Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - scrappingmama

Pages: [1] 2 3
1
Tech Clinic / Hacked and Hijacked? :-(
« on: November 17, 2008, 12:54:06 AM »
Okay, I have done all the things you wanted me to do.  However, for both of the J2SE updates, it said fatal error during installation and would not remove.  For Ewido, it said it was not found but it let me remove it.

I have been able to reinstall many of the applications, but unless I have uninstalled/resinstalled the program it still doesn't work.  This applies mostly to the games now, so that's okay.

I'm ready for the next step.

2
Tech Clinic / Hacked and Hijacked? :-(
« on: November 10, 2008, 11:43:24 PM »
Sorry, life has been screaming by the past few weeks.  I will take care of this shortly.  Thanks for your assistance.

3
Tech Clinic / Hacked and Hijacked? :-(
« on: November 03, 2008, 08:54:20 PM »
Here is the list from HJT, but unfortunately most of the executables for these programs were removed when the issue occurred so they are just sitting out there without associated files.

"Doras Carnival Adventure (remove only)"
"Nick Video Jigsaw Jam (remove only)"
32 Bit HP CIO Components Installer
3D Groove Playback Engine
Action Replay Code Manager
Active Disk
Ad-Aware SE Personal
Adobe Download Manager 2.2 (Remove Only)
Adobe Flash Player ActiveX
Adobe Photoshop Album Starter Edition
Adobe Reader 7.0.9
Adobe Shockwave Player
Adventures of Bleeposaurus (remove only)
AirSet Desktop Sync
Alphabet Express
Amazing Windows XP Screen Saver 1.2
American Greetings® CreataCard® Silver 5
Anark Client 1.0
Ancient Hearts & Spades
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
Avira AntiVir Personal - Free Antivirus
Barbie ® as Princess Bride (tm)
Big Kahuna Reef
Bleeposaurus 2: Dragonfire (remove only)
Boggle
Boggle (remove only)
Bonjour
BOSS Fonts Manager
Bricks of Atlantis
Candy Land - Dora the Explorer Edition
Card Classics
CatDog
CDBurnerXP Pro 3
Centipede
Chaotic
Charm Solitaire
CK Creative Clips and Fonts Sampler
CleanUp!
Compaq Connections
Compaq Instant Support
Compaq Organize
Corel Applications
Coupon Printer for Windows
Danny Phantom Ghost Sweep (remove only)
Data Converter
DesignPro 5.4 Limited Edition
Diego`s Dinosaur Adventure (remove only)
Diner Dash
DING!
Direct Show Ogg Vorbis Filter (remove only)
Disney/Pixar's Buzz Lightyear 2nd Grade
Disney's Mickey Mouse Preschool
Disney's Phonics Quest
Disney's Ready for Math with Pooh
Disney's Toontown Online
Disney's Winnie the Pooh Preschool
Dora Backpack
Dora Knows Your Name
Dora Lost City
Dora the Explorer Screen Saver
Dora`s Magic Castle (remove only)
Doras Rapido River Rafting Race (remove only)
Doras Star Catching Game (remove only)
Dora's World Adventure
Dream Vacation Solitaire
Drop Heads (remove only)
Easy Internet Sign-up
ebgcInfra
ebgcRes
ebgcRes
ebgcSDK
EPSON Printer Software
ewido security suite
EXEtender Player
FA Addition Subtraction
Fairly Odd Parents - Big Super Hero Wish (remove only)
Fairly Odd Parents Information Stupor Highway (remove only)
FamilyFeudOnlineParty (remove only)
Fatman Adventures 2 (remove only)
Feeding Frenzy (remove only)
Garmin Communicator Plugin
Google Earth
Gutterball
Halloween  Screen Saver
HijackThis 2.0.2
Holiday Snowflakes Screen Saver 1.2
Hooked on Phonics Learn to Read
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 9.0
HP Deskjet Preloaded Printer Drivers
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photo & Imaging 3.1
HP Photo and Imaging 2.0 - Deskjet Series
HP Photo and Imaging 2.0 - Photosmart Cameras
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Print Diagnostic Utility
HP Product Detection
HP PSC & OfficeJet 3.0
HP Solution Center 9.0
HP Update
HPSSupply
Human 3D LR1n
In A Flash 3
In A Flash Photo 3
Insaniquarium Deluxe
Inspheration
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
IomegaWare 4.0.2
ItsDeductible Express
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java(tm) 6 Update 10
Jewel Quest
Jewel Quest II (remove only)
Jewel Quest Solitaire (remove only)
Jimmy Neutron Boy Genius
Jimmy Neutron Invention Revenge (remove only)
JumpStart Animal Adventures
JumpStart Explorers
JumpStart Learning Games ABC's
JumpStart Numbers
JumpStart Pre-K
JumpStart Typing
Jungle Heart (remove only)
Juniper Networks Network Connect 5.5.0
KBD
LG USB Drivers
Mad Caps (remove only)
Magic Ball 2
Magic Match
Magic Match 2
Magic Match Adventures
Malwarebytes' Anti-Malware
Math 2
Math Blaster Ages 6-7
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Outlook 2003
Microsoft Office XP Media Content
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Express Edition - ENU Service Pack 1 (KB926748)
Microsoft Web Publishing Wizard 1.52
Microsoft Works 7.0
Milton Bradley Classic Board Games
Monopoly
Move Networks Player for Internet Explorer
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
MUSICMATCH® Jukebox
My Wal-Mart Digital Photo Center
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
NCH Toolbox
Need For Speed - Porsche Unleashed
Nick Blockade (remove only)
Nicktoons Challenge! (remove only)
NVIDIA GART Driver
Ocean Life 1 Screensaver
Ocean Life 2 Screensaver
Operation
PacaJuma Quest (remove only)
PagePrintables
Paint Shop Pro 7
Pajama Sam Life is Rough When You Lose Your Stuff
Pajama Sam No Need to Hide When It's Dark Outside
Palm Desktop
Panda ActiveScan
PC-Doctor for Windows
PCFriendly
PDO Desktop
Photo Viewer 2.3
Photosmart 140,240,7200,7600,7700,7900 Series
Playhouse Disney's Stanley Wild for Sharks
Print Workshop 2004 LE
PS2
pumpkinpatch ScreenSaver
Puzzle Detective
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2004
Quicken 2009
QuickTime
Rainbow Web
Reader Rabbit Preschool
Reader's Digest Super Word Power
RealArcade
RealPlayer
RecordNow!
Rhapsody Player Engine
Roll
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Saints and Sinners Bingo
Sandlot Games Client Services
Sandlot Games Client Services 1.2.2
SandScript(tm)
Scholastic's I SPY School Days
Scholastic's I SPY Spooky Mansion
Scooby-Doo(tm), Phantom of the Knight(tm)
Scrabble Blast Deluxe
Scrabble Complete
Scrabble Deluxe
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958644)
Sega Smash Pack II
Sesame Street Search & Learn Adventures
Shape Solitaire
Slingo
Snowy - Treasure Hunter (remove only)
Sonic Update Manager
SpongeBob Atlantis SquareOff
SpongeBob SquarePants 3D Pinball Panic (remove only)
SpongeBob SquarePants Bubble Rush! (remove only)
SpongeBob SquarePants Collapse! (remove only)
SpongeBob SquarePants Diner Dash (remove only)
SpongeBob SquarePants Jellyfish Shuffleboard (remove only)
SpongeBob SquarePants Krabby Quest (remove only)
SpongeBob SquarePants Obstacle  Odyssey (remove only)
SpongeBob SquarePants Obstacle Odyssey 2 (remove only)
SpongeBob SquarePants Pizza Toss (remove only)
SpongeBob SquarePants® Operation Krabby Patty
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Stop the Morbuzakh (remove only)
Stunt Track Driver
Super GameHouse BlackJack
Super GameHouse Solitaire Vol. 1
Switch Sound File Converter
Talk to Me
Tarzan Activity Center
The Fairly OddParents
The Fairly OddParents - Timmy`s Roach Rampage (remove only)
The Font Factory
Time Force
Timez Attack Free
Tonka Raceway
Top Ten Solitaire
trickortreaters ScreenSaver
Trivial Pursuit 90s Edition
Tumble Bees To Go
TurboTax Deluxe 2003
TurboTax Deluxe 2004
TurboTax Deluxe 2005
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
Twistingo
U.B. Funkeys
Ultimate Game Pak
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
Update for Windows XP (KB951072-v2)
VIA Rhine-Family Fast-Ethernet Adapter
VIA/S3G Display Driver
ViviCam V35
Wal-Mart Music Downloads Store
WD Diagnostics
WeatherBug
WexTech AnswerWorks
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Windows XP Winter Fun Pack Screensavers
WinZip
Word Search Deluxe (remove only)
Word Whomp To Go
Wordsheets
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Yahtzee
Yahtzee
Yu_Gi_Oh!_Monsters_1 Screen Saver
Yu_Gi_Oh!_Time_to_Duel_1 Screen Saver
Zone Deluxe Games

4
Tech Clinic / Hacked and Hijacked? :-(
« on: November 02, 2008, 04:46:58 PM »
I just downloaded Avira and while there it showed other recommended software included Avast.  It seems that Avira and Avast do two different things. What is the definition of "worms" and "trojans" and why doesn't Avira specifically call them out?

Avira Premium = Keep viruses, malware, adware, and spyware out of your PC.
Avast = Scan your computer for viruses, worms, and Trojan horses.

Here you go --

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-11-02 15:44:37
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 37 GB (34%) free of 109 GB
Total RAM: 959 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:44:39 PM, on 11/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Documents and Settings\Owner\Desktop\GetRidofHijackers\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - https://cim.accenture.com/system/web/view/l...g/ie/SecMgr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409226343
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409212234
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=24931
O16 - DPF: {B33422AC-C567-4F7D-BB28-6583371EC4EE} (Microsoft CMS HTML Editor) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/NRDHtml.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://amr1-extranet.accenture.com/dana-ca...perSetupSP1.cab
O16 - DPF: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} (Microsoft CMS HTML Editor Toolbar) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/nrdhtml.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - c:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 8643 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Easy Internet Sign-up.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - c:\Program Files\Java\jre6\bin\ssv.dll [2008-10-27 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - c:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-27 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - c:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-27 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-08 53248]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\point32.exe [2005-03-23 217088]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"SunJavaUpdateSched"=c:\Program Files\Java\jre6\bin\jusched.exe [2008-10-27 136600]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe [2004-05-20 856064]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-07 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"=C:\Program Files\ewido\security suite\shellhook.dll [2004-09-30 39488]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Southwest Airlines\Ding\Ding.exe"="C:\Program Files\Southwest Airlines\Ding\Ding.exe:*:Disabled:DING!"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-11-01 00:12:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-01 00:12:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-01 00:11:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-01 00:11:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-01 00:11:06 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-01 00:10:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-01 00:10:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-01 00:10:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-01 00:10:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-01 00:09:55 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-11-01 00:09:27 ----D---- C:\Program Files\MSXML 6.0
2008-11-01 00:07:19 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-11-01 00:06:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-01 00:06:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-01 00:06:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-01 00:05:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-01 00:04:59 ----HDC---- C:\WINDOWS\$NtUninstallKB901190$
2008-11-01 00:04:39 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-01 00:04:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-01 00:04:07 ----D---- C:\WINDOWS\SQL9_KB948109_ENU
2008-11-01 00:03:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-01 00:03:18 ----D---- C:\Program Files\MSXML 4.0
2008-11-01 00:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-11-01 00:02:29 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-10-31 07:53:15 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-31 07:37:06 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-31 07:37:06 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-30 21:10:09 ----D---- C:\Program Files\iPod
2008-10-30 21:10:06 ----D---- C:\Program Files\iTunes
2008-10-30 21:10:06 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-30 21:09:03 ----D---- C:\Program Files\QuickTime
2008-10-30 07:22:31 ----D---- C:\Program Files\MSN Messenger
2008-10-30 06:33:15 ----SHD---- C:\RECYCLER
2008-10-27 19:49:09 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-27 19:49:09 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-27 19:49:09 ----A---- C:\WINDOWS\system32\java.exe
2008-10-27 19:49:09 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-10-27 19:36:07 ----D---- C:\WINDOWS\temp
2008-10-27 19:36:05 ----A---- C:\ComboFix.txt
2008-10-26 22:50:34 ----D---- C:\Program Files\Avira
2008-10-26 22:50:34 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-26 22:25:06 ----D---- C:\temp
2008-10-26 21:31:43 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-26 19:48:07 ----D---- C:\WINDOWS\ERUNT
2008-10-26 19:47:09 ----D---- C:\SDFix
2008-10-26 18:45:00 ----A---- C:\WINDOWS\zip.exe
2008-10-26 18:45:00 ----A---- C:\WINDOWS\VFIND.exe
2008-10-26 18:45:00 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-26 18:45:00 ----A---- C:\WINDOWS\SWSC.exe
2008-10-26 18:45:00 ----A---- C:\WINDOWS\SWREG.exe
2008-10-26 18:45:00 ----A---- C:\WINDOWS\sed.exe
2008-10-26 18:45:00 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-26 18:45:00 ----A---- C:\WINDOWS\grep.exe
2008-10-26 18:45:00 ----A---- C:\WINDOWS\fdsv.exe
2008-10-26 18:44:59 ----D---- C:\WINDOWS\ERDNT
2008-10-26 18:44:59 ----D---- C:\Qoobox
2008-10-26 18:19:48 ----D---- C:\Program Files\Microsoft Money
2008-10-26 14:57:28 ----D---- C:\rsit
2008-10-26 14:31:48 ----D---- C:\Program Files\Trend Micro
2008-10-26 13:13:29 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-26 13:13:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-26 13:13:24 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-26 01:18:36 ----D---- C:\Program Files\Microsoft ActiveSync
2008-10-26 01:18:31 ----D---- C:\Program Files\Common Files\Designer
2008-10-26 01:18:17 ----D---- C:\Program Files\Common Files\ODBC
2008-10-26 00:57:40 ----A---- C:\SDFix.exe

======List of files/folders modified in the last 1 months======

2008-11-02 13:14:36 ----SHD---- C:\WINDOWS\Installer
2008-11-02 13:12:47 ----D---- C:\WINDOWS\Prefetch
2008-11-02 13:12:46 ----D---- C:\WINDOWS\Debug
2008-11-02 09:21:42 ----HD---- C:\Config.Msi
2008-11-02 09:21:18 ----D---- C:\WINDOWS\system32
2008-11-02 09:21:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-01 22:52:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-01 22:51:22 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-01 00:20:40 ----D---- C:\WINDOWS
2008-11-01 00:12:21 ----HD---- C:\WINDOWS\inf
2008-11-01 00:12:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-01 00:12:20 ----D---- C:\WINDOWS\system32\drivers
2008-11-01 00:12:18 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-01 00:12:16 ----A---- C:\WINDOWS\imsins.BAK
2008-11-01 00:10:14 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-01 00:09:55 ----AD---- C:\Program Files
2008-11-01 00:08:00 ----D---- C:\Program Files\Internet Explorer
2008-11-01 00:04:40 ----D---- C:\WINDOWS\WinSxS
2008-11-01 00:02:36 ----D---- C:\Program Files\Windows Media Player
2008-10-31 08:12:13 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-30 21:09:07 ----D---- C:\Program Files\Common Files\Apple
2008-10-30 21:08:50 ----SD---- C:\WINDOWS\Tasks
2008-10-30 21:03:10 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-27 19:49:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-27 19:48:52 ----D---- C:\Program Files\Java
2008-10-27 19:39:34 ----A---- C:\WINDOWS\hpdj5100.ini
2008-10-27 19:39:33 ----D---- C:\Program Files\Hewlett-Packard
2008-10-27 19:27:54 ----A---- C:\WINDOWS\system.ini
2008-10-27 19:26:33 ----D---- C:\WINDOWS\system32\config
2008-10-27 19:24:54 ----D---- C:\WINDOWS\AppPatch
2008-10-27 19:24:54 ----D---- C:\Program Files\Common Files
2008-10-26 23:56:23 ----D---- C:\WINDOWS\system32\ActiveScan
2008-10-26 19:54:24 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-26 14:29:28 ----D---- C:\HJT
2008-10-26 01:18:22 ----D---- C:\Program Files\Microsoft Office
2008-10-25 22:36:34 ----D---- C:\Program Files\Wal-Mart Music Downloads Store
2008-10-25 22:20:09 ----D---- C:\Program Files\Windows NT
2008-10-25 22:19:41 ----D---- C:\Program Files\THQ
2008-10-25 22:19:35 ----D---- C:\Program Files\sz8032
2008-10-25 22:19:35 ----D---- C:\Program Files\sz8022
2008-10-25 22:19:32 ----D---- C:\Program Files\Scholastic
2008-10-25 22:19:32 ----D---- C:\Program Files\RecordNow!
2008-10-25 22:19:24 ----D---- C:\Program Files\Print Workshop 2004 LE
2008-10-25 22:19:20 ----D---- C:\Program Files\Outlook Express
2008-10-25 22:19:09 ----D---- C:\Program Files\NetMeeting
2008-10-25 22:18:21 ----D---- C:\Program Files\Movie Maker
2008-10-25 22:18:12 ----D---- C:\Program Files\Microsoft Works
2008-10-25 22:18:12 ----D---- C:\Program Files\Microsoft Visual Studio 8
2008-10-25 22:18:04 ----D---- C:\Program Files\Microsoft SQL Server
2008-10-25 22:18:04 ----D---- C:\Program Files\Microsoft Plus! Digital Media Edition
2008-10-25 22:18:01 ----D---- C:\Program Files\Microsoft IntelliPoint
2008-10-25 22:18:00 ----D---- C:\Program Files\Lavasoft
2008-10-25 22:17:52 ----D---- C:\Program Files\Juniper Networks
2008-10-25 22:17:31 ----D---- C:\Program Files\ItsDeductibleEX
2008-10-25 22:17:31 ----D---- C:\Program Files\ItsDeductible2006
2008-10-25 22:17:30 ----D---- C:\Program Files\ItsDeductible2005
2008-10-25 22:17:30 ----D---- C:\Program Files\Iomega
2008-10-25 22:17:29 ----D---- C:\Program Files\IntelliMover Data Transfer Demo
2008-10-25 22:17:27 ----D---- C:\Program Files\Infogrames Interactive
2008-10-25 22:17:22 ----D---- C:\Program Files\HP
2008-10-25 22:17:09 ----D---- C:\Program Files\Hasbro Interactive
2008-10-25 22:16:48 ----D---- C:\Program Files\Common Files\System
2008-10-25 22:15:56 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-25 22:15:46 ----D---- C:\Program Files\Common Files\Adobe
2008-10-25 22:12:35 ----D---- C:\Program Files\Bonjour
2008-10-25 22:12:28 ----D---- C:\Program Files\Adobe
2008-10-25 22:07:16 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-10-25 07:33:54 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-20 13:25:49 ----D---- C:\Documents and Settings\Owner\Application Data\AirSet Desktop Sync
2008-10-15 10:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-14 18:23:24 ----A---- C:\WINDOWS\EUCHRE~1.INI
2008-10-07 12:19:42 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-03 37376]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-04-11 10624]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2002-08-29 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2002-08-29 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 dsNcAdpt;Juniper Network Connect Adapter; C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-04-10 23552]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 45568]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-07-02 652497]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2004-01-20 28256]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-03-15 20352]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2002-07-29 23808]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2005-03-08 172544]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2007-04-16 194362]
S2 ltmdmntc;ltmdmntc; \??\C:\WINDOWS\System32\drivers\ltmdmntc.sys []
S2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys []
S2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\System32\DRIVERS\nvcap.sys [2003-07-30 126348]
S2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2003-07-30 13006]
S2 W55U01;WINBOND W55U01 USB; C:\WINDOWS\System32\Drivers\W55U01.sys [2005-08-12 15232]
S2 X4HS32;X4HS32; \??\C:\Program Files\EXEtender\X4HS32.Sys []
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 BulkUsb;Usbscan.Sys; C:\WINDOWS\System32\Drivers\usbscan.sys [2004-08-03 15104]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2003-01-16 41984]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-03 166912]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-05-06 394752]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SQTECH905C;ViviCam 35; C:\WINDOWS\System32\Drivers\Capt905c.sys [2005-01-25 33307]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]
S3 USBIO;USBIO Driver (usbio.sys); C:\WINDOWS\System32\Drivers\usbio.sys [2001-05-07 19805]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-03 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk; C:\Program Files\Iomega\AutoDisk\ADService.exe [2002-09-24 151552]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-26 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-26 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 dsNcService;Juniper Network Connect Service; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [2007-04-10 407136]
R2 ewido security suite control;ewido security suite control; C:\Program Files\ewido\security suite\ewidoctrl.exe [2004-11-11 16448]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 Iomega App Services;Iomega App Services; C:\PROGRA~1\Iomega\System32\AppServices.exe [2002-09-04 73728]
R2 JavaQuickStarterService;Java Quick Starter; c:\Program Files\Java\jre6\bin\jqs.exe [2008-10-27 152984]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-08-19 77824]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe []
S4 Iomega Activity Disk2;Iomega Activity Disk2;  []
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe []
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------

5
Tech Clinic / Hacked and Hijacked? :-(
« on: November 02, 2008, 01:26:30 PM »
I would like to do some final cleanup on the XP box (the infected one) just in case I get lazy and don't do a full install.  It sounds like I either want SpywareBlaster OR Windows Defender and not both.

On the Vista laptop, it does have Windows Defender already installed.  It is a Dell from Best Buy and they load up a bunch of junk you don't need.  Norton is already "installed" but you have to accept it which I haven't done.  I see it in the add/remove programs.  I'm assuming I have to use the Norton uninstall program that you sent me earlier for my current laptop.

So, for the 'infected' XP box, I will use Avira with SpywareBlaster or Windows Defender (if you have the link).

For the new Vista laptop, I will use Avira with Windows Defender.

Does that all sound correct?  

If you think there is extra cleanup then please send me the steps when you get a chance.

6
Tech Clinic / Hacked and Hijacked? :-(
« on: October 31, 2008, 08:02:01 PM »
Yes, I sure did.  That was one of the reasons why I was asking the question.  It just seems like there are a lot of tools to do similar things and two AV can't run on the same computer.  It looked like Avira was a solid performer but to get the anti-malware and antispyware, you need to upgrade.  So, is it best to upgrade to Avira for those or some other product.

Also, I have a new Vista laptop.  If I use Avira on my current XP desktop, I plan on also using it on my new Vista laptop.  However, factory install includes a Norton option to install.  It pops up on every start up.  I didn't install it but I think I need to get rid of it to install Avira, right?

Thanks again for everything.  This has been an unfortunate but productive learning experience.

7
Tech Clinic / Hacked and Hijacked? :-(
« on: October 30, 2008, 09:10:15 PM »
All the executables that I had before the hack are gone (MS products, MS Money, TurboTax, Paintshop Pro, iTunes, any game downloads).  The ones I have tried to reinstall won't work or won't work correctly.  This is why I think I need a total wipe and install though I'm not looking forward to it.

Windows update was not set to automatic and that is another thing that likely caused a lot of my issues.

Avira is working and I have read up on the AV/spyware/malware, etc. comparisons and Avira ranks better than most though it looks like the next level might be a bit better.

I scanned my back ups at the same time you had me scan my USB thumbdrive and everything was okay.

What are some of the products I can run together or is there one that does it all (antivirus, antispyware, antimalware)?

8
Tech Clinic / Hacked and Hijacked? :-(
« on: October 29, 2008, 09:03:51 PM »
The system seems to be running okay now with the exception of the loss of all my applications and some key data.  I still get the errors on reboot for the printers but that is just annoying.

New HJT Log --
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:22 PM, on 10/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Java\jre6\bin\jusched.exe
c:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - https://cim.accenture.com/system/web/view/l...g/ie/SecMgr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409226343
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409212234
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=24931
O16 - DPF: {B33422AC-C567-4F7D-BB28-6583371EC4EE} (Microsoft CMS HTML Editor) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/NRDHtml.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://amr1-extranet.accenture.com/dana-ca...perSetupSP1.cab
O16 - DPF: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} (Microsoft CMS HTML Editor Toolbar) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/nrdhtml.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - c:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 8613 bytes

9
Tech Clinic / Hacked and Hijacked? :-(
« on: October 28, 2008, 10:24:31 PM »
Well, it looks like Kaspersky found something.  It just amazes me how many tools you need to be able to effectively clean a computer.

Here are the results of the scan --
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
 Tuesday, October 28, 2008
 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
 Kaspersky Online Scanner 7 version: 7.0.25.0
 Program database last update: Tuesday, October 28, 2008 01:00:23
 Records in database: 1352247
--------------------------------------------------------------------------------

Scan settings:
   Scan using the following database: extended
   Scan archives: yes
   Scan mail databases: yes

Scan area - My Computer:
   A:\
   C:\
   D:\
   E:\
   F:\

Scan statistics:
   Files scanned: 116389
   Threat name: 5
   Infected objects: 5
   Suspicious objects: 0
   Duration of the scan: 25:52:06


File name / Threat name / Threats count
C:\Documents and Settings\Owner\Desktop\GetRidofHijackers\smitfraudfix\SmitfraudFix\Reboot.exe   Infected: not-a-virus:RiskTool.Win32.Reboot.f   1
C:\Documents and Settings\Owner\Desktop\nerodownload\Nero-7.7.5.1_eng_trial.exe   Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bm   1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSckvy.dll.vir   Infected: Backdoor.Win32.TDSS.atb   1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSfhvv.dll.vir   Infected: Trojan.Win32.Agent.akki   1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSurta.dll.vir   Infected: Backdoor.Win32.TDSS.asz   1

The selected area was scanned.

10
Tech Clinic / Hacked and Hijacked? :-(
« on: October 28, 2008, 07:56:07 PM »
Unfortunately, I was unable to check the scan this morning (late for work as usual) and when I just checked it I found that it was at 6% and hung up on an Outlook not configured error.  I have answered the popups and now the scanning is going well.

While clean install may be my final result, having a clean system now is imperative so that I can back up all my data safely.  I really appreciate all that you have done and I will post the Kaspersky results when they are complete.

What antivirus, internet security, antispyware, etc. packages do you recommend most for XP and Vista?  I want to make sure my systems are better protected.

11
Tech Clinic / Hacked and Hijacked? :-(
« on: October 27, 2008, 08:05:52 PM »
I put in the CD for one of my printers and the TrayApp install error got past but now I have an AIOSoftware.msi Windows install error.  I can't find the disk to my other printer.  I tried to open the printer folder to remove the one for which I don't have the disk but the folder won't open.  I just get an error.  I have removed the other printer from add/remove programs but there are many other HP items that are still there and I'm sure it is looking for.

Once we get this computer clean enough for me to move things off of, I think it is time to re-image it and start with a fresh install.  At this point, none of the applications (except IE) work so it is only data I have to be careful to get.

I am just about to run the Kaspersky scan but I will leave it running tonight.  I will post the log in the morning if I have time before I go to work.

Here is the combofix log --
ComboFix 08-10-27.02 - Owner 2008-10-27 20:22:58.5 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.592 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\cfscript.txt
 * Created a new restore point

FILE ::
C:\WINDOWS\system32\drivers\TDSSijso.sys
C:\WINDOWS\system32\TDSSckvy.dll
C:\WINDOWS\system32\TDSSesan.dll
C:\WINDOWS\system32\TDSSeuvq.dll
C:\WINDOWS\system32\TDSSfhvv.dll
C:\WINDOWS\system32\TDSSierd.dat
C:\WINDOWS\system32\TDSSnhvw.dll
C:\WINDOWS\system32\TDSSurta.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\TDSSckvy.dll
C:\WINDOWS\system32\TDSSesan.dll
C:\WINDOWS\system32\TDSSfhvv.dll
C:\WINDOWS\system32\TDSSierd.dat
C:\WINDOWS\system32\TDSSnhvw.dll
C:\WINDOWS\system32\TDSSurta.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv.sys


(((((((((((((((((((((((((   Files Created from 2008-09-28 to 2008-10-28  )))))))))))))))))))))))))))))))
.

2008-10-26 23:50 . 2008-10-26 23:50   <DIR>   d--------   C:\Program Files\Avira
2008-10-26 23:50 . 2008-10-26 23:50   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Avira
2008-10-26 23:25 . 2008-10-27 15:04   <DIR>   d--------   C:\temp
2008-10-26 22:31 . 2008-10-26 22:31   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-26 20:48 . 2008-10-26 20:48   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-10-26 20:47 . 2008-10-26 21:20   <DIR>   d--------   C:\SDFix
2008-10-26 19:19 . 2008-10-26 19:29   <DIR>   d--------   C:\Program Files\Microsoft Money
2008-10-26 15:57 . 2008-10-26 15:57   <DIR>   d--------   C:\rsit
2008-10-26 15:31 . 2008-10-26 15:31   <DIR>   d--------   C:\Program Files\Trend Micro
2008-10-26 14:13 . 2008-10-26 14:17   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-10-26 14:13 . 2008-10-26 14:13   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-26 14:13 . 2008-10-26 14:13   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-26 14:13 . 2008-10-22 16:10   38,496   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-26 14:13 . 2008-10-22 16:10   15,504   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-10-26 02:18 . 2008-10-26 02:18   <DIR>   d--------   C:\Program Files\Microsoft ActiveSync
2008-10-26 01:57 . 2008-10-26 01:51   1,554,567   --a------   C:\SDFix.exe
2008-10-25 14:51 . 2008-10-25 14:51   <DIR>   d--------   C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
2008-09-29 14:41 . 2008-10-27 09:13   <DIR>   d--------   C:\Program Files\iTunes
2008-09-29 14:41 . 2008-09-29 14:42   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-29 14:39 . 2008-10-25 23:12   <DIR>   d--------   C:\Program Files\Bonjour

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-27 14:13   ---------   d-----w   C:\Program Files\iPod
2008-10-26 04:36   ---------   d-----w   C:\Program Files\Wal-Mart Music Downloads Store
2008-10-26 04:19   ---------   d-----w   C:\Program Files\THQ
2008-10-26 04:19   ---------   d-----w   C:\Program Files\sz8032
2008-10-26 04:19   ---------   d-----w   C:\Program Files\sz8022
2008-10-26 04:19   ---------   d-----w   C:\Program Files\Scholastic
2008-10-26 04:19   ---------   d-----w   C:\Program Files\RecordNow!
2008-10-26 04:19   ---------   d-----w   C:\Program Files\QuickTime
2008-10-26 04:19   ---------   d-----w   C:\Program Files\Print Workshop 2004 LE
2008-10-26 04:18   ---------   d-----w   C:\Program Files\Microsoft Works
2008-10-26 04:18   ---------   d-----w   C:\Program Files\Microsoft Visual Studio 8
2008-10-26 04:18   ---------   d-----w   C:\Program Files\Microsoft SQL Server
2008-10-26 04:18   ---------   d-----w   C:\Program Files\Microsoft Plus! Digital Media Edition
2008-10-26 04:18   ---------   d-----w   C:\Program Files\Microsoft IntelliPoint
2008-10-26 04:18   ---------   d-----w   C:\Program Files\Lavasoft
2008-10-26 04:17   ---------   d-----w   C:\Program Files\Juniper Networks
2008-10-26 04:17   ---------   d-----w   C:\Program Files\Java
2008-10-26 04:17   ---------   d-----w   C:\Program Files\ItsDeductibleEX
2008-10-26 04:17   ---------   d-----w   C:\Program Files\ItsDeductible2006
2008-10-26 04:17   ---------   d-----w   C:\Program Files\ItsDeductible2005
2008-10-26 04:17   ---------   d-----w   C:\Program Files\Iomega
2008-10-26 04:17   ---------   d-----w   C:\Program Files\IntelliMover Data Transfer Demo
2008-10-26 04:17   ---------   d-----w   C:\Program Files\Infogrames Interactive
2008-10-26 04:17   ---------   d-----w   C:\Program Files\HP
2008-10-26 04:17   ---------   d-----w   C:\Program Files\Hewlett-Packard
2008-10-26 04:17   ---------   d-----w   C:\Program Files\Hasbro Interactive
2008-10-26 04:15   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-10-26 04:15   ---------   d-----w   C:\Program Files\Common Files\Apple
2008-10-26 04:15   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-10-25 13:33   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-20 19:25   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\AirSet Desktop Sync
2008-10-16 01:30   30   ----a-w   C:\Documents and Settings\Owner\jagex_runescape_preferences.dat
2008-08-29 15:18   87,336   ----a-w   C:\WINDOWS\system32\dns-sd.exe
2008-08-29 14:53   61,440   ----a-w   C:\WINDOWS\system32\dnssd.dll
2008-03-17 17:38   103,536   ----a-w   C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2004-11-01 23:37   0   --sha-w   C:\WINDOWS\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-10-26_20.01.28.40   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 20:27:04   163,328   ----a-w   C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-10-27 01:48:35   9,252,864   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-10-27 01:48:35   802,816   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 20:27:04   163,328   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-10-27 01:48:21   9,252,864   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-10-27 01:48:22   802,816   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2008-05-11 02:33:53   65,536   ----a-r   C:\WINDOWS\Installer\{10E1E87C-656C-4D08-86D6-5443D28583BE}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
+ 2008-10-28 01:16:17   65,536   ----a-r   C:\WINDOWS\Installer\{10E1E87C-656C-4D08-86D6-5443D28583BE}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
- 2008-09-29 19:42:35   102,400   ----a-r   C:\WINDOWS\Installer\{41B9E2CF-0B3F-442A-B5B3-592A4A355634}\iTunesIco.exe
+ 2008-10-27 14:13:43   102,400   ----a-r   C:\WINDOWS\Installer\{41B9E2CF-0B3F-442A-B5B3-592A4A355634}\iTunesIco.exe
- 2008-10-27 00:58:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-10-27 20:02:04   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-10-27 00:58:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-27 20:02:04   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-27 18:06:06   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102020081027\index.dat
+ 2008-10-27 18:42:19   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102720081028\index.dat
+ 2008-05-09 18:15:51   45,376   ----a-w   C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 23:11:28   22,336   ----a-w   C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-06-27 20:03:55   75,072   ----a-w   C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 15:34:22   28,352   ----a-w   C:\WINDOWS\system32\drivers\ssmdrv.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2004-05-20 856064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"VTTimer"="VTTimer.exe" [2005-03-08 C:\WINDOWS\system32\VTTimer.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Southwest Airlines\\Ding\\Ding.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-04-10 23552]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 45568]
S2 ltmdmntc;ltmdmntc;C:\WINDOWS\System32\drivers\ltmdmntc.sys [ ]
S2 W55U01;WINBOND W55U01 USB;C:\WINDOWS\system32\Drivers\W55U01.sys [2005-08-12 15232]
S2 X4HS32;X4HS32;C:\Program Files\EXEtender\X4HS32.Sys [ ]
S3 BulkUsb;Usbscan.Sys;C:\WINDOWS\system32\Drivers\usbscan.sys [2004-08-04 15104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2008-10-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe []

2004-03-17 C:\WINDOWS\Tasks\Easy Internet Sign-up.job
- C:\Program Files\Easy Internet signup\HPSdpApp.exe []
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 20:28:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-10-27 20:36:02 - machine was rebooted
ComboFix-quarantined-files.txt  2008-10-28 01:35:58
ComboFix2.txt  2008-10-27 20:18:58
ComboFix3.txt  2008-10-27 18:36:11
ComboFix4.txt  2008-10-27 17:38:42
ComboFix5.txt  2008-10-28 01:22:02

Pre-Run: 41,295,572,992 bytes free
Post-Run: 41,344,692,224 bytes free

192

12
Tech Clinic / Hacked and Hijacked? :-(
« on: October 27, 2008, 03:03:03 PM »
Yeah, I was worried about the thumbdrive too, but it scanned fine.  I have an external hard drive that is used for backup that I will need to scan too.  I tried to just back things up file by file in the past few days and hope it doesn't get an infected one but other backups may have something.

ComboFix 08-10-27.01 - Owner 2008-10-27 15:04:00.4 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.666 [GMT -5:00]
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
 * Created a new restore point

FILE ::
C:\Documents and Settings\All Users\Application Data\acoho.dat
C:\Documents and Settings\All Users\Application Data\esurebale.pif
C:\Documents and Settings\All Users\Application Data\gosy.reg
C:\Documents and Settings\All Users\Application Data\voweva.vbs
C:\Documents and Settings\Owner\Application Data\aqixikixyd.dll
C:\WINDOWS\ebog.lib
C:\WINDOWS\nyfupa.vbs
C:\WINDOWS\ojeqopom.ban
C:\WINDOWS\rogip.sys
C:\WINDOWS\sopiryxuk.scr
C:\WINDOWS\system32\drivers\TDSSijso.sys
C:\WINDOWS\system32\gukylyw.lib
C:\WINDOWS\system32\koda.bat
C:\WINDOWS\system32\likyluki.bin
C:\WINDOWS\system32\sowapiwoci.bin
C:\WINDOWS\yfywak.reg
C:\WINDOWS\ykupyja.sys
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\acoho.dat
C:\Documents and Settings\All Users\Application Data\esurebale.pif
C:\Documents and Settings\All Users\Application Data\gosy.reg
C:\Documents and Settings\All Users\Application Data\voweva.vbs
C:\Documents and Settings\Owner\Application Data\aqixikixyd.dll
C:\temp\NoNav
C:\temp\NoNav\ESUGUnEn.exe
C:\temp\NoNav\nolu.inf
C:\temp\NoNav\nolu.reg
C:\temp\NoNav\NONAV.BAT
C:\temp\NoNav\nonav.inf
C:\temp\NoNav\nonav.pif
C:\temp\NoNav\nonav.reg
C:\temp\NoNav\nonav.txt
C:\temp\NoNav\noquar.inf
C:\temp\NoNav\noquar.reg
C:\temp\NoNav\RTVSTOP.EXE
C:\temp\NoNav\UnEngVar.BAT
C:\temp\NoNav\UnEngVar.Txt
C:\WINDOWS\ebog.lib
C:\WINDOWS\nyfupa.vbs
C:\WINDOWS\ojeqopom.ban
C:\WINDOWS\rogip.sys
C:\WINDOWS\sopiryxuk.scr
C:\WINDOWS\system32\drivers\TDSSijso.sys
C:\WINDOWS\system32\gukylyw.lib
C:\WINDOWS\system32\koda.bat
C:\WINDOWS\system32\likyluki.bin
C:\WINDOWS\system32\sowapiwoci.bin
C:\WINDOWS\yfywak.reg
C:\WINDOWS\ykupyja.sys

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv
-------\Legacy_TDSSserv
-------\Legacy_TDSSSERV.SYS


(((((((((((((((((((((((((   Files Created from 2008-09-27 to 2008-10-27  )))))))))))))))))))))))))))))))
.

2008-10-26 23:50 . 2008-10-26 23:50   <DIR>   d--------   C:\Program Files\Avira
2008-10-26 23:50 . 2008-10-26 23:50   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Avira
2008-10-26 23:25 . 2008-10-27 15:04   <DIR>   d--------   C:\temp
2008-10-26 22:31 . 2008-10-26 22:31   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-26 20:48 . 2008-10-26 20:48   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-10-26 20:47 . 2008-10-26 21:20   <DIR>   d--------   C:\SDFix
2008-10-26 19:19 . 2008-10-26 19:29   <DIR>   d--------   C:\Program Files\Microsoft Money
2008-10-26 15:57 . 2008-10-26 15:57   <DIR>   d--------   C:\rsit
2008-10-26 15:31 . 2008-10-26 15:31   <DIR>   d--------   C:\Program Files\Trend Micro
2008-10-26 14:13 . 2008-10-26 14:17   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-10-26 14:13 . 2008-10-26 14:13   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-26 14:13 . 2008-10-26 14:13   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-26 14:13 . 2008-10-22 16:10   38,496   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-26 14:13 . 2008-10-22 16:10   15,504   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-10-26 02:18 . 2008-10-26 02:18   <DIR>   d--------   C:\Program Files\Microsoft ActiveSync
2008-10-26 01:57 . 2008-10-26 01:51   1,554,567   --a------   C:\SDFix.exe
2008-10-25 14:51 . 2008-10-25 14:51   <DIR>   d--------   C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
2008-10-25 14:51 . 2008-10-27 15:02   77,824   --a------   C:\WINDOWS\system32\TDSSeuvq.dll
2008-10-25 14:51 . 2008-10-27 15:02   31,232   --a------   C:\WINDOWS\system32\TDSSckvy.dll
2008-10-25 14:51 . 2008-10-27 15:02   30,720   --a------   C:\WINDOWS\system32\TDSSfhvv.dll
2008-10-25 14:51 . 2008-10-27 15:02   29,696   --a------   C:\WINDOWS\system32\TDSSurta.dll
2008-10-25 14:51 . 2008-10-27 15:02   26,112   --a------   C:\WINDOWS\system32\TDSSesan.dll
2008-10-25 14:51 . 2008-10-27 15:02   2,840   --a------   C:\WINDOWS\system32\TDSSnhvw.dll
2008-10-25 14:51 . 2008-10-27 15:02   164   --a------   C:\WINDOWS\system32\TDSSierd.dat
2008-09-29 14:41 . 2008-10-27 09:13   <DIR>   d--------   C:\Program Files\iTunes
2008-09-29 14:41 . 2008-09-29 14:42   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-29 14:39 . 2008-10-25 23:12   <DIR>   d--------   C:\Program Files\Bonjour

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-27 14:13   ---------   d-----w   C:\Program Files\iPod
2008-10-26 04:36   ---------   d-----w   C:\Program Files\Wal-Mart Music Downloads Store
2008-10-26 04:19   ---------   d-----w   C:\Program Files\THQ
2008-10-26 04:19   ---------   d-----w   C:\Program Files\sz8032
2008-10-26 04:19   ---------   d-----w   C:\Program Files\sz8022
2008-10-26 04:19   ---------   d-----w   C:\Program Files\Scholastic
2008-10-26 04:19   ---------   d-----w   C:\Program Files\RecordNow!
2008-10-26 04:19   ---------   d-----w   C:\Program Files\QuickTime
2008-10-26 04:19   ---------   d-----w   C:\Program Files\Print Workshop 2004 LE
2008-10-26 04:18   ---------   d-----w   C:\Program Files\Microsoft Works
2008-10-26 04:18   ---------   d-----w   C:\Program Files\Microsoft Visual Studio 8
2008-10-26 04:18   ---------   d-----w   C:\Program Files\Microsoft SQL Server
2008-10-26 04:18   ---------   d-----w   C:\Program Files\Microsoft Plus! Digital Media Edition
2008-10-26 04:18   ---------   d-----w   C:\Program Files\Microsoft IntelliPoint
2008-10-26 04:18   ---------   d-----w   C:\Program Files\Lavasoft
2008-10-26 04:17   ---------   d-----w   C:\Program Files\Juniper Networks
2008-10-26 04:17   ---------   d-----w   C:\Program Files\Java
2008-10-26 04:17   ---------   d-----w   C:\Program Files\ItsDeductibleEX
2008-10-26 04:17   ---------   d-----w   C:\Program Files\ItsDeductible2006
2008-10-26 04:17   ---------   d-----w   C:\Program Files\ItsDeductible2005
2008-10-26 04:17   ---------   d-----w   C:\Program Files\Iomega
2008-10-26 04:17   ---------   d-----w   C:\Program Files\IntelliMover Data Transfer Demo
2008-10-26 04:17   ---------   d-----w   C:\Program Files\Infogrames Interactive
2008-10-26 04:17   ---------   d-----w   C:\Program Files\HP
2008-10-26 04:17   ---------   d-----w   C:\Program Files\Hewlett-Packard
2008-10-26 04:17   ---------   d-----w   C:\Program Files\Hasbro Interactive
2008-10-26 04:15   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-10-26 04:15   ---------   d-----w   C:\Program Files\Common Files\Apple
2008-10-26 04:15   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-10-25 13:33   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-20 19:25   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\AirSet Desktop Sync
2008-10-16 01:30   30   ----a-w   C:\Documents and Settings\Owner\jagex_runescape_preferences.dat
2008-03-17 17:38   103,536   ----a-w   C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2004-11-01 23:37   0   --sha-w   C:\WINDOWS\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-10-26_20.01.28.40   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 20:27:04   163,328   ----a-w   C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-10-27 01:48:35   9,252,864   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-10-27 01:48:35   802,816   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 20:27:04   163,328   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-10-27 01:48:21   9,252,864   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-10-27 01:48:22   802,816   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2008-09-29 19:42:35   102,400   ----a-r   C:\WINDOWS\Installer\{41B9E2CF-0B3F-442A-B5B3-592A4A355634}\iTunesIco.exe
+ 2008-10-27 14:13:43   102,400   ----a-r   C:\WINDOWS\Installer\{41B9E2CF-0B3F-442A-B5B3-592A4A355634}\iTunesIco.exe
- 2008-10-27 00:58:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-10-27 20:02:04   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-10-27 00:58:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-27 20:02:04   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-27 18:06:06   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102020081027\index.dat
+ 2008-10-27 18:42:19   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102720081028\index.dat
- 2008-10-27 00:58:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-27 20:02:04   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-09 18:15:51   45,376   ----a-w   C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 23:11:28   22,336   ----a-w   C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-06-27 20:03:55   75,072   ----a-w   C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 15:34:22   28,352   ----a-w   C:\WINDOWS\system32\drivers\ssmdrv.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2004-05-20 856064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"VTTimer"="VTTimer.exe" [2005-03-08 C:\WINDOWS\system32\VTTimer.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Southwest Airlines\\Ding\\Ding.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-04-10 23552]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 45568]
S2 ltmdmntc;ltmdmntc;C:\WINDOWS\System32\drivers\ltmdmntc.sys [ ]
S2 W55U01;WINBOND W55U01 USB;C:\WINDOWS\system32\Drivers\W55U01.sys [2005-08-12 15232]
S2 X4HS32;X4HS32;C:\Program Files\EXEtender\X4HS32.Sys [ ]
S3 BulkUsb;Usbscan.Sys;C:\WINDOWS\system32\Drivers\usbscan.sys [2004-08-04 15104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2008-10-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe []

2004-03-17 C:\WINDOWS\Tasks\Easy Internet Sign-up.job
- C:\Program Files\Easy Internet signup\HPSdpApp.exe []
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 15:10:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSijso.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-10-27 15:18:56 - machine was rebooted
ComboFix-quarantined-files.txt  2008-10-27 20:18:52
ComboFix2.txt  2008-10-27 18:36:11
ComboFix3.txt  2008-10-27 17:38:42
ComboFix4.txt  2008-10-27 01:01:53

Pre-Run: 41,345,298,432 bytes free
Post-Run: 41,392,779,264 bytes free

233


HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:40:46 PM, on 10/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - https://cim.accenture.com/system/web/view/l...g/ie/SecMgr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409226343
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409212234
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {B33422AC-C567-4F7D-BB28-6583371EC4EE} (Microsoft CMS HTML Editor) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/NRDHtml.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://amr1-extranet.accenture.com/dana-ca...perSetupSP1.cab
O16 - DPF: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} (Microsoft CMS HTML Editor Toolbar) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/nrdhtml.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 8197 bytes


Things seem to running okay, but I'm missing a lot of files/executables so most of my apps no longer work.  Also, I still keep getting a Windows Install on report that tries to install TrayApp.  

What do you recommend I use for AV and other protection on this computer and my new Vista laptop?

Thanks.

13
Tech Clinic / Hacked and Hijacked? :-(
« on: October 27, 2008, 01:03:32 PM »
I tried to download the update from Malwarebytes but it still wouldn't connect.  The same thing with Combofix.exe.  I went ahead and used the USB drive with my other computer again and got combofix.exe on the infected computer.  I ran that and then tried connecting to Malwarebytes again.  This time it worked, so I ran the quick scan (log attached).  It found three things so I chose to remove them.  I hope that was okay.  

I also was able to get to Combofix.exe on the infected machine too so I downloaded a new one and ran again (log attached).

Malwarebytes' Anti-Malware 1.30
Database version: 1328
Windows 5.1.2600 Service Pack 2

10/27/2008 1:12:17 PM
mbam-log-2008-10-27 (13-12-16).txt

Scan type: Quick Scan
Objects scanned: 60517
Time elapsed: 4 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ba4271e-5c1e-48e2-b432-d8bf420dd31d} (Rogue.DeusCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Combofix.exe
ComboFix 08-10-26.01 - Owner 2008-10-27 13:25:42.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.659 [GMT -5:00]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv
-------\Legacy_TDSSserv
-------\Legacy_TDSSSERV.SYS


(((((((((((((((((((((((((   Files Created from 2008-09-27 to 2008-10-27  )))))))))))))))))))))))))))))))
.

2008-10-26 23:50 . 2008-10-26 23:50   <DIR>   d--------   C:\Program Files\Avira
2008-10-26 23:50 . 2008-10-26 23:50   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Avira
2008-10-26 23:25 . 2008-10-26 23:25   <DIR>   d--------   C:\temp\NoNav
2008-10-26 23:25 . 2008-10-26 23:25   <DIR>   d--------   C:\temp
2008-10-26 22:31 . 2008-10-26 22:31   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-26 20:48 . 2008-10-26 20:48   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-10-26 20:47 . 2008-10-26 21:20   <DIR>   d--------   C:\SDFix
2008-10-26 19:19 . 2008-10-26 19:29   <DIR>   d--------   C:\Program Files\Microsoft Money
2008-10-26 15:57 . 2008-10-26 15:57   <DIR>   d--------   C:\rsit
2008-10-26 15:31 . 2008-10-26 15:31   <DIR>   d--------   C:\Program Files\Trend Micro
2008-10-26 14:13 . 2008-10-26 14:17   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-10-26 14:13 . 2008-10-26 14:13   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-26 14:13 . 2008-10-26 14:13   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-26 14:13 . 2008-10-22 16:10   38,496   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-26 14:13 . 2008-10-22 16:10   15,504   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-10-26 02:18 . 2008-10-26 02:18   <DIR>   d--------   C:\Program Files\Microsoft ActiveSync
2008-10-26 01:57 . 2008-10-26 01:51   1,554,567   --a------   C:\SDFix.exe
2008-10-25 22:53 . 2008-10-25 22:53   19,748   --a------   C:\WINDOWS\rogip.sys
2008-10-25 22:53 . 2008-10-25 22:53   16,053   --a------   C:\Documents and Settings\All Users\Application Data\gosy.reg
2008-10-25 22:53 . 2008-10-25 22:53   14,938   --a------   C:\WINDOWS\ykupyja.sys
2008-10-25 22:53 . 2008-10-25 22:53   14,191   --a------   C:\Documents and Settings\All Users\Application Data\voweva.vbs
2008-10-25 22:53 . 2008-10-25 22:53   12,670   --a------   C:\WINDOWS\system32\likyluki.bin
2008-10-25 22:53 . 2008-10-25 22:53   11,758   --a------   C:\Documents and Settings\Owner\Application Data\aqixikixyd.dll
2008-10-25 22:53 . 2008-10-25 22:53   11,333   --a------   C:\Documents and Settings\All Users\Application Data\acoho.dat
2008-10-25 22:53 . 2008-10-25 22:53   11,306   --a------   C:\WINDOWS\ojeqopom.ban
2008-10-25 22:53 . 2008-10-25 22:53   10,560   --a------   C:\WINDOWS\system32\sowapiwoci.bin
2008-10-25 22:53 . 2008-10-25 22:53   10,233   --a------   C:\WINDOWS\system32\gukylyw.lib
2008-10-25 17:13 . 2008-10-25 17:13   18,041   --a------   C:\WINDOWS\system32\koda.bat
2008-10-25 17:13 . 2008-10-25 17:13   17,867   --a------   C:\Documents and Settings\All Users\Application Data\esurebale.pif
2008-10-25 17:13 . 2008-10-25 17:13   16,260   --a------   C:\WINDOWS\sopiryxuk.scr
2008-10-25 17:13 . 2008-10-25 17:13   15,827   --a------   C:\WINDOWS\nyfupa.vbs
2008-10-25 17:13 . 2008-10-25 17:13   15,772   --a------   C:\WINDOWS\yfywak.reg
2008-10-25 17:13 . 2008-10-25 17:13   15,164   --a------   C:\WINDOWS\ebog.lib
2008-10-25 14:51 . 2008-10-25 14:51   <DIR>   d--------   C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
2008-09-29 14:41 . 2008-10-27 09:13   <DIR>   d--------   C:\Program Files\iTunes
2008-09-29 14:41 . 2008-09-29 14:42   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-29 14:39 . 2008-10-25 23:12   <DIR>   d--------   C:\Program Files\Bonjour

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-27 14:13   ---------   d-----w   C:\Program Files\iPod
2008-10-26 04:36   ---------   d-----w   C:\Program Files\Wal-Mart Music Downloads Store
2008-10-26 04:19   ---------   d-----w   C:\Program Files\THQ
2008-10-26 04:19   ---------   d-----w   C:\Program Files\sz8032
2008-10-26 04:19   ---------   d-----w   C:\Program Files\sz8022
2008-10-26 04:19   ---------   d-----w   C:\Program Files\Scholastic
2008-10-26 04:19   ---------   d-----w   C:\Program Files\RecordNow!
2008-10-26 04:19   ---------   d-----w   C:\Program Files\QuickTime
2008-10-26 04:19   ---------   d-----w   C:\Program Files\Print Workshop 2004 LE
2008-10-26 04:18   ---------   d-----w   C:\Program Files\Microsoft Works
2008-10-26 04:18   ---------   d-----w   C:\Program Files\Microsoft Visual Studio 8
2008-10-26 04:18   ---------   d-----w   C:\Program Files\Microsoft SQL Server
2008-10-26 04:18   ---------   d-----w   C:\Program Files\Microsoft Plus! Digital Media Edition
2008-10-26 04:18   ---------   d-----w   C:\Program Files\Microsoft IntelliPoint
2008-10-26 04:18   ---------   d-----w   C:\Program Files\Lavasoft
2008-10-26 04:17   ---------   d-----w   C:\Program Files\Juniper Networks
2008-10-26 04:17   ---------   d-----w   C:\Program Files\Java
2008-10-26 04:17   ---------   d-----w   C:\Program Files\ItsDeductibleEX
2008-10-26 04:17   ---------   d-----w   C:\Program Files\ItsDeductible2006
2008-10-26 04:17   ---------   d-----w   C:\Program Files\ItsDeductible2005
2008-10-26 04:17   ---------   d-----w   C:\Program Files\Iomega
2008-10-26 04:17   ---------   d-----w   C:\Program Files\IntelliMover Data Transfer Demo
2008-10-26 04:17   ---------   d-----w   C:\Program Files\Infogrames Interactive
2008-10-26 04:17   ---------   d-----w   C:\Program Files\HP
2008-10-26 04:17   ---------   d-----w   C:\Program Files\Hewlett-Packard
2008-10-26 04:17   ---------   d-----w   C:\Program Files\Hasbro Interactive
2008-10-26 04:15   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-10-26 04:15   ---------   d-----w   C:\Program Files\Common Files\Apple
2008-10-26 04:15   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-10-25 13:33   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-20 19:25   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\AirSet Desktop Sync
2008-10-16 01:30   30   ----a-w   C:\Documents and Settings\Owner\jagex_runescape_preferences.dat
2008-03-17 17:38   103,536   ----a-w   C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2004-11-01 23:37   0   --sha-w   C:\WINDOWS\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-10-26_20.01.28.40   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 20:27:04   163,328   ----a-w   C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-10-27 01:48:35   9,252,864   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-10-27 01:48:35   802,816   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 20:27:04   163,328   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-10-27 01:48:21   9,252,864   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-10-27 01:48:22   802,816   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2008-09-29 19:42:35   102,400   ----a-r   C:\WINDOWS\Installer\{41B9E2CF-0B3F-442A-B5B3-592A4A355634}\iTunesIco.exe
+ 2008-10-27 14:13:43   102,400   ----a-r   C:\WINDOWS\Installer\{41B9E2CF-0B3F-442A-B5B3-592A4A355634}\iTunesIco.exe
- 2008-10-27 00:58:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-10-27 18:32:19   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-10-27 00:58:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-27 18:32:19   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-27 18:06:06   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102020081027\index.dat
+ 2008-10-27 18:06:06   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102720081028\index.dat
- 2008-10-27 00:58:28   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-27 18:32:19   32,768   ----a-w   C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-09 18:15:51   45,376   ----a-w   C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 23:11:28   22,336   ----a-w   C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-06-27 20:03:55   75,072   ----a-w   C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 15:34:22   28,352   ----a-w   C:\WINDOWS\system32\drivers\ssmdrv.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2004-05-20 856064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"VTTimer"="VTTimer.exe" [2005-03-08 C:\WINDOWS\system32\VTTimer.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Southwest Airlines\\Ding\\Ding.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-04-10 23552]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 45568]
S2 ltmdmntc;ltmdmntc;C:\WINDOWS\System32\drivers\ltmdmntc.sys [ ]
S2 W55U01;WINBOND W55U01 USB;C:\WINDOWS\system32\Drivers\W55U01.sys [2005-08-12 15232]
S2 X4HS32;X4HS32;C:\Program Files\EXEtender\X4HS32.Sys [ ]
S3 BulkUsb;Usbscan.Sys;C:\WINDOWS\system32\Drivers\usbscan.sys [2004-08-04 15104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9748cf25-b2a6-11dc-b0ef-000ea6306fee}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/keylauncher/?code=3654261420322001
.
Contents of the 'Scheduled Tasks' folder

2008-10-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe []

2004-03-17 C:\WINDOWS\Tasks\Easy Internet Sign-up.job
- C:\Program Files\Easy Internet signup\HPSdpApp.exe []
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O16 -: {5445BE81-B796-11D2-B931-002018654E2E} - hxxps://cim.accenture.com/system/web/view/live/messaging/ie/SecMgr.cab
C:\WINDOWS\Downloaded Program Files\SecMgr.inf

O16 -: {B33422AC-C567-4F7D-BB28-6583371EC4EE} - hxxps://portal.accenture.com/NAVIGATOR/CMS/WebAuthor/Client/PlaceholderControlSupport/NRDHtml.cab
C:\WINDOWS\Downloaded Program Files\NRDHtml.inf
C:\WINDOWS\Downloaded Program Files\ncbmprdr.dll

O16 -: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} - hxxps://portal.accenture.com/NAVIGATOR/CMS/WebAuthor/Client/PlaceholderControlSupport/nrdhtml.cab
C:\WINDOWS\Downloaded Program Files\NRDHtml.inf
C:\WINDOWS\Downloaded Program Files\ncbmprdr.dll
C:\WINDOWS\Downloaded Program Files\NRDHtml.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 13:31:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSijso.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\urlmon.dll
-> ?:\WINDOWS\system32\urlmon.dll
-> ?:\WINDOWS\system32\DSOUND.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-10-27 13:36:08 - machine was rebooted
ComboFix-quarantined-files.txt  2008-10-27 18:36:00
ComboFix2.txt  2008-10-27 17:38:42
ComboFix3.txt  2008-10-27 01:01:53

Pre-Run: 41,382,154,240 bytes free
Post-Run: 41,430,233,088 bytes free

224

14
Tech Clinic / Hacked and Hijacked? :-(
« on: October 27, 2008, 07:37:21 AM »
It was midnight here. :-(

Okay, new day and new start.  Here are the logs --

HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:08:28 AM, on 10/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - https://cim.accenture.com/system/web/view/l...g/ie/SecMgr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409226343
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409212234
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {B33422AC-C567-4F7D-BB28-6583371EC4EE} (Microsoft CMS HTML Editor) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/NRDHtml.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://amr1-extranet.accenture.com/dana-ca...perSetupSP1.cab
O16 - DPF: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} (Microsoft CMS HTML Editor Toolbar) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/nrdhtml.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 8226 bytes



AVIRA AntiVir Personal
Report file date: Sunday, October 26, 2008  23:54

Scanning for 1708013 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Boot mode:        Normally booted
Username:         SYSTEM
Computer name:    BIGMAMA

Version information:
BUILD.DAT     : 8.2.0.334      16933 Bytes  10/16/2008 14:55:00
AVSCAN.EXE    : 8.1.4.7       315649 Bytes   6/26/2008 15:57:53
AVSCAN.DLL    : 8.1.4.0        40705 Bytes   5/26/2008 14:56:40
LUKE.DLL      : 8.1.4.5       164097 Bytes   6/12/2008 19:44:19
LUKERES.DLL   : 8.1.4.0        12033 Bytes   5/26/2008 14:58:52
ANTIVIR0.VDF  : 6.40.0.0    11030528 Bytes   7/18/2007 17:33:34
ANTIVIR1.VDF  : 7.0.5.1      8182784 Bytes   6/24/2008 20:54:15
ANTIVIR2.VDF  : 7.0.7.59     4366336 Bytes  10/19/2008 04:52:40
ANTIVIR3.VDF  : 7.0.7.93      198656 Bytes  10/26/2008 04:52:42
Engineversion : 8.2.0.9  
AEVDF.DLL     : 8.1.0.6       102772 Bytes  10/27/2008 04:52:54
AESCRIPT.DLL  : 8.1.1.9       319867 Bytes  10/27/2008 04:52:53
AESCN.DLL     : 8.1.1.3       123252 Bytes  10/27/2008 04:52:52
AERDL.DLL     : 8.1.1.2       438644 Bytes  10/27/2008 04:52:51
AEPACK.DLL    : 8.1.2.4       369014 Bytes  10/27/2008 04:52:50
AEOFFICE.DLL  : 8.1.0.29      196988 Bytes  10/27/2008 04:52:49
AEHEUR.DLL    : 8.1.0.63     1479032 Bytes  10/27/2008 04:52:49
AEHELP.DLL    : 8.1.1.2       115062 Bytes  10/27/2008 04:52:46
AEGEN.DLL     : 8.1.0.42      319861 Bytes  10/27/2008 04:52:46
AEEMU.DLL     : 8.1.0.9       393588 Bytes  10/27/2008 04:52:45
AECORE.DLL    : 8.1.2.8       172406 Bytes  10/27/2008 04:52:44
AEBB.DLL      : 8.1.0.3        53618 Bytes  10/27/2008 04:52:43
AVWINLL.DLL   : 1.0.0.12       15105 Bytes    7/9/2008 15:40:05
AVPREF.DLL    : 8.0.2.0        38657 Bytes   5/16/2008 16:28:01
AVREP.DLL     : 8.0.0.2        98344 Bytes  10/27/2008 04:52:42
AVREG.DLL     : 8.0.0.1        33537 Bytes    5/9/2008 18:26:40
AVARKT.DLL    : 1.0.0.23      307457 Bytes   2/12/2008 15:29:23
AVEVTLOG.DLL  : 8.0.0.16      119041 Bytes   6/12/2008 19:27:49
SQLITE3.DLL   : 3.3.17.1      339968 Bytes   1/23/2008 00:28:02
SMTPLIB.DLL   : 1.2.0.23       28929 Bytes   6/12/2008 19:49:40
NETNT.DLL     : 8.0.0.1         7937 Bytes   1/25/2008 19:05:10
RCIMAGE.DLL   : 8.0.0.51     2371841 Bytes   6/12/2008 20:48:07
RCTEXT.DLL    : 8.0.52.0       86273 Bytes   6/27/2008 20:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Sunday, October 26, 2008  23:54

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'ADService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned
Scan process 'sqlbrowser.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'AppServices.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ewidoctrl.exe' - '1' Module(s) have been scanned
Scan process 'dsNcService.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'Weather.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'point32.exe' - '1' Module(s) have been scanned
Scan process 'VTTimer.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
39 processes with 39 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
Boot sector 'D:\'
    [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '56' files ).

Starting the file scan:

Begin scan in 'C:\' <PRESARIO>
C:\pagefile.sys
    [WARNING]   The file could not be opened!
C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
      [DETECTION] Is the TR/Crypt.CFI.Gen Trojan
    [NOTE]      The file was deleted!
C:\WINDOWS\system32\ActiveScan\pskavs.dll
    [DETECTION] Contains recognition pattern of the W95/Blumblebee.1738 Windows virus
    [NOTE]      The file was deleted!
C:\WINDOWS\system32\drivers\ltmdmntc.old
    [DETECTION] Is the TR/StartPage.vn.1 Trojan
    [NOTE]      The file was deleted!
Begin scan in 'D:\' <PRESARIO_RP>


End of the scan: Monday, October 27, 2008  01:01
Used time:  1:07:19 Hour(s)

The scan has been done completely.

   9218 Scanning directories
 401861 Files were scanned
      3 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      3 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
 401857 Files not concerned
  15069 Archives were scanned
      1 Warnings
      3 Notes

15
Tech Clinic / Hacked and Hijacked? :-(
« on: October 26, 2008, 11:19:05 PM »
Okay, had to use the USB drive again from my other computer to get ATF Cleaner because the infected computer still can't open the site.  ATF Cleaner ran and I have downloaded and installed Avira.  I have done the update for it and it is now scanning.

I am heading off to bed.  Three late nights in a row is killing me.  

I have clicked the option to Delete any future detections so hopefully it will keep going through the night.  I will post all logs and reports in the morning.

Thanks again for all of your help.

16
Tech Clinic / Hacked and Hijacked? :-(
« on: October 26, 2008, 10:13:39 PM »
This whole time I have been using another computer and have copied every executable to a USB drive and then downloaded the files manually to the desktop on the infected computer.  

For this step, I hooked the infected computer back up to the network/internet and I went to the Symantec link you provided.  I downloaded and ran the Norton Removal Tool.  The system rebooted and tried to go to the Symantec link on restart.  Interestingly enough, I could no longer get to the link.  So, I tried going to www.symantec.com and I couldn't get there.  I also tried Atribune and Lavasoft and I can't get to any of them any longer.  I can get to other sites fine (like this one), but no site that seems like it would protect my computer.  Something seems to be blocking it again.

I was able to still run HJT, so I did the steps that you outlined for removing the items and here is the next log --
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:35 PM, on 10/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - https://cim.accenture.com/system/web/view/l...g/ie/SecMgr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409226343
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409212234
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {B33422AC-C567-4F7D-BB28-6583371EC4EE} (Microsoft CMS HTML Editor) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/NRDHtml.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://amr1-extranet.accenture.com/dana-ca...perSetupSP1.cab
O16 - DPF: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} (Microsoft CMS HTML Editor Toolbar) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/nrdhtml.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Unknown owner - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (file missing)
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 7981 bytes

17
Tech Clinic / Hacked and Hijacked? :-(
« on: October 26, 2008, 09:33:24 PM »
I tried to uninstall Symantec Antivirus from the Add/remove programs, but I got the following messages --

Symantec Antivirus Client
1: The InstallScript engine on this machine is older than the versino required to run this setup.  If available, please install teh latest version of ISScript.msi, or contact your support personnel for further assistance.

AND

Then at the end it throws a message - "Fatal error during installation."

Do you want me to continue with the rest of your steps anyway?

18
Tech Clinic / Hacked and Hijacked? :-(
« on: October 26, 2008, 08:46:30 PM »
I ran SDFix and it showed a message
c:\PROGRA~1\Symantec\S32EVNT1.DLL. An installable Virtual Device Driver failed Dll initialization.  Choose 'Close' to terminate the application.

Close wouldn't work (after six tries) so I clicked "ignore".

After it was done running it prompted for a reboot.  Again, I got the above message but this time "Close" worked.  It popped up again later and again "close" worked.

Here is the sdfix report --

SDFix: Version 1.238
Run by Owner on Sun 10/26/2008 at 08:55 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\DOCUME~1\Owner\LOCALS~1\Temp\TDSS5ddb.tmp - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\TDSS5dfb.tmp - Deleted





Removing Temp Files

ADS Check :
 


                                 Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 21:14:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\Owner\ntuser.dat, 0
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\Southwest Airlines\\Ding\\Ding.exe"="C:\\Program Files\\Southwest Airlines\\Ding\\Ding.exe:*:Disabled:DING!"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Disabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Finished!


AND HERE IS HIJACK THIS --
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:09 PM, on 10/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - https://cim.accenture.com/system/web/view/l...g/ie/SecMgr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409226343
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409212234
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {B33422AC-C567-4F7D-BB28-6583371EC4EE} (Microsoft CMS HTML Editor) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/NRDHtml.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://amr1-extranet.accenture.com/dana-ca...perSetupSP1.cab
O16 - DPF: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} (Microsoft CMS HTML Editor Toolbar) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/nrdhtml.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Unknown owner - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (file missing)
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 9279 bytes

19
Tech Clinic / Hacked and Hijacked? :-(
« on: October 26, 2008, 07:32:33 PM »
For your question about Norton, I might be able to find the disk but I'm not holding my breath.  At this point, I feel that it has failed me so much of the past few years that I'm ready to try something new (even though there was probably more I could do to protect my computer).  I just have to be able uninstall it so I can add something else.  I also have a new laptop with Vista that came with the Norton trial version and I haven't said "yes" to the Norton install because I don't really want to use it.  What are your thoughts on Kasperky's?  And how do I uninstall Norton on both machines?

Combofix worked.  It had to do a reboot because of what it called "Rootkit activity", but otherwise it all ran okay.

Anyway, here is a copy of the ComboFix log (I did get MS Money reinstalled to get to my backup and save me data to an external hard drive) --

ComboFix 08-10-25.01 - Owner 2008-10-26 19:49:34.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.697 [GMT -5:00]
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Cookies\habisaty.db
C:\Documents and Settings\Owner\Cookies\ogigy.sys
C:\Documents and Settings\Owner\Cookies\tyvatymawi.inf
C:\Documents and Settings\Owner\Cookies\ytehyryn.dl
C:\Documents and Settings\Owner\Cookies\zujakerob.bin
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\iluzux.dll
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\lisy.sys
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\maku.bin
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\meguteja.vbs
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\pyvojimy.inf
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\system32\AutoRun.inf
D:\Autorun.inf

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv
-------\Legacy_TDSSserv


(((((((((((((((((((((((((   Files Created from 2008-09-27 to 2008-10-27  )))))))))))))))))))))))))))))))
.

2008-10-26 19:19 . 2008-10-26 19:29   <DIR>   d--------   C:\Program Files\Microsoft Money
2008-10-26 15:57 . 2008-10-26 15:57   <DIR>   d--------   C:\rsit
2008-10-26 15:31 . 2008-10-26 15:31   <DIR>   d--------   C:\Program Files\Trend Micro
2008-10-26 14:13 . 2008-10-26 14:17   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-10-26 14:13 . 2008-10-26 14:13   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-26 14:13 . 2008-10-26 14:13   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-26 14:13 . 2008-10-22 16:10   38,496   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-26 14:13 . 2008-10-22 16:10   15,504   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-10-26 02:18 . 2008-10-26 02:18   <DIR>   d--------   C:\Program Files\Microsoft ActiveSync
2008-10-26 01:57 . 2008-10-26 01:51   1,554,567   --a------   C:\SDFix.exe
2008-10-25 22:53 . 2008-10-25 22:53   19,748   --a------   C:\WINDOWS\rogip.sys
2008-10-25 22:53 . 2008-10-25 22:53   16,053   --a------   C:\Documents and Settings\All Users\Application Data\gosy.reg
2008-10-25 22:53 . 2008-10-25 22:53   14,938   --a------   C:\WINDOWS\ykupyja.sys
2008-10-25 22:53 . 2008-10-25 22:53   14,191   --a------   C:\Documents and Settings\All Users\Application Data\voweva.vbs
2008-10-25 22:53 . 2008-10-25 22:53   12,670   --a------   C:\WINDOWS\system32\likyluki.bin
2008-10-25 22:53 . 2008-10-25 22:53   11,758   --a------   C:\Documents and Settings\Owner\Application Data\aqixikixyd.dll
2008-10-25 22:53 . 2008-10-25 22:53   11,333   --a------   C:\Documents and Settings\All Users\Application Data\acoho.dat
2008-10-25 22:53 . 2008-10-25 22:53   11,306   --a------   C:\WINDOWS\ojeqopom.ban
2008-10-25 22:53 . 2008-10-25 22:53   10,560   --a------   C:\WINDOWS\system32\sowapiwoci.bin
2008-10-25 22:53 . 2008-10-25 22:53   10,233   --a------   C:\WINDOWS\system32\gukylyw.lib
2008-10-25 17:13 . 2008-10-25 17:13   18,041   --a------   C:\WINDOWS\system32\koda.bat
2008-10-25 17:13 . 2008-10-25 17:13   17,867   --a------   C:\Documents and Settings\All Users\Application Data\esurebale.pif
2008-10-25 17:13 . 2008-10-25 17:13   16,260   --a------   C:\WINDOWS\sopiryxuk.scr
2008-10-25 17:13 . 2008-10-25 17:13   15,827   --a------   C:\WINDOWS\nyfupa.vbs
2008-10-25 17:13 . 2008-10-25 17:13   15,772   --a------   C:\WINDOWS\yfywak.reg
2008-10-25 17:13 . 2008-10-25 17:13   15,164   --a------   C:\WINDOWS\ebog.lib
2008-10-25 14:51 . 2008-10-25 14:51   <DIR>   d--------   C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
2008-09-29 14:41 . 2008-10-25 23:17   <DIR>   d--------   C:\Program Files\iTunes
2008-09-29 14:41 . 2008-09-29 14:42   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-29 14:39 . 2008-10-25 23:12   <DIR>   d--------   C:\Program Files\Bonjour

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 04:36   ---------   d-----w   C:\Program Files\Wal-Mart Music Downloads Store
2008-10-26 04:19   ---------   d-----w   C:\Program Files\THQ
2008-10-26 04:19   ---------   d-----w   C:\Program Files\sz8032
2008-10-26 04:19   ---------   d-----w   C:\Program Files\sz8022
2008-10-26 04:19   ---------   d-----w   C:\Program Files\Scholastic
2008-10-26 04:19   ---------   d-----w   C:\Program Files\RecordNow!
2008-10-26 04:19   ---------   d-----w   C:\Program Files\QuickTime
2008-10-26 04:19   ---------   d-----w   C:\Program Files\Print Workshop 2004 LE
2008-10-26 04:18   ---------   d-----w   C:\Program Files\Microsoft Works
2008-10-26 04:18   ---------   d-----w   C:\Program Files\Microsoft Visual Studio 8
2008-10-26 04:18   ---------   d-----w   C:\Program Files\Microsoft SQL Server
2008-10-26 04:18   ---------   d-----w   C:\Program Files\Microsoft Plus! Digital Media Edition
2008-10-26 04:18   ---------   d-----w   C:\Program Files\Microsoft IntelliPoint
2008-10-26 04:18   ---------   d-----w   C:\Program Files\Lavasoft
2008-10-26 04:17   ---------   d-----w   C:\Program Files\Juniper Networks
2008-10-26 04:17   ---------   d-----w   C:\Program Files\Java
2008-10-26 04:17   ---------   d-----w   C:\Program Files\ItsDeductibleEX
2008-10-26 04:17   ---------   d-----w   C:\Program Files\ItsDeductible2006
2008-10-26 04:17   ---------   d-----w   C:\Program Files\ItsDeductible2005
2008-10-26 04:17   ---------   d-----w   C:\Program Files\iPod
2008-10-26 04:17   ---------   d-----w   C:\Program Files\Iomega
2008-10-26 04:17   ---------   d-----w   C:\Program Files\IntelliMover Data Transfer Demo
2008-10-26 04:17   ---------   d-----w   C:\Program Files\Infogrames Interactive
2008-10-26 04:17   ---------   d-----w   C:\Program Files\HP
2008-10-26 04:17   ---------   d-----w   C:\Program Files\Hewlett-Packard
2008-10-26 04:17   ---------   d-----w   C:\Program Files\Hasbro Interactive
2008-10-26 04:16   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
2008-10-26 04:15   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-10-26 04:15   ---------   d-----w   C:\Program Files\Common Files\Apple
2008-10-26 04:15   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-10-25 13:33   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-20 19:25   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\AirSet Desktop Sync
2008-10-16 01:30   30   ----a-w   C:\Documents and Settings\Owner\jagex_runescape_preferences.dat
2008-03-17 17:38   103,536   ----a-w   C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2004-11-01 23:37   0   --sha-w   C:\WINDOWS\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2004-05-20 856064]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"VTTimer"="VTTimer.exe" [2005-03-08 C:\WINDOWS\system32\VTTimer.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 C:\WINDOWS\ALCXMNTR.EXE]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Southwest Airlines\\Ding\\Ding.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-04-10 23552]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 45568]
S2 ltmdmntc;ltmdmntc;C:\WINDOWS\System32\drivers\ltmdmntc.sys [ ]
S2 W55U01;WINBOND W55U01 USB;C:\WINDOWS\system32\Drivers\W55U01.sys [2005-08-12 15232]
S2 X4HS32;X4HS32;C:\Program Files\EXEtender\X4HS32.Sys [ ]
S3 BulkUsb;Usbscan.Sys;C:\WINDOWS\system32\Drivers\usbscan.sys [2004-08-04 15104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9748cf25-b2a6-11dc-b0ef-000ea6306fee}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/keylauncher/?code=3654261420322001
.
Contents of the 'Scheduled Tasks' folder

2008-10-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe []

2004-03-17 C:\WINDOWS\Tasks\Easy Internet Sign-up.job
- C:\Program Files\Easy Internet signup\HPSdpApp.exe []
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKLM-Run-QuickTime Task - C:\Program Files\QuickTime\QTTask.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O16 -: {5445BE81-B796-11D2-B931-002018654E2E} - hxxps://cim.accenture.com/system/web/view/live/messaging/ie/SecMgr.cab
C:\WINDOWS\Downloaded Program Files\SecMgr.inf

O16 -: {B33422AC-C567-4F7D-BB28-6583371EC4EE} - hxxps://portal.accenture.com/NAVIGATOR/CMS/WebAuthor/Client/PlaceholderControlSupport/NRDHtml.cab
C:\WINDOWS\Downloaded Program Files\NRDHtml.inf
C:\WINDOWS\Downloaded Program Files\ncbmprdr.dll

O16 -: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} - hxxps://portal.accenture.com/NAVIGATOR/CMS/WebAuthor/Client/PlaceholderControlSupport/nrdhtml.cab
C:\WINDOWS\Downloaded Program Files\NRDHtml.inf
C:\WINDOWS\Downloaded Program Files\ncbmprdr.dll
C:\WINDOWS\Downloaded Program Files\NRDHtml.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 19:58:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSijso.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\NavLogon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-10-26 20:01:51 - machine was rebooted
ComboFix-quarantined-files.txt  2008-10-27 01:01:47

Pre-Run: 36,789,424,128 bytes free
Post-Run: 38,041,493,504 bytes free

216

20
Tech Clinic / Hacked and Hijacked? :-(
« on: October 26, 2008, 03:27:12 PM »
info.txt logfile of random's system information tool 1.04 2008-10-26 15:57:31

======Uninstall list======

"Doras Carnival Adventure (remove only)" -->"C:\Program Files\Doras Carnival Adventure\Uninstall.exe"
"Nick Video Jigsaw Jam (remove only)" -->"C:\Program Files\Nick Video Jigsaw Jam\Uninstall.exe"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
3D Groove Playback Engine-->RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
Action Replay Code Manager-->"C:\Program Files\Datel\Action Replay Code Manager\unins000.exe"
Active Disk-->C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\AutoDisk\uninstal.log
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Download Manager 2.2 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Album Starter Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{483616D1-867E-46F8-BEC7-3C6475933908}\apxp.ex_" -l0x9
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adventures of Bleeposaurus (remove only)-->"C:\Program Files\Adventures of Bleeposaurus\Uninstall.exe"
AirSet Desktop Sync-->MsiExec.exe /X{AF17B317-2255-450F-8D01-8FFDB68EFD30}
Alphabet Express-->C:\WINDOWS\unvise.exe C:\Program Files\sz8001\uninstal.log
Amazing Windows XP Screen Saver 1.2-->C:\WINDOWS\unins001.exe
American Greetings® CreataCard® Silver 5-->C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\BRODER~1\AGCREA~1\DeIsL1.isu" -c"C:\PROGRA~1\BRODER~1\AGCREA~1\psfinst.dll"
Anark Client 1.0-->C:\Program Files\Anark\Client\AMInstal.exe -uninstall
Ancient Hearts & Spades-->"C:\Program Files\Oberon Media\Ancient Hearts & Spades\Uninstall.exe" "C:\Program Files\Oberon Media\Ancient Hearts & Spades\install.log"
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9  -removeonly
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D90CE-5EF0-4D19-96C5-4C75C2842536}\Setup.exe" -l0x9
Barbie ® as Princess Bride (tm)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Mattel Interactive\Barbie ®\Barbie ® as Princess Bride (tm)\Uninst.isu"
Big Kahuna Reef-->"C:\Program Files\MSN Games\Big Kahuna Reef\Uninstall.exe" "C:\Program Files\MSN Games\Big Kahuna Reef\install.log"
Bleeposaurus 2: Dragonfire (remove only)-->"C:\Program Files\Bleeposaurus 2 Dragonfire\Uninstall.exe"
Boggle (remove only)-->"C:\Program Files\iWin.com\Boggle\Uninstall.exe"
Boggle-->C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL2.isu
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
BOSS Fonts Manager-->C:\WINDOWS\IsUninst.exe -fC:\BOSSFonts\Uninst.isu
Bricks of Atlantis-->"C:\Program Files\MSN Games\Bricks of Atlantis\Uninstall.exe" "C:\Program Files\MSN Games\Bricks of Atlantis\install.log"
Candy Land - Dora the Explorer Edition-->C:\PROGRA~1\NICKJR~1.ARC\CANDYL~1\UNWISE.EXE C:\PROGRA~1\NICKJR~1.ARC\CANDYL~1\INSTALL.LOG
Card Classics-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Galaxy of Games\Card Classics\DeIsL1.isu"  -c"C:\Program Files\Galaxy of Games\Card Classics\_ISREG32.DLL"
CatDog-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\CatDog\Uninst.isu"
CDBurnerXP Pro 3-->MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
Centipede-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Centipede\CentUnin.isu"
Chaotic-->MsiExec.exe /I{D1BA4778-61DB-4405-AD57-03C939080E19}
Charm Solitaire-->"C:\Program Files\Oberon Media\Charm Solitaire\Uninstall.exe" "C:\Program Files\Oberon Media\Charm Solitaire\install.log"
CK Creative Clips and Fonts Sampler-->C:\CKBROW~1\UNWISE.EXE C:\CKBROW~1\CKCreativeClipsBoys.LOG
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Compaq Connections-->C:\WINDOWS\BWUnin-6.2.3.66L.exe -AppId 1940576
Compaq Instant Support-->C:\PROGRA~1\COMPAQ~2\UNWISE.EXE C:\PROGRA~1\COMPAQ~2\INSTALL.LOG
Compaq Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
Corel Applications-->C:\WINDOWS\Corel\Uninst32.exe
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Danny Phantom Ghost Sweep (remove only)-->"C:\Program Files\Danny Phantom Ghost Sweep\Uninstall.exe"
DesignPro 5.4 Limited Edition-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}
Diego`s Dinosaur Adventure (remove only)-->C:\Program Files\Diego`s Dinosaur Adventure\Uninstall.exe
Diner Dash-->"C:\Program Files\MSN Games\Diner Dash\Uninstall.exe" "C:\Program Files\MSN Games\Diner Dash\install.log"
DING!-->MsiExec.exe /X{84031A18-BA9A-4156-A74F-E05B52DDFCE2}
Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\system32\OggDSuninst.exe"
Disney/Pixar's Buzz Lightyear 2nd Grade-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Disney Interactive\Buzz Lightyear 2nd Grade\DeIsL1.isu" -c"C:\Program Files\Disney Interactive\Buzz Lightyear 2nd Grade\Saved Games\Uninst.dll
Disney's Mickey Mouse Preschool-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Disney Interactive\Mickey Mouse Preschool\DeIsL1.isu" -c"C:\Program Files\Disney Interactive\Mickey Mouse Preschool\Saved Games\Uninst.dll
Disney's Phonics Quest-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB79F660-2822-11D5-B232-0050DACD394D}\setup.exe" Uninstall
Disney's Ready for Math with Pooh-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Disney Interactive\Ready for Math with Pooh\DeIsL1.isu" -c"C:\Program Files\Disney Interactive\Ready for Math with Pooh\Uninst.dll
Disney's Toontown Online-->C:\PROGRA~1\Disney\DISNEY~1\Toontown\UNWISE.EXE /A C:\PROGRA~1\Disney\DISNEY~1\Toontown\INSTALL.LOG
Disney's Winnie the Pooh Preschool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09E26120-0322-11D5-B231-0050DACD394D}\setup.exe" Uninstall
Dora Backpack-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D859D35F-E947-4F2A-8591-C76A4D116178}\setup.exe" -l0x9  -uninst
Dora Knows Your Name-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A887B90-4DD1-492F-924F-FB27BC8C4D71}\setup.exe" -l0x9  -removeonly
Dora Lost City-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{747C231B-062D-4586-8221-8E7870987D5B}\setup.exe" -l0x9  -uninst
Dora the Explorer Screen Saver-->C:\WINDOWS\Dora the Explorer.scr /u
Dora`s Magic Castle (remove only)-->C:\Program Files\Dora`s Magic Castle\Uninstall.exe
Doras Rapido River Rafting Race (remove only)-->"C:\Program Files\Doras Rapido River Rafting Race\Uninstall.exe"
Doras Star Catching Game (remove only)-->"C:\Program Files\Doras Star Catching Game\Uninstall.exe"
Dora's World Adventure-->C:\PROGRA~1\NICKJR~1.ARC\DORA'S~1\UNWISE.EXE C:\PROGRA~1\NICKJR~1.ARC\DORA'S~1\INSTALL.LOG
Dream Vacation Solitaire-->"C:\Program Files\Email Removed\Dream Vacation Solitaire\Uninstall.exe" "C:\Program Files\Email Removed\Dream Vacation Solitaire\install.log"
Drop Heads (remove only)-->"C:\Program Files\Drop Heads\Uninstall.exe"
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0613467F-A45E-4CB1-9ECE-1F3DD79FB927} /l1033
ebgcInfra-->MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24}
ebgcRes-->MsiExec.exe /X{B0ED2820-A422-49C9-A5C7-9A0E97EB4904}
ebgcRes-->MsiExec.exe /X{F0CB1B5B-39B6-464C-9B46-2C3821B2659D}
ebgcSDK-->MsiExec.exe /X{28E7B64D-150F-4A9E-B7A3-5A6AC8C2F822}
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
ewido security suite-->C:\Program Files\ewido\security suite\Uninstall.exe
EXEtender Player-->"C:\Program Files\EXEtender\Uninstall.exe"
FA Addition Subtraction-->C:\WINDOWS\unvise32.exe C:\Program Files\sz8022\uninstal.log
Fairly Odd Parents - Big Super Hero Wish (remove only)-->"C:\Program Files\Fairly Odd Parents - Big Super Hero Wish\Uninstall.exe"
Fairly Odd Parents Information Stupor Highway (remove only)-->"C:\Program Files\Fairly Odd Parents Information Stupor Highway\Uninstall.exe"
FamilyFeudOnlineParty (remove only)-->"C:\Program Files\iWin.com\FamilyFeudOnlineParty\Uninstall.exe"
Fatman Adventures 2 (remove only)-->"C:\Program Files\Fatman Adventures 2\Uninstall.exe"
Feeding Frenzy (remove only)-->"C:\Program Files\Feeding Frenzy\Uninstall.exe"
Garmin Communicator Plugin-->MsiExec.exe /X{14C9AE19-4254-4280-ACD3-E159231DC2CD}
Google Earth-->MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Gutterball-->C:\PROGRA~1\SHOCKW~1.COM\GUTTER~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\GUTTER~1\INSTALL.LOG
Halloween  Screen Saver-->C:\WINDOWS\Halloween.scr /u
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Holiday Snowflakes Screen Saver 1.2-->C:\WINDOWS\unins000.exe
Hooked on Phonics Learn to Read-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Hooked on Phonics Learning\Hooked on Phonics Learn to Read\DeIsL1.isu"
Hotfix for Windows XP (KB928388)-->"C:\WINDOWS\$NtUninstallKB928388$\spuninst\spuninst.exe"
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
hp deskjet 5100 series-->rundll32 hpzcon08.dll,VendorJettison hp deskjet 5100 series
hp deskjet 5100-->msiexec /x{FEDA56C4-82F3-46DD-8B50-FC592BBE1C0D}
HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photo & Imaging 3.1-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo and Imaging 2.0 - Deskjet Series-->MsiExec.exe /I{E0828692-FD9D-459F-9312-C645C3CA6650}
HP Photo and Imaging 2.0 - Photosmart Cameras-->MsiExec.exe /X{5D7F0A0E-369E-46C0-9F99-FAB21A064781}
HP Photosmart All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{D64BC2CF-0F12-47d7-B412-B4F3FD684253}\setup\hpzscr01.exe -datfile hposcr21.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Print Diagnostic Utility-->MsiExec.exe /I{5E06C076-E4E7-4239-A886-B3D8AC84C166}
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP PSC & OfficeJet 3.0-->"C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Human 3D LR1n-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F03538CD-A245-4772-B9F3-655E6DCB34B1}\Setup.exe" -l0x9  -removeonly
In A Flash 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EEC0AB3-0600-4D85-941A-6A3358E9839B}\Setup.exe" -l0x9
In A Flash Photo 3-->MsiExec.exe /I{0C3040CC-0276-409A-86BF-F84EB5F0DC25}
Insaniquarium Deluxe-->"C:\Program Files\MSN Games\Insaniquarium Deluxe\Uninstall.exe" "C:\Program Files\MSN Games\Insaniquarium Deluxe\install.log"
Inspheration-->"C:\Program Files\MSN Games\Inspheration\Uninstall.exe" "C:\Program Files\MSN Games\Inspheration\install.log"
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
IomegaWare 4.0.2-->C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\uninstal.log
ItsDeductible Express-->MsiExec.exe /X{36495C59-089C-49D1-BD15-9E5BD86DC9A1}
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Jewel Quest II (remove only)-->"C:\Program Files\iWin.com\Jewel Quest II\Uninstall.exe"
Jewel Quest Solitaire (remove only)-->"C:\Program Files\iWin.com\Jewel Quest Solitaire\Uninstall.exe"
Jewel Quest-->"C:\Program Files\Oberon Media\Jewel Quest\Uninstall.exe" "C:\Program Files\Oberon Media\Jewel Quest\install.log"
Jimmy Neutron Boy Genius-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\THQ\Jimmy Neutron\Jimmy Neutron Boy Genius\Uninst.isu"
Jimmy Neutron Invention Revenge (remove only)-->"C:\Program Files\Jimmy Neutron Invention Revenge\Uninstall.exe"
JumpStart Animal Adventures-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSAnimUn.exe
JumpStart Explorers-->C:\WINDOWS\UnJSExp.exe
JumpStart Learning Games ABC's-->C:\WINDOWS\IsUninst.exe -fC:\KA\JSLG_ABC\DeIsL1.isu
JumpStart Numbers-->C:\WINDOWS\IsUninst.exe -fC:\KA\JSNUMBER\DeIsL1.isu
JumpStart Pre-K-->C:\WINDOWS\IsUninst.exe -fC:\KA\PRE_K\DeIsL1.isu
JumpStart Typing-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSTypeUn.EXE
Jungle Heart (remove only)-->"C:\Program Files\Jungle Heart\Uninstall.exe"
Juniper Networks Network Connect 5.5.0-->"C:\Program Files\Juniper Networks\Network Connect 5.5.0\uninstall.exe"
KBD-->C:\HP\KBD\KBD.EXE uninstalled
LG USB Drivers-->C:\PROGRA~1\LGDRIV~1\LGUSBD~1\UNWISE.EXE C:\PROGRA~1\LGDRIV~1\LGUSBD~1\INSTALL.LOG
LiveUpdate 1.7 (Symantec Corporation)-->C:\Program Files\\Symantec\LiveUpdate\LSETUP.EXE /U
Mad Caps (remove only)-->"C:\Program Files\Mad Caps\Uninstall.exe"
Magic Ball 2-->"C:\Program Files\MSN Games\Magic Ball 2\Uninstall.exe" "C:\Program Files\MSN Games\Magic Ball 2\install.log"
Magic Match 2-->"C:\Program Files\MSN Games\Magic Match 2\Uninstall.exe" "C:\Program Files\MSN Games\Magic Match 2\install.log"
Magic Match Adventures-->"C:\Program Files\MSN Games\Magic Match Adventures\Uninstall.exe" "C:\Program Files\MSN Games\Magic Match Adventures\install.log"
Magic Match-->"C:\Program Files\MSN Games\Magic Match\Uninstall.exe" "C:\Program Files\MSN Games\Magic Match\install.log"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Math 2-->C:\WINDOWS\unvise32.exe C:\Program Files\sz8032\uninstal.log
Math Blaster Ages 6-7-->C:\WINDOWS\UninstMBAges6-7.exe
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Office Outlook 2003-->MsiExec.exe /I{90E00409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition-->MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Express Edition - ENU Service Pack 1 (KB926748)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {9BB5DD65-D02F-43FC-94AF-E8932A4EFB73} /package {AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}
Microsoft Visual C++ 2005 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual C++ 2005 Express Edition - ENU\setup.exe
Microsoft Visual C++ 2005 Express Edition - ENU-->MsiExec.exe /X{AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Milton Bradley Classic Board Games-->C:\Program Files\Hasbro Interactive\Classic Games\MBUninst.exe
Monopoly-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20FA8AEE-E785-4F79-98EB-2067A8F395F4}\setup.exe" -l0x9
Move Networks Player for Internet Explorer-->"C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\unins000.exe"
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
MUSICMATCH® Jukebox-->C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
My Wal-Mart Digital Photo Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAF8B012-D559-4B8D-95C0-D98E1172E5C3}\setup.exe" -l0x9  -removeonly
Mystery Case Files - Huntsville-->"C:\Program Files\Oberon Media\Mystery Case Files - Huntsville\Uninstall.exe" "C:\Program Files\Oberon Media\Mystery Case Files - Huntsville\install.log"
Mystery Solitaire - Secret Island-->"C:\Program Files\MSN Games\Mystery Solitaire - Secret Island\Uninstall.exe" "C:\Program Files\MSN Games\Mystery Solitaire - Secret Island\install.log"
NCH Toolbox-->C:\Program Files\NCH Swift Sound\ToolBox\uninst.exe
Need For Speed - Porsche Unleashed-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Need For Speed - Porsche Unleashed\uninst.log"
Nick Blockade (remove only)-->"C:\Program Files\Nick Blockade\Uninstall.exe"
Nicktoons Challenge! (remove only)-->C:\Program Files\Nicktoons Challenge!\Uninstall.exe
NVIDIA GART Driver-->C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA GART Driver
Ocean Life 1 Screensaver-->C:\WINDOWS\ss3unstl.exe "Ocean Life 1 Screensaver"
Ocean Life 2 Screensaver-->C:\WINDOWS\ss3unstl.exe "Ocean Life 2 Screensaver"
Operation-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Hasbro Interactive\Operation\DeIsL1.isu"
PacaJuma Quest (remove only)-->"C:\Program Files\PacaJuma Quest\Uninstall.exe"
PagePrintables-->C:\PROGRA~1\PAGEPR~1\UNWISE.EXE C:\PROGRA~1\PAGEPR~1\INSTALL.LOG
Paint Shop Pro 7-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Pajama Sam Life is Rough When You Lose Your Stuff-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{56C632F1-E684-4033-8390-1C39A1719B01}
Pajama Sam No Need to Hide When It's Dark Outside-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Infogrames Interactive\PajamaNHD\Uninst.isu" -c"C:\Program Files\Infogrames Interactive\PajamaNHD\Uninst.dll
Palm Desktop-->MsiExec.exe /X{7DBBC522-F642-4D6C-A03F-22E49EB63437}
Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PCFriendly-->C:\Program Files\PCFriendly\inuninst.exe
PDO Desktop-->C:\WINDOWS\uninst.exe -f"C:\Program Files\PDO Desktop\DeIsL1.isu"  -c"C:\Program Files\PDO Desktop\_ISREG32.DLL"
Photo Viewer 2.3-->"C:\Program Files\Photo Viewer\uninstall.exe"
Photosmart 140,240,7200,7600,7700,7900 Series-->C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
Playhouse Disney's Stanley Wild for Sharks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{733D0C6D-1561-11D6-B234-0050DACD394D}\setup.exe" -l0x9 Uninstall
Print Workshop 2004 LE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{952682F8-F40D-11D7-AD8E-0050DA87D0EB}\SETUP.EXE" -l0x9
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
pumpkinpatch ScreenSaver-->C:\WINDOWS\pumpkinpatch.scr /U
Puzzle Detective-->"C:\Program Files\MSN Games\Puzzle Detective\Uninstall.exe" "C:\Program Files\MSN Games\Puzzle Detective\install.log"
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2004-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Rainbow Web-->"C:\Program Files\Oberon Media\Rainbow Web\Uninstall.exe" "C:\Program Files\Oberon Media\Rainbow Web\install.log"
Reader Rabbit Preschool-->C:\Program Files\The Learning Company\Reader Rabbit Preschool\uninstal.exe
Reader's Digest Super Word Power-->"C:\Program Files\MSN Games\Readers Digest Super Word Power\Uninstall.exe" "C:\Program Files\MSN Games\Readers Digest Super Word Power\install.log"
RealArcade-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst" "AddRemove"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roll-->C:\WINDOWS\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
S3 S3Display-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
Saints and Sinners Bingo-->"C:\Program Files\Oberon Media\Saints and Sinners Bingo\Uninstall.exe" "C:\Program Files\Oberon Media\Saints and Sinners Bingo\install.log"
Sandlot Games Client Services 1.2.2-->"C:\Program Files\Common Files\Sandlot Shared\unins001.exe"
Sandlot Games Client Services-->"C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
SandScript(tm)-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\SandScript(tm).rguninst" "AddRemove"
Scholastic's I SPY School Days-->C:\PROGRA~1\SCHOLA~1\ISPYSC~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPYSC~1\INSTALL.LOG
Scholastic's I SPY Spooky Mansion-->C:\PROGRA~1\SCHOLA~1\ISPYSP~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPYSP~1\INSTALL.LOG
Scooby-Doo(tm), Phantom of the Knight(tm)-->C:\Program Files\The Learning Company\Scooby-Doo(tm), Phantom of the Knight(tm)\uninstall.exe
Scrabble Blast Deluxe-->"C:\Program Files\MSN Games\Scrabble Blast Deluxe\Uninstall.exe" "C:\Program Files\MSN Games\Scrabble Blast Deluxe\install.log"
Scrabble Complete-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B36649A3-D0DD-4706-B042-F5B384529C7A}\Setup.exe" -l0x9
Scrabble Deluxe-->"C:\Program Files\MSN Games\Scrabble Deluxe\Uninstall.exe" "C:\Program Files\MSN Games\Scrabble Deluxe\install.log"
Security Update for Microsoft .NET Framework 2.0 (KB917283)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Microsoft .NET Framework 2.0 (KB922770)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Sega Smash Pack II-->C:\WINDOWS\IsUninst.exe -f"c:\program files\Sega\Smash Pack II\Uninst.isu"
Sesame Street Search & Learn Adventures-->C:\CWONDERS\MADTGD\CWRUN.EXE SearchLearnAdventures UninstallExe
Shape Solitaire-->"C:\Program Files\Email Removed\Shape Solitaire\Uninstall.exe" "C:\Program Files\Email Removed\Shape Solitaire\install.log"
Slingo-->"C:\Program Files\MSN Games\Slingo\Uninstall.exe" "C:\Program Files\MSN Games\Slingo\install.log"
Snowy - Treasure Hunter (remove only)-->"C:\Program Files\Snowy - Treasure Hunter\Uninstall.exe"
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SpongeBob Atlantis SquareOff-->C:\PROGRA~1\NICKAR~1\SPONGE~1\UNWISE.EXE C:\PROGRA~1\NICKAR~1\SPONGE~1\INSTALL.LOG
SpongeBob SquarePants 3D Pinball Panic (remove only)-->"C:\Program Files\SpongeBob SquarePants 3D Pinball Panic\Uninstall.exe"
SpongeBob SquarePants Bubble Rush! (remove only)-->C:\Program Files\SpongeBob SquarePants Bubble Rush!\Uninstall.exe
SpongeBob SquarePants Collapse! (remove only)-->"C:\Program Files\SpongeBob SquarePants Collapse!\Uninstall.exe"
SpongeBob SquarePants Diner Dash (remove only)-->C:\Program Files\SpongeBob SquarePants Diner Dash\Uninstall.exe
SpongeBob SquarePants Jellyfish Shuffleboard (remove only)-->"C:\Program Files\SpongeBob SquarePants Jellyfish Shuffleboard\Uninstall.exe"
SpongeBob SquarePants Krabby Quest (remove only)-->"C:\Program Files\SpongeBob SquarePants Krabby Quest\Uninstall.exe"
SpongeBob SquarePants Obstacle  Odyssey (remove only)-->"C:\Program Files\SpongeBob SquarePants Obstacle  Odyssey\Uninstall.exe"
SpongeBob SquarePants Obstacle Odyssey 2 (remove only)-->C:\Program Files\SpongeBob SquarePants Obstacle Odyssey 2\Uninstall.exe
SpongeBob SquarePants Pizza Toss (remove only)-->"C:\Program Files\SpongeBob SquarePants Pizza Toss\Uninstall.exe"
SpongeBob SquarePants® Operation Krabby Patty-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\THQ\SpongeBob SquarePants\Operation Krabby Patty\Uninst.isu"
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Stop the Morbuzakh (remove only)-->C:\Program Files\LEGO Software\Stop the Morbuzakh\Uninst.exe
Stunt Track Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Stunt Track Driver\Stunt Track Driver.isu"
Super GameHouse BlackJack-->"C:\Program Files\Oberon Media\Super GameHouse BlackJack\Uninstall.exe" "C:\Program Files\Oberon Media\Super GameHouse BlackJack\install.log"
Super GameHouse Solitaire Vol. 1-->C:\PROGRA~1\MSNGAM~2\GAMESP~1\SUPERG~1.1\UNWISE.EXE /U C:\PROGRA~1\MSNGAM~2\GAMESP~1\SUPERG~1.1\INSTALL.LOG
Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Symantec AntiVirus Client-->MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}
Talk to Me-->"C:\Program Files\Auralog\Talk to Me 7.0\Bin\unsetup.exe" -file "C:\Program Files\Auralog\Talk to Me 7.0\unsetup.aui"
Tarzan Activity Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD709E16-1ED6-46CF-ACF7-FB8F01BC0444}\setup.exe" -l0x9 Tarzan Activity Center
The Fairly OddParents - Timmy`s Roach Rampage (remove only)-->C:\Program Files\The Fairly OddParents - Timmy`s Roach Rampage\Uninstall.exe
The Fairly OddParents-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBA98386-2B74-4C54-B085-543E7D5A3FAC}\setup.exe" -l0x9 \ /uninst
The Font Factory-->C:\PROGRA~1\CHATTE~1\UNWISE.EXE C:\PROGRA~1\CHATTE~1\INSTALL.LOG
Time Force-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC2092E0-55C4-11D5-B4F8-00A0CCE39AAB}\SETUP.EXE" TimeForceUninstall
Timez Attack Free-->C:\TimezAttackFree\Uninstall.exe
Tonka Raceway-->C:\HASBRO\TONKA_RACEWAY\Uninstall_Tonka_Raceway.EXE
Top Ten Solitaire-->"C:\Program Files\Oberon Media\Top Ten Solitaire\Uninstall.exe" "C:\Program Files\Oberon Media\Top Ten Solitaire\install.log"
trickortreaters ScreenSaver-->C:\WINDOWS\trickortreaters.scr /U
Trivial Pursuit 90s Edition-->"C:\Program Files\MSN Games\Trivial Pursuit 90s Edition\Uninstall.exe" "C:\Program Files\MSN Games\Trivial Pursuit 90s Edition\install.log"
Tumble Bees To Go-->"C:\Program Files\Oberon Media\Tumble Bees To Go\Uninstall.exe" "C:\Program Files\Oberon Media\Tumble Bees To Go\install.log"
TurboTax Deluxe 2003-->C:\Program Files\TurboTax\Deluxe 2003\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2003\Uninstall.log" -NoGui
TurboTax Deluxe 2004-->C:\Program Files\TurboTax\Deluxe 2004\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2004\Uninstall.log" -NoGui
TurboTax Deluxe 2005-->C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006-->C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005-->MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Twistingo-->"C:\Program Files\Email Removed\Twistingo\Uninstall.exe" "C:\Program Files\Email Removed\Twistingo\install.log"
U.B. Funkeys-->C:\Program Files\U.B. Funkeys\uninstall.exe
Ultimate Game Pak-->C:\WINDOWS\iun506.exe C:\Program Files\Ultimate Game Pak\irunin.ini
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
VIA Rhine-Family Fast-Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver-->VTsetvga.exe -s -rRundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\hg201hp.inf
ViviCam V35-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\Setup.exe" -l0x9
Wal-Mart Music Downloads Store-->MsiExec.exe /I{1DB2FBA5-D57A-42A7-8E87-5B3EEBED8283}
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WeatherBug-->C:\PROGRA~1\AWS\WEATHE~1\REMOVE.EXE C:\PROGRA~1\AWS\WEATHE~1\INSTALL.LOG
WexTech AnswerWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9  -eliminate
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
Windows XP Winter Fun Pack Screensavers-->MsiExec.exe /I{27D0C7AB-59F1-4D4D-A0BB-05A31AC919EA}
WinZip-->"C:\PROGRA~1\Winzip\Winzip32.exe" /uninstall
Word Search Deluxe (remove only)-->"C:\Program Files\Word Search Deluxe\Uninstall.exe"
Word Whomp To Go-->"C:\Program Files\Oberon Media\Word Whomp To Go\Uninstall.exe" "C:\Program Files\Oberon Media\Word Whomp To Go\install.log"
Wordsheets-->C:\PROGRA~1\WORDSH~1\UNWISE.EXE C:\PROGRA~1\WORDSH~1\INSTALL.LOG
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
Yahtzee-->"C:\Program Files\MSN Games\Yahtzee\Uninstall.exe" "C:\Program Files\MSN Games\Yahtzee\install.log"
Yahtzee-->C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL1.isu
Yu_Gi_Oh!_Monsters_1 Screen Saver-->C:\WINDOWS\Yu_Gi_Oh!_Monsters_1.scr /u
Yu_Gi_Oh!_Time_to_Duel_1 Screen Saver-->C:\WINDOWS\Yu_Gi_Oh!_Time_to_Duel_1.scr /u
Zone Deluxe Games-->MsiExec.exe /I{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}

Hosts File Missing

Pages: [1] 2 3