EB5D35F84E}\setup.exe" -l0x9
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Tiger Woods PGA TOUR 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E91306C-899F-45F3-B5E9-4B480A27A63D}\Setup.exe" -l0x9 uninstallme
Verizon Online DSL --> "C:\WINDOWS\DSL\unins000.exe"
Verizon Online Help and Support --> C:\PROGRA~1\Verizon\UNWISE.EXE C:\PROGRA~1\Verizon\INSTALL.LOG
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Messenger --> MsiExec.exe /I{FCE50DB8-C610-4C42-BE5C-193F46C6F812}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WinZip Self-Extractor --> "C:\Program Files\WinZip Self-Extractor\wzipse32.exe" -uninstall
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
WordPerfect Office 11 --> MsiExec.exe /I{54F90B55-BEB3-4F0D-8802-228822FA5921}
Yahoo! extras --> C:\Program Files\Yahoo!\Common\unycust.exe /S
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Messenger Explorer Bar --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\YHEXBM~1.DLL
Yahoo! Photos Easy Upload Tool --> C:\Program Files\Yahoo!\Common\ydropper_uninst.exe /ylog=C:\PROGRA~1\Yahoo!\Photos\Uploader\install.log
Yahoo! Photos Print-at-Home Tool --> C:\WINDOWS\unins000.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type983 / Error
Event Submitted/Written: 09/29/2007 02:04:49 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 490030824.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type981 / Error
Event Submitted/Written: 09/29/2007 02:04:40 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x023e6cfb.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type979 / Error
Event Submitted/Written: 09/29/2007 02:01:34 PM
Event ID/Source: 1 / VBRuntime
Event Description:
The VB Application identified by the event source logged this Application MSICUU: Thread ID: 5148 ,Logged:

Success:
C:\Program Files\Windows Installer Clean Up\msizap.exe TW! {E659E0EE-10E6-49B7-8696-60F38D0EB174}

Event Record #/Type978 / Error
Event Submitted/Written: 09/29/2007 02:01:32 PM
Event ID/Source: 1 / VBRuntime
Event Description:
The VB Application identified by the event source logged this Application MSICUU: Thread ID: 5148 ,Logged:

Success:
C:\Program Files\Windows Installer Clean Up\msizap.exe TW! {7148F0A8-6813-11D6-A77B-00B0D0142000}

Event Record #/Type971 / Success
Event Submitted/Written: 09/24/2007 05:38:07 PM
Event ID/Source: 12001 / usnsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4962 / Error
Event Submitted/Written: 09/29/2007 02:04:43 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
fwdrv
khips
SSI

Event Record #/Type4961 / Error
Event Submitted/Written: 09/29/2007 02:04:43 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The Bonjour Service service hung on starting.

Event Record #/Type4952 / Warning
Event Submitted/Written: 09/28/2007 01:20:10 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type4951 / Error
Event Submitted/Written: 09/28/2007 10:15:35 AM
Event ID/Source: 6161 / Print
Event Description:
Copy of October 07 ALL CLASSES.xlsHeatherHP DeskJet 710CNT EMF 1.00832768029334011\\NEWMAN0 (0x0)

Event Record #/Type4950 / Warning
Event Submitted/Written: 09/28/2007 10:01:12 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2007-09-29 14:11:57 ------------

17

Tech Clinic / Firewall issues

« on: September 29, 2007, 01:50:57 AM »

Do you see the older version of Java and/or kerio in the list?

yes they are both there

18

Tech Clinic / Firewall issues

« on: September 26, 2007, 02:48:34 PM »

no it will not uninstall or reinstall. it bog's at the end of installation with the error notice I attached a couple of posts ago. same error shows up when I try to uninstall. my computer shows it running though, I just cannot access it to turn it off or to uninstall it. very frustrating as I suspect it is what is keeping some other programs from working or updating properly.

is there some other way to get rid of it?

19

Tech Clinic / Firewall issues

« on: September 24, 2007, 03:59:10 AM »

pv.exe;C:\Documents and Settings\Heather\Desktop\Unused Desktop Shortcuts\smitRem;Program.PrcView.3741;Moved.;  
pnmi3270.dll;C:\Program Files\Common Files\Real\Update_OB;Trojan.Adshow.origin;Incurable.Moved.;  
SonicLicenseManager.dll;C:\Program Files\Common Files\Sonic Shared;Trojan.DownLoader.origin;Incurable.Moved.;  
Process.exe;C:\Program Files\HaxFix;Tool.Prockill;Moved.;  
installmetrics.dll;C:\Program Files\HP\Temp\{3F556FFA-B0C6-404d-992B-05BB0B10849C}\setup;Adware.Ttc.origin;Moved.;  
Ojbsir.exe;C:\Program Files\Sony\SonicStage;Adware.Aid.origin;Moved.;  
backup-20070923-150803-593.dll;C:\Program Files\Trend Micro\HijackThis\backups;Program.PopcapLoader;Moved.;  
HPFix.reg;C:\SDFix\apps;Trojan.StartPage.1505;Deleted.;  
Process.exe;C:\SDFix\apps;Tool.Prockill;Moved.;  
A0035840.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP433;Tool.ShutDown.11;Moved.;  
A0035841.ocx;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP433;Adware.Gdown;Moved.;  
A0040234.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP436;Program.PopcapLoader;Moved.;  
A0145573.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP525;Trojan.Adshow.origin;Incurable.Moved.;
A0145574.dll;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP525;Trojan.DownLoader.origin;Incurable.Moved.;
A0145575.reg;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP525;Trojan.StartPage.1505;Deleted.;  
popcaploader.dll;C:\WINDOWS\Downloaded Program Files;Program.PopcapLoader;Moved.;  
process.exe;C:\WINDOWS\SYSTEM32;Tool.Prockill;Moved.;  



ComboFix 07-09-21.2 - "Heather" 2007-09-24  1:46:14.4 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.245 [GMT -7:00]
.

(((((((((((((((((((((((((   Files Created from 2007-08-24 to 2007-09-24  )))))))))))))))))))))))))))))))
.

2007-09-22 23:38   <DIR>   d--------   C:\Rustbfix
2007-09-20 22:25   <DIR>   d--------   C:\Program Files\Windows Media Connect 2
2007-09-20 22:24   <DIR>   d--------   C:\WINDOWS\SYSTEM32\LogFiles
2007-09-20 22:24   <DIR>   d--------   C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-09-14 00:31   <DIR>   d--------   C:\Program Files\Trend Micro
2007-09-13 23:32   76,560   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-09-13 22:34   <DIR>   d--------   C:\DOCUME~1\Heather\.housecall6.6
2007-09-13 21:49   <DIR>   d--------   C:\Program Files\Error Expert
2007-09-13 19:44   <DIR>   d--------   C:\KAV
2007-09-04 10:08   <DIR>   d--------   C:\Program Files\MyWebSearchWB
2007-09-04 10:08   <DIR>   d--------   C:\Program Files\AWS
2007-09-04 10:08   <DIR>   d--------   C:\DOCUME~1\Heather\APPLIC~1\WeatherBug

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-23 22:05   ---------   d--------   C:\Program Files\Common Files\Sonic Shared
2007-09-21 15:37   ---------   d--------   C:\Program Files\ewido anti-malware
2007-09-13 19:33   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-09-13 19:22   ---------   d--------   C:\Program Files\Rhapsody
2007-09-13 18:49   ---------   d--------   C:\Program Files\Real
2007-09-13 18:47   ---------   d--------   C:\DOCUME~1\Heather\APPLIC~1\Real
2007-09-08 23:59   ---------   d--------   C:\DOCUME~1\Heather\APPLIC~1\U3
2007-08-16 00:10   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
2007-08-13 15:18   ---------   d--------   C:\DOCUME~1\Heather\APPLIC~1\Ahead
2007-08-13 15:07   ---------   d--------   C:\Program Files\Common Files\LightScribe
2007-08-13 15:00   ---------   d--------   C:\Program Files\Common Files\Ahead
2007-08-13 14:57   ---------   d--------   C:\Program Files\Nero
2007-08-13 14:57   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-08-12 06:57   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
2007-08-12 06:56   ---------   d--------   C:\Program Files\Verizon
2007-07-30 19:19   92504   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2007-07-30 19:19   92504   --a------   C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 19:19   549720   --a------   C:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-30 19:19   549720   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2007-07-30 19:19   53080   --a------   C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 19:19   53080   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2007-07-30 19:19   43352   --a------   C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 19:19   325976   --a------   C:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-30 19:19   325976   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2007-07-30 19:19   271224   --a------   C:\WINDOWS\SYSTEM32\mucltui.dll
2007-07-30 19:19   207736   --a------   C:\WINDOWS\SYSTEM32\muweb.dll
2007-07-30 19:19   203096   --a------   C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 19:19   203096   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2007-07-30 19:19   1712984   --a------   C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 19:19   1712984   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2007-07-30 19:18   33624   --a------   C:\WINDOWS\SYSTEM32\wups.dll
2007-07-30 19:18   33624   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2007-07-18 23:59   3583488   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-07-12 16:31   765952   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\vgx.dll
2007-06-27 07:34   823808   --a-s----   C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-06-27 07:34   671232   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-06-27 07:34   6058496   ---------   C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-06-27 07:34   52224   ---------   C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-06-27 07:34   477696   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-06-27 07:34   459264   ---------   C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-06-27 07:34   44544   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-06-27 07:34   384512   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-06-27 07:34   383488   ---------   C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-06-27 07:34   27648   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-06-27 07:34   267776   ---------   C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-06-27 07:34   232960   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-06-27 07:34   230400   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-06-27 07:34   193024   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-06-27 07:34   153088   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-06-27 07:34   132608   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-06-27 07:34   124928   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-06-27 07:34   1152000   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-06-27 07:34   105984   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-06-27 07:34   102400   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-06-27 01:27   63488   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-06-27 01:27   625152   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-06-27 01:27   13824   ---------   C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-06-27 00:00   161792   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-06-26 22:10   317440   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\unregmp2.exe
2007-06-25 23:08   1104896   --a------   C:\WINDOWS\SYSTEM32\msxml3.dll
2007-06-25 23:08   1104896   --a------   C:\WINDOWS\SYSTEM32\DLLCACHE\msxml3.dll
2007-02-20 12:51   439296   --a------   C:\DOCUME~1\Heather\GoToAssist_phone__317_en.exe
2007-02-17 21:07   8   --a------   C:\DOCUME~1\Heather\APPLIC~1\usb.dat.bin
2006-02-19 04:28   12288   --a------   C:\WINDOWS\Fonts\RandFont.dll
.

(((((((((((((((((((((((((((((   snapshot_2007-09-21_230848.79   )))))))))))))))))))))))))))))))))))))))))
.
-c----w           414,208 2006-10-19 04:47:16  C:\WINDOWS\$NtUninstallKB929399$\msscp.dll
-c----w           213,216 2005-06-28 17:23:26  C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe
-c----w           371,424 2005-06-28 17:23:54  C:\WINDOWS\$NtUninstallKB929399$\spuninst\updspapi.dll
-c----w        10,834,432 2006-10-19 04:47:20  C:\WINDOWS\$NtUninstallKB936782_WMP11$\wmp.dll
-c----w           213,216 2005-06-28 17:23:26  C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe
-c----w           371,424 2005-06-28 17:23:54  C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\updspapi.dll
-c----w           315,904 2006-11-02 01:31:34  C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe
-c----w           213,216 2005-06-28 17:23:26  C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe
-c----w           371,424 2005-06-28 17:23:54  C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi.dll
----a-w           317,440 2007-06-27 05:10:26  C:\WINDOWS\INF\unregmp2.exe
----a-w           414,720 2006-12-04 23:21:50  C:\WINDOWS\SYSTEM32\msscp.dll
----a-w        10,834,944 2007-06-12 06:51:12  C:\WINDOWS\SYSTEM32\wmp.dll
----a-w           414,720 2006-12-04 23:21:50  C:\WINDOWS\SYSTEM32\DLLCACHE\msscp.dll
----a-w        10,834,944 2007-06-12 06:51:12  C:\WINDOWS\SYSTEM32\DLLCACHE\wmp.dll
.
----a-w           315,904 2006-11-02 01:31:34  C:\WINDOWS\INF\unregmp2.exe
----a-w           414,208 2006-10-19 04:47:16  C:\WINDOWS\SYSTEM32\msscp.dll
----a-w        10,834,432 2006-10-19 04:47:20  C:\WINDOWS\SYSTEM32\wmp.dll
----a-w           414,208 2006-10-19 04:47:16  C:\WINDOWS\SYSTEM32\DLLCACHE\msscp.dll
----a-w        10,834,432 2006-10-19 04:47:20  C:\WINDOWS\SYSTEM32\DLLCACHE\wmp.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 18:12]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 10:50 C:\WINDOWS\LOGI_MWX.EXE]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-17 00:24]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 14:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 15:24]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
DESKTOP.INI [2002-09-03 07:00:00]

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]

C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]

C:\DOCUME~1\Heather\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]

C:\DOCUME~1\Tim\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)

S0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS
S1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
S1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
S3 VisorUsb;Handspring USB;C:\WINDOWS\system32\DRIVERS\VisorUsb.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{409de366-aeb2-11db-b001-000cf1e5dee4}]
AutoRun\command- G:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-09-20 00:13:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2004-04-17 03:57:12 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
"2007-01-02 03:58:06 C:\WINDOWS\Tasks\WebReg .job"
- C:\Program Files\HP\digital imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-24 01:49:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-09-24  1:51:03
C:\ComboFix-quarantined-files.txt ... 2007-09-24 01:50
C:\ComboFix2.txt ... 2007-09-21 23:09
C:\ComboFix3.txt ... 2007-09-14 00:39
.
   --- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:53:25 AM, on 9/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 7041 bytes

20

Tech Clinic / Firewall issues

« on: September 23, 2007, 05:31:27 PM »

Check any item with Java Runtime Environment (JRE or J2SE) in the name
# Click the Remove or Change/Remove button.
# Repeat as many times as necessary to remove each Java versions.
Examples of older versions:
Java SE Runtime Environment 5 Update 6
Java SE Runtime Environment 5 Update 11
Java 2 Runtime Environment, SE v1.4.2

at the point of uninstalling the older java I recieved this error message  [attachment=3911:uninstall_error.bmp]
I recieve same message when trying to uninstall kerio

Back in Windows go ahead and install the latest version for the installer on desktop

waiting till further instructed regarding failed uninstall

will com-plete and respond to the rest of the instructions in next post