« previous next »
Pages: 1 2 [3]

Author Topic: Hacked and Hijacked? :-(  (Read 3305 times)

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Hacked and Hijacked? :-(
« Reply #40 on: November 02, 2008, 12:58:07 PM »
If I understand correctly, you are still planning on clean installing your XP box?
If not, we should do some final cleanup procedures

I like Avira, and also Avast, you will only want to use one
Install SpywareBlaster, the latest version

Is Norton installed on the Vista laptop right now
Check your uninstall Programs and see if you can find it in the list
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Hacked and Hijacked? :-(
« Reply #41 on: November 02, 2008, 01:00:52 PM »
If I understand correctly, you are still planning on clean installing your XP box?
If not, we should do some final cleanup procedures

I like Avira, and also Avast, you will only want to use one
Install SpywareBlaster, the latest version

Is Norton installed on the Vista laptop right now
Check your uninstall Programs and see if you can find it in the list

For spyware protection, Vista has Windows Defender installed by default
It will help prevent installation of spyware, also use SpywareBlaster
Meikemoes site gives the links and great info

You can also install Windows Defender on your XP box if you like
I can link you to it
You can set scheduled scanning
For on-demand spyware scanning, Malwarebytes Anti-Malware does a good jog
Update and run a Quick scan occassionally
« Last Edit: November 02, 2008, 01:02:25 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline scrappingmama

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
Hacked and Hijacked? :-(
« Reply #42 on: November 02, 2008, 01:26:30 PM »
I would like to do some final cleanup on the XP box (the infected one) just in case I get lazy and don't do a full install.  It sounds like I either want SpywareBlaster OR Windows Defender and not both.

On the Vista laptop, it does have Windows Defender already installed.  It is a Dell from Best Buy and they load up a bunch of junk you don't need.  Norton is already "installed" but you have to accept it which I haven't done.  I see it in the add/remove programs.  I'm assuming I have to use the Norton uninstall program that you sent me earlier for my current laptop.

So, for the 'infected' XP box, I will use Avira with SpywareBlaster or Windows Defender (if you have the link).

For the new Vista laptop, I will use Avira with Windows Defender.

Does that all sound correct?  

If you think there is extra cleanup then please send me the steps when you get a chance.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Hacked and Hijacked? :-(
« Reply #43 on: November 02, 2008, 01:45:15 PM »
You can use SpywareBlaster with Windows Defender, that's no problem
SpywareBlaster just sets registry killbits to silently protect you
They won't interfere with each other

Can I see the following
Can you run RSIT.exe one last time and post the log that opens
Let's ensure it looks good, then we'll do some final steps
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline scrappingmama

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
Hacked and Hijacked? :-(
« Reply #44 on: November 02, 2008, 04:46:58 PM »
I just downloaded Avira and while there it showed other recommended software included Avast.  It seems that Avira and Avast do two different things. What is the definition of "worms" and "trojans" and why doesn't Avira specifically call them out?

Avira Premium = Keep viruses, malware, adware, and spyware out of your PC.
Avast = Scan your computer for viruses, worms, and Trojan horses.

Here you go --

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-11-02 15:44:37
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 37 GB (34%) free of 109 GB
Total RAM: 959 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:44:39 PM, on 11/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Documents and Settings\Owner\Desktop\GetRidofHijackers\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - https://cim.accenture.com/system/web/view/l...g/ie/SecMgr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409226343
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218409212234
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=24931
O16 - DPF: {B33422AC-C567-4F7D-BB28-6583371EC4EE} (Microsoft CMS HTML Editor) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/NRDHtml.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://amr1-extranet.accenture.com/dana-ca...perSetupSP1.cab
O16 - DPF: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} (Microsoft CMS HTML Editor Toolbar) - https://portal.accenture.com/NAVIGATOR/CMS/...ort/nrdhtml.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dir.svc.accenture.com,accenture.com
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - c:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 8643 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Easy Internet Sign-up.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - c:\Program Files\Java\jre6\bin\ssv.dll [2008-10-27 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - c:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-27 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - c:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-27 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-08 53248]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\point32.exe [2005-03-23 217088]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"SunJavaUpdateSched"=c:\Program Files\Java\jre6\bin\jusched.exe [2008-10-27 136600]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe [2004-05-20 856064]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-07 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"=C:\Program Files\ewido\security suite\shellhook.dll [2004-09-30 39488]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Southwest Airlines\Ding\Ding.exe"="C:\Program Files\Southwest Airlines\Ding\Ding.exe:*:Disabled:DING!"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-11-01 00:12:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-01 00:12:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-01 00:11:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-01 00:11:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-01 00:11:06 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-01 00:10:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-01 00:10:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-01 00:10:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-01 00:10:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-01 00:09:55 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-11-01 00:09:27 ----D---- C:\Program Files\MSXML 6.0
2008-11-01 00:07:19 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-11-01 00:06:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-01 00:06:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-01 00:06:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-01 00:05:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-01 00:04:59 ----HDC---- C:\WINDOWS\$NtUninstallKB901190$
2008-11-01 00:04:39 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-01 00:04:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-01 00:04:07 ----D---- C:\WINDOWS\SQL9_KB948109_ENU
2008-11-01 00:03:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-01 00:03:18 ----D---- C:\Program Files\MSXML 4.0
2008-11-01 00:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-11-01 00:02:29 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-10-31 07:53:15 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-31 07:37:06 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-31 07:37:06 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-30 21:10:09 ----D---- C:\Program Files\iPod
2008-10-30 21:10:06 ----D---- C:\Program Files\iTunes
2008-10-30 21:10:06 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-30 21:09:03 ----D---- C:\Program Files\QuickTime
2008-10-30 07:22:31 ----D---- C:\Program Files\MSN Messenger
2008-10-30 06:33:15 ----SHD---- C:\RECYCLER
2008-10-27 19:49:09 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-27 19:49:09 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-27 19:49:09 ----A---- C:\WINDOWS\system32\java.exe
2008-10-27 19:49:09 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-10-27 19:36:07 ----D---- C:\WINDOWS\temp
2008-10-27 19:36:05 ----A---- C:\ComboFix.txt
2008-10-26 22:50:34 ----D---- C:\Program Files\Avira
2008-10-26 22:50:34 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-26 22:25:06 ----D---- C:\temp
2008-10-26 21:31:43 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-26 19:48:07 ----D---- C:\WINDOWS\ERUNT
2008-10-26 19:47:09 ----D---- C:\SDFix
2008-10-26 18:45:00 ----A---- C:\WINDOWS\zip.exe
2008-10-26 18:45:00 ----A---- C:\WINDOWS\VFIND.exe
2008-10-26 18:45:00 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-26 18:45:00 ----A---- C:\WINDOWS\SWSC.exe
2008-10-26 18:45:00 ----A---- C:\WINDOWS\SWREG.exe
2008-10-26 18:45:00 ----A---- C:\WINDOWS\sed.exe
2008-10-26 18:45:00 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-26 18:45:00 ----A---- C:\WINDOWS\grep.exe
2008-10-26 18:45:00 ----A---- C:\WINDOWS\fdsv.exe
2008-10-26 18:44:59 ----D---- C:\WINDOWS\ERDNT
2008-10-26 18:44:59 ----D---- C:\Qoobox
2008-10-26 18:19:48 ----D---- C:\Program Files\Microsoft Money
2008-10-26 14:57:28 ----D---- C:\rsit
2008-10-26 14:31:48 ----D---- C:\Program Files\Trend Micro
2008-10-26 13:13:29 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-26 13:13:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-26 13:13:24 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-26 01:18:36 ----D---- C:\Program Files\Microsoft ActiveSync
2008-10-26 01:18:31 ----D---- C:\Program Files\Common Files\Designer
2008-10-26 01:18:17 ----D---- C:\Program Files\Common Files\ODBC
2008-10-26 00:57:40 ----A---- C:\SDFix.exe

======List of files/folders modified in the last 1 months======

2008-11-02 13:14:36 ----SHD---- C:\WINDOWS\Installer
2008-11-02 13:12:47 ----D---- C:\WINDOWS\Prefetch
2008-11-02 13:12:46 ----D---- C:\WINDOWS\Debug
2008-11-02 09:21:42 ----HD---- C:\Config.Msi
2008-11-02 09:21:18 ----D---- C:\WINDOWS\system32
2008-11-02 09:21:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-01 22:52:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-01 22:51:22 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-01 00:20:40 ----D---- C:\WINDOWS
2008-11-01 00:12:21 ----HD---- C:\WINDOWS\inf
2008-11-01 00:12:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-01 00:12:20 ----D---- C:\WINDOWS\system32\drivers
2008-11-01 00:12:18 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-01 00:12:16 ----A---- C:\WINDOWS\imsins.BAK
2008-11-01 00:10:14 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-01 00:09:55 ----AD---- C:\Program Files
2008-11-01 00:08:00 ----D---- C:\Program Files\Internet Explorer
2008-11-01 00:04:40 ----D---- C:\WINDOWS\WinSxS
2008-11-01 00:02:36 ----D---- C:\Program Files\Windows Media Player
2008-10-31 08:12:13 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-30 21:09:07 ----D---- C:\Program Files\Common Files\Apple
2008-10-30 21:08:50 ----SD---- C:\WINDOWS\Tasks
2008-10-30 21:03:10 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-27 19:49:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-27 19:48:52 ----D---- C:\Program Files\Java
2008-10-27 19:39:34 ----A---- C:\WINDOWS\hpdj5100.ini
2008-10-27 19:39:33 ----D---- C:\Program Files\Hewlett-Packard
2008-10-27 19:27:54 ----A---- C:\WINDOWS\system.ini
2008-10-27 19:26:33 ----D---- C:\WINDOWS\system32\config
2008-10-27 19:24:54 ----D---- C:\WINDOWS\AppPatch
2008-10-27 19:24:54 ----D---- C:\Program Files\Common Files
2008-10-26 23:56:23 ----D---- C:\WINDOWS\system32\ActiveScan
2008-10-26 19:54:24 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-26 14:29:28 ----D---- C:\HJT
2008-10-26 01:18:22 ----D---- C:\Program Files\Microsoft Office
2008-10-25 22:36:34 ----D---- C:\Program Files\Wal-Mart Music Downloads Store
2008-10-25 22:20:09 ----D---- C:\Program Files\Windows NT
2008-10-25 22:19:41 ----D---- C:\Program Files\THQ
2008-10-25 22:19:35 ----D---- C:\Program Files\sz8032
2008-10-25 22:19:35 ----D---- C:\Program Files\sz8022
2008-10-25 22:19:32 ----D---- C:\Program Files\Scholastic
2008-10-25 22:19:32 ----D---- C:\Program Files\RecordNow!
2008-10-25 22:19:24 ----D---- C:\Program Files\Print Workshop 2004 LE
2008-10-25 22:19:20 ----D---- C:\Program Files\Outlook Express
2008-10-25 22:19:09 ----D---- C:\Program Files\NetMeeting
2008-10-25 22:18:21 ----D---- C:\Program Files\Movie Maker
2008-10-25 22:18:12 ----D---- C:\Program Files\Microsoft Works
2008-10-25 22:18:12 ----D---- C:\Program Files\Microsoft Visual Studio 8
2008-10-25 22:18:04 ----D---- C:\Program Files\Microsoft SQL Server
2008-10-25 22:18:04 ----D---- C:\Program Files\Microsoft Plus! Digital Media Edition
2008-10-25 22:18:01 ----D---- C:\Program Files\Microsoft IntelliPoint
2008-10-25 22:18:00 ----D---- C:\Program Files\Lavasoft
2008-10-25 22:17:52 ----D---- C:\Program Files\Juniper Networks
2008-10-25 22:17:31 ----D---- C:\Program Files\ItsDeductibleEX
2008-10-25 22:17:31 ----D---- C:\Program Files\ItsDeductible2006
2008-10-25 22:17:30 ----D---- C:\Program Files\ItsDeductible2005
2008-10-25 22:17:30 ----D---- C:\Program Files\Iomega
2008-10-25 22:17:29 ----D---- C:\Program Files\IntelliMover Data Transfer Demo
2008-10-25 22:17:27 ----D---- C:\Program Files\Infogrames Interactive
2008-10-25 22:17:22 ----D---- C:\Program Files\HP
2008-10-25 22:17:09 ----D---- C:\Program Files\Hasbro Interactive
2008-10-25 22:16:48 ----D---- C:\Program Files\Common Files\System
2008-10-25 22:15:56 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-25 22:15:46 ----D---- C:\Program Files\Common Files\Adobe
2008-10-25 22:12:35 ----D---- C:\Program Files\Bonjour
2008-10-25 22:12:28 ----D---- C:\Program Files\Adobe
2008-10-25 22:07:16 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-10-25 07:33:54 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-20 13:25:49 ----D---- C:\Documents and Settings\Owner\Application Data\AirSet Desktop Sync
2008-10-15 10:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-14 18:23:24 ----A---- C:\WINDOWS\EUCHRE~1.INI
2008-10-07 12:19:42 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-03 37376]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-04-11 10624]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2002-08-29 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2002-08-29 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 dsNcAdpt;Juniper Network Connect Adapter; C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-04-10 23552]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 45568]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-07-02 652497]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2004-01-20 28256]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-03-15 20352]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2002-07-29 23808]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2005-03-08 172544]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2007-04-16 194362]
S2 ltmdmntc;ltmdmntc; \??\C:\WINDOWS\System32\drivers\ltmdmntc.sys []
S2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys []
S2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\System32\DRIVERS\nvcap.sys [2003-07-30 126348]
S2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2003-07-30 13006]
S2 W55U01;WINBOND W55U01 USB; C:\WINDOWS\System32\Drivers\W55U01.sys [2005-08-12 15232]
S2 X4HS32;X4HS32; \??\C:\Program Files\EXEtender\X4HS32.Sys []
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 BulkUsb;Usbscan.Sys; C:\WINDOWS\System32\Drivers\usbscan.sys [2004-08-03 15104]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2003-01-16 41984]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-03 166912]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-05-06 394752]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SQTECH905C;ViviCam 35; C:\WINDOWS\System32\Drivers\Capt905c.sys [2005-01-25 33307]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]
S3 USBIO;USBIO Driver (usbio.sys); C:\WINDOWS\System32\Drivers\usbio.sys [2001-05-07 19805]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-03 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk; C:\Program Files\Iomega\AutoDisk\ADService.exe [2002-09-24 151552]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-26 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-26 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 dsNcService;Juniper Network Connect Service; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [2007-04-10 407136]
R2 ewido security suite control;ewido security suite control; C:\Program Files\ewido\security suite\ewidoctrl.exe [2004-11-11 16448]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 Iomega App Services;Iomega App Services; C:\PROGRA~1\Iomega\System32\AppServices.exe [2002-09-04 73728]
R2 JavaQuickStarterService;Java Quick Starter; c:\Program Files\Java\jre6\bin\jqs.exe [2008-10-27 152984]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-08-19 77824]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe []
S4 Iomega Activity Disk2;Iomega Activity Disk2;  []
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe []
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------
« Last Edit: November 02, 2008, 05:14:41 PM by scrappingmama »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Hacked and Hijacked? :-(
« Reply #45 on: November 02, 2008, 06:51:15 PM »
Can I have an update on programs installed, I wasn't worried about it as I thought you were going to clean install

Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline scrappingmama

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
Hacked and Hijacked? :-(
« Reply #46 on: November 03, 2008, 08:54:20 PM »
Here is the list from HJT, but unfortunately most of the executables for these programs were removed when the issue occurred so they are just sitting out there without associated files.

"Doras Carnival Adventure (remove only)"
"Nick Video Jigsaw Jam (remove only)"
32 Bit HP CIO Components Installer
3D Groove Playback Engine
Action Replay Code Manager
Active Disk
Ad-Aware SE Personal
Adobe Download Manager 2.2 (Remove Only)
Adobe Flash Player ActiveX
Adobe Photoshop Album Starter Edition
Adobe Reader 7.0.9
Adobe Shockwave Player
Adventures of Bleeposaurus (remove only)
AirSet Desktop Sync
Alphabet Express
Amazing Windows XP Screen Saver 1.2
American Greetings® CreataCard® Silver 5
Anark Client 1.0
Ancient Hearts & Spades
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
Avira AntiVir Personal - Free Antivirus
Barbie ® as Princess Bride (tm)
Big Kahuna Reef
Bleeposaurus 2: Dragonfire (remove only)
Boggle
Boggle (remove only)
Bonjour
BOSS Fonts Manager
Bricks of Atlantis
Candy Land - Dora the Explorer Edition
Card Classics
CatDog
CDBurnerXP Pro 3
Centipede
Chaotic
Charm Solitaire
CK Creative Clips and Fonts Sampler
CleanUp!
Compaq Connections
Compaq Instant Support
Compaq Organize
Corel Applications
Coupon Printer for Windows
Danny Phantom Ghost Sweep (remove only)
Data Converter
DesignPro 5.4 Limited Edition
Diego`s Dinosaur Adventure (remove only)
Diner Dash
DING!
Direct Show Ogg Vorbis Filter (remove only)
Disney/Pixar's Buzz Lightyear 2nd Grade
Disney's Mickey Mouse Preschool
Disney's Phonics Quest
Disney's Ready for Math with Pooh
Disney's Toontown Online
Disney's Winnie the Pooh Preschool
Dora Backpack
Dora Knows Your Name
Dora Lost City
Dora the Explorer Screen Saver
Dora`s Magic Castle (remove only)
Doras Rapido River Rafting Race (remove only)
Doras Star Catching Game (remove only)
Dora's World Adventure
Dream Vacation Solitaire
Drop Heads (remove only)
Easy Internet Sign-up
ebgcInfra
ebgcRes
ebgcRes
ebgcSDK
EPSON Printer Software
ewido security suite
EXEtender Player
FA Addition Subtraction
Fairly Odd Parents - Big Super Hero Wish (remove only)
Fairly Odd Parents Information Stupor Highway (remove only)
FamilyFeudOnlineParty (remove only)
Fatman Adventures 2 (remove only)
Feeding Frenzy (remove only)
Garmin Communicator Plugin
Google Earth
Gutterball
Halloween  Screen Saver
HijackThis 2.0.2
Holiday Snowflakes Screen Saver 1.2
Hooked on Phonics Learn to Read
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 9.0
HP Deskjet Preloaded Printer Drivers
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photo & Imaging 3.1
HP Photo and Imaging 2.0 - Deskjet Series
HP Photo and Imaging 2.0 - Photosmart Cameras
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Print Diagnostic Utility
HP Product Detection
HP PSC & OfficeJet 3.0
HP Solution Center 9.0
HP Update
HPSSupply
Human 3D LR1n
In A Flash 3
In A Flash Photo 3
Insaniquarium Deluxe
Inspheration
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
IomegaWare 4.0.2
ItsDeductible Express
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java(tm) 6 Update 10
Jewel Quest
Jewel Quest II (remove only)
Jewel Quest Solitaire (remove only)
Jimmy Neutron Boy Genius
Jimmy Neutron Invention Revenge (remove only)
JumpStart Animal Adventures
JumpStart Explorers
JumpStart Learning Games ABC's
JumpStart Numbers
JumpStart Pre-K
JumpStart Typing
Jungle Heart (remove only)
Juniper Networks Network Connect 5.5.0
KBD
LG USB Drivers
Mad Caps (remove only)
Magic Ball 2
Magic Match
Magic Match 2
Magic Match Adventures
Malwarebytes' Anti-Malware
Math 2
Math Blaster Ages 6-7
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Outlook 2003
Microsoft Office XP Media Content
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Express Edition - ENU Service Pack 1 (KB926748)
Microsoft Web Publishing Wizard 1.52
Microsoft Works 7.0
Milton Bradley Classic Board Games
Monopoly
Move Networks Player for Internet Explorer
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
MUSICMATCH® Jukebox
My Wal-Mart Digital Photo Center
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
NCH Toolbox
Need For Speed - Porsche Unleashed
Nick Blockade (remove only)
Nicktoons Challenge! (remove only)
NVIDIA GART Driver
Ocean Life 1 Screensaver
Ocean Life 2 Screensaver
Operation
PacaJuma Quest (remove only)
PagePrintables
Paint Shop Pro 7
Pajama Sam Life is Rough When You Lose Your Stuff
Pajama Sam No Need to Hide When It's Dark Outside
Palm Desktop
Panda ActiveScan
PC-Doctor for Windows
PCFriendly
PDO Desktop
Photo Viewer 2.3
Photosmart 140,240,7200,7600,7700,7900 Series
Playhouse Disney's Stanley Wild for Sharks
Print Workshop 2004 LE
PS2
pumpkinpatch ScreenSaver
Puzzle Detective
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2004
Quicken 2009
QuickTime
Rainbow Web
Reader Rabbit Preschool
Reader's Digest Super Word Power
RealArcade
RealPlayer
RecordNow!
Rhapsody Player Engine
Roll
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Saints and Sinners Bingo
Sandlot Games Client Services
Sandlot Games Client Services 1.2.2
SandScript(tm)
Scholastic's I SPY School Days
Scholastic's I SPY Spooky Mansion
Scooby-Doo(tm), Phantom of the Knight(tm)
Scrabble Blast Deluxe
Scrabble Complete
Scrabble Deluxe
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958644)
Sega Smash Pack II
Sesame Street Search & Learn Adventures
Shape Solitaire
Slingo
Snowy - Treasure Hunter (remove only)
Sonic Update Manager
SpongeBob Atlantis SquareOff
SpongeBob SquarePants 3D Pinball Panic (remove only)
SpongeBob SquarePants Bubble Rush! (remove only)
SpongeBob SquarePants Collapse! (remove only)
SpongeBob SquarePants Diner Dash (remove only)
SpongeBob SquarePants Jellyfish Shuffleboard (remove only)
SpongeBob SquarePants Krabby Quest (remove only)
SpongeBob SquarePants Obstacle  Odyssey (remove only)
SpongeBob SquarePants Obstacle Odyssey 2 (remove only)
SpongeBob SquarePants Pizza Toss (remove only)
SpongeBob SquarePants® Operation Krabby Patty
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Stop the Morbuzakh (remove only)
Stunt Track Driver
Super GameHouse BlackJack
Super GameHouse Solitaire Vol. 1
Switch Sound File Converter
Talk to Me
Tarzan Activity Center
The Fairly OddParents
The Fairly OddParents - Timmy`s Roach Rampage (remove only)
The Font Factory
Time Force
Timez Attack Free
Tonka Raceway
Top Ten Solitaire
trickortreaters ScreenSaver
Trivial Pursuit 90s Edition
Tumble Bees To Go
TurboTax Deluxe 2003
TurboTax Deluxe 2004
TurboTax Deluxe 2005
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
Twistingo
U.B. Funkeys
Ultimate Game Pak
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
Update for Windows XP (KB951072-v2)
VIA Rhine-Family Fast-Ethernet Adapter
VIA/S3G Display Driver
ViviCam V35
Wal-Mart Music Downloads Store
WD Diagnostics
WeatherBug
WexTech AnswerWorks
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Windows XP Winter Fun Pack Screensavers
WinZip
Word Search Deluxe (remove only)
Word Whomp To Go
Wordsheets
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Yahtzee
Yahtzee
Yu_Gi_Oh!_Monsters_1 Screen Saver
Yu_Gi_Oh!_Time_to_Duel_1 Screen Saver
Zone Deluxe Games
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Hacked and Hijacked? :-(
« Reply #47 on: November 04, 2008, 12:08:32 PM »
Let's see what we can uninstall and what we can disable

First off, do the following please
Go to START>>RUN>>copy and paste the following then click OK

ComboFix /u

This will uninstall ComboFix and it's components

Next
Access your Add and remove programs and uninstall the following
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9

They are older versions of Java that can be removed safely

Remain in Add and Remove Programs
I also suggest that you remove
ewido security suite
It will not be updating soon

Don't reboot yet
Download > [color=\"red\"]OTMoveIt3[/color] <[/url] by OldTimer.
  • Save it to your desktop.
  • Double-click OTMoveIt2.exe to run it.
  • Click the Cleanup! button
    A list will be downloaded>>Allow it Internet access if prompted by your Firewall
    Don't change anything in this list
  • Select Yes at the prompt
    Wait for the confirmation box to open to reboot the computer
    Don't mouseclick during the wait as you may cause the tool to stall
  • Select Yes to reboot Now
NOTE: This procedure will also delete OTMoveit.exe from desktop

What applications are not working properly?
You may need to uninstall and reinstall them, or repair them

Can you come back here after you have done the above
We should update your copies of SpywareBlaster and Spybot
« Last Edit: November 11, 2008, 01:01:20 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline scrappingmama

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
Hacked and Hijacked? :-(
« Reply #48 on: November 10, 2008, 11:43:24 PM »
Sorry, life has been screaming by the past few weeks.  I will take care of this shortly.  Thanks for your assistance.
Logged

Offline scrappingmama

  • Newbie
  • *
  • Posts: 47
  • Karma: +0/-0
    • View Profile
Hacked and Hijacked? :-(
« Reply #49 on: November 17, 2008, 12:54:06 AM »
Okay, I have done all the things you wanted me to do.  However, for both of the J2SE updates, it said fatal error during installation and would not remove.  For Ewido, it said it was not found but it let me remove it.

I have been able to reinstall many of the applications, but unless I have uninstalled/resinstalled the program it still doesn't work.  This applies mostly to the games now, so that's okay.

I'm ready for the next step.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Hacked and Hijacked? :-(
« Reply #50 on: November 17, 2008, 12:16:51 PM »
Can you download the latest versions of SpywareBlaster and Spybot
Save them to your desktop for now, but do not install them yet

Download links
SpywareBlaster 4.1

And

Spybot 1.6.0.30

Next>>If possible, open your version of SpywareBlaster
Under Quick Tasks, Disable All Protection
When that's finished, exit SpywareBlaster

Open your version of Spybot 1.4
When it opens, click on the Immunization button
Leave all selections checked, then click on UNDO at the top
When it's complete, close Spybot

Download [color=\"#2E8B57\"]JavaRa[/color]
Save it then unzip the contents to your desktop
  • Open the JavaRa.exe
       
  • In the drop down box select your language>>English, then click on Select
       
  • Click Remove Older Versions
       
  • JavaRa will search for and remove any outdated version of Java and remove any that are found.
  • A log file will open, can you save it to a convenient location, a copy will also be found at C:\JavaRA.log
       
  • Click Additional Tasks
  • Place a check next to Remove Useless JRE Files and click Go
       
  • Exit JavaRa

Access your Add and Remove Programs, can you first uninstall
SpywareBlaster, then remove Spybot

Reboot your computer
Back in Windows

Install the latest version of SpywareBlaster
Choose manual updating when installing
After installation, Check for Updates
After updating, click on Protection Status and Enable All Protections
It's important that you check for updates every couple of weeks

Install the latest version of Spybot
When installing, can you untick TeaTimer
After updating, click on the Immunization button
Then click Immunize at the top menu bar
You can then close Spybot
Again, ensure to check for updates every couple of weeks and reImmunize

Go to START>>RUN>>type in cmd
Then click OK

Type the following in Exactly

ipconfig /flushdns
Hit Enter on your Keyboard, this will clear DNS resolver cache
Note the single space after ipconfig, but before the /
Exit the command prompt

Go to START>>RUN>>type in services.msc
Hit OK
In the new window that opens
Look for DNS Client
Double click on it to open it
STOP the service from running
In the dropdown box Startup type, change it to Manual
APPLY and OK it then exit the service config window

Post back and let me know how things are running
Also post a fresh Hijackthis log along with the log from JavaRA
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: 1 2 [3]
« previous next »