InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 3101. |
Solve : Can virus cause the screen to go black?? |
|
Answer» I was WALKING my DAD through installing AVG 8.0 - it identified some viruses - at the end it said scan was complete the only option was to close the program. |
|
| 3102. |
Solve : AVG8.0? |
|
Answer» Hello all, |
|
| 3103. |
Solve : Laptop catched another spyware infection. Red background, spyware attack warning? |
|
Answer» Looks good.
. ---------- The above procedure will:
---------- 1. Double click OTMoveIt2.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt2 --------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
---------- INSTALL this. Let me know if it interferes with your web surfing and we can remove it. It will help to keep you away from dangerous sites and future infections. Save DelDomains.inf to the desktop.
---------- It is possible that you will need to reinstall the programs and drivers related to these entries if the infections come back again. If so, and you need help finding out how then start a new topic in the software forum asking for help. These are the ones that have been patched, C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\AccessDirect\dadapp.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\PROGRA~1\mcafee.com\agent\mcupdate.exe c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\McAfee.com\MPS\mscifapp.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe c:\progra~1\mcafee\MCAFEE~1\masalert.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Yahoo!\Messenger\ypager.exe ---------- How is everything now? Thanks again for your help !! Everything seems to be running pretty smoothly. With the DelDomains thing, thanks !! I really need something that will keep me away from dangerous sites. If I do stumble upon a site that will AUTOMATICALLY try and download malware or spyware or anything of that nature, will the DelDomains program alert me somehow?It will actually block the site so you can't get infected. Well, that's PERFECT !! Thanks [ again ] for your time, patience, and help !! No problem. I don't know if you did last time or not but another thing I would SUGGEST installing is SiteAdvisor. (Thanks SAVIOR )Cool. I'll get that one right now. |
|
| 3104. |
Solve : Some Useful Information...? |
|
Answer» I thought I had posted this before, but just did a search and can't FIND it...so, I guess I'll post it again... |
|
| 3105. |
Solve : HELP basenados32 ???? |
|
Answer» Just so you know Broni, I posted an updated HiJackThis and requested additional help while you are out. Here is the most recent HiJackThis: |
|
| 3106. |
Solve : I cannot uninstall "Trojan Hunter 5.0? |
|
Answer» My laptop has been slow lately, and I was suspecting the trojan hunter might have deleted some files needed for windows.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. ---------- Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges. Vista users Right click DSS and Run as Administrator.
You may need two posts to get all of the logs in, or you can add them as attachments. How to add attachments to a post ---------- Next post add MBAM log DSS log(s)MBAM says it's clean:Malwarebytes' Anti-Malware 1.16 Database version: 845 10:01:33 PM 6/9/2008 mbam-log-6-9-2008 (22-01-33).txt Scan type: Quick Scan Objects scanned: 42105 Time elapsed: 5 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Deckards System Scanner:Deckard's System Scanner v20071014.68 Run by jplake on 2008-06-09 21:55:46 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 65: 2008-06-10 02:56:00 UTC - RP135 - Deckard's System Scanner Restore Point 64: 2008-06-10 02:42:53 UTC - RP134 - Installed Java(TM) 6 Update 6 63: 2008-06-10 01:33:14 UTC - RP133 - Removed Google Earth. 62: 2008-06-09 23:41:46 UTC - RP132 - Software Distribution Service 3.0 61: 2008-06-09 23:28:52 UTC - RP131 - Restore Operation -- First Restore Point -- 1: 2008-03-11 19:57:39 UTC - RP71 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as jplake.exe) ---------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:56:45 PM, on 6/9/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\WINDOWS\system32\ZuneBusEnum.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Search Settings\SearchSettings.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\DOCUME~1\jplake\LOCALS~1\Temp\AutoDetect.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\jplake\My Documents\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\jplake.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchgateway.net/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchgateway.net/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talti.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchgateway.net/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [StxTrayMenu] "F:\ceedo\Program Files\Seagate\SystemTray\StxMenuMgr.exe" O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Ceedo AutoDetect] C:\DOCUME~1\jplake\LOCALS~1\Temp\AutoDetect.exe /active O4 - Global Startup: VPN Client.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Hydraquip.com O17 - HKLM\Software\..\Telephony: DomainName = Hydraquip.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Hydraquip.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Hydraquip.com O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: Seagate Sync Service - Unknown owner - F:\ceedo\Program Files\Seagate\Sync\SeaSyncServices.exe (file missing) -- End of file - 6653 bytes -- File Associations ----------------------------------------------------------- .scr - AutoCADLTScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1" -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- All drivers whitelisted. -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S2 Seagate Sync Service - "f:\ceedo\program files\seagate\sync\seasyncservices.exe" (file missing) -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA -- Files created between 2008-05-09 and 2008-06-09 ----------------------------- 2008-06-09 21:52:05 0 d-------- C:\Documents and Settings\jplake\Application Data\Malwarebytes 2008-06-09 21:52:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-09 21:52:02 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-09 20:48:33 0 d-------- C:\Program Files\Trend Micro 2008-06-09 19:36:06 0 d-------- C:\WINDOWS\pss 2008-06-09 18:38:32 0 d-------- C:\Program Files\RealFlightG4 2008-06-09 18:38:27 0 d-------- C:\Program Files\Common Files\KnifeEdge 2008-06-09 18:32:10 0 dr-h----- C:\Documents and Settings\jplake\Recent 2008-05-27 16:16:14 0 d-------- C:\Documents and Settings\jplake\UserData 2008-05-11 21:13:40 0 d-------- C:\Documents and Settings\jplake\.housecall6.6 -- Find3M Report --------------------------------------------------------------- 2008-06-09 21:44:57 0 d-------- C:\Program Files\Java 2008-06-09 18:38:27 0 d-------- C:\Program Files\Common Files 2008-06-09 18:32:11 0 d-------- C:\Documents and Settings\jplake\Application Data\uTorrent 2008-06-09 18:29:29 0 d-------- C:\Program Files\TrojanHunter 5.0 2008-05-10 22:31:41 0 d-------- C:\Program Files\DivX 2008-05-08 22:23:44 0 d-------- C:\Documents and Settings\jplake\Application Data\TrojanHunter 2008-04-27 16:05:42 257 --a------ C:\Documents and Settings\jplake\Application Data\burnaware.ini 2008-04-20 20:53:46 0 d-------- C:\Program Files\Sauer-Danfoss 2008-04-10 07:14:27 0 d-------- C:\Program Files\uTorrent 2008-03-31 16:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2008-03-31 16:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2008-03-31 16:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2008-03-31 16:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll 2008-03-31 16:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll 2008-03-28 13:52:17 120 --a------ C:\drmHeader.bin 2008-03-24 19:06:32 724992 --a------ C:\WINDOWS\iun6002.exe 2008-03-21 15:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-03-21 15:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2008-03-21 15:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll 2008-03-21 15:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}] 12/06/2007 12:58 PM1198432--a------C:\Program Files\Search Settings\kb125\SearchSettings.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [09/27/2005 10:05 PM] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [12/13/2005 05:45 PM] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [08/01/2005 03:26 PM] "Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [01/11/2008 06:54 PM] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/14/2006 05:02 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM] "McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [11/17/2006 04:06 AM] "ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [01/24/2008 08:50 PM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM] "StxTrayMenu"="F:\ceedo\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [] "@"="" [] "SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [12/06/2007 12:58 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 07:00 AM] "Eraser"="C:\Program Files\Eraser\Eraser.exe" [12/22/2007 06:03 PM] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM] "Ceedo AutoDetect"="C:\DOCUME~1\jplake\LOCALS~1\Temp\AutoDetect.exe" [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ VPN Client.lnk - C:\WINDOWS\Installer\{6DC47739-3BB0-4494-A43D-193BF54070AE}\Icon3E5562ED7.ico [2/13/2008 12:05:26 PM] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [12/3/2007 12:10:00 PM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] AutoRun\command- F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13339713-123c-11dd-83ea-0014a52c498e}] AutoRun\command- F:\JDSecure\Windows\JDSecure31.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22272dbf-e8ae-11dc-8370-0014a52c498e}] AutoRun\command- F:\Autorun.exe /run Shell00\Command- F:\Autorun.exe /run Shell01\Command- F:\Autorun.exe /action Shell02\Command- F:\Autorun.exe /uninstall *Newly Created Service* - MBAMCATCHME -- End of Deckard's System Scanner: finished at 2008-06-09 21:57:41 ------------ Deckards extra:Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Turion(tm) 64 Mobile Technology ML-40 Percentage of Memory in Use: 28% Physical Memory (total/avail): 1918.17 MiB / 1379.57 MiB Pagefile Memory (total/avail): 3811.8 MiB / 3411.91 MiB Virtual Memory (total/avail): 2047.88 MiB / 1931.73 MiB C: is Fixed (NTFS) - 111.78 GiB total, 87.93 GiB free. D: is Fixed (NTFS) - 111.79 GiB total, 55.69 GiB free. E: is CDROM (No Media) M: is Network (Unformatted) N: is Network (Unformatted) U: is Network (Unformatted) \\.\PHYSICALDRIVE0 - WDC WD1200BEVE-00UYT0 - 111.79 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 111.78 GiB - C: \\.\PHYSICALDRIVE1 - WDC WD1200BEVE-00UYT0 - 111.79 GiB - 1 partition \PARTITION0 - Installable File System - 111.79 GiB - D: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. AV: McAfee VirusScan Enterprise v8.5.0.781 (McAfee, Inc.) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\jplake\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=JPLAKE-A05BD413 ComSpec=C:\WINDOWS\system32\cmd.exe DEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\jplake HOMESHARE=\\houfs01\jplake LOGONSERVER=\\HOUEX01 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 36 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=2402 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\jplake\LOCALS~1\Temp TMP=C:\DOCUME~1\jplake\LOCALS~1\Temp USERDNSDOMAIN=HYDRAQUIP.COM USERDOMAIN=HYDRAQUIP USERNAME=jplake USERPROFILE=C:\Documents and Settings\jplake VSEDEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- jplake (admin) administrator (admin) jim (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL 3D Live Pool v2.66 --> "C:\Program Files\3D Live Pool\unins000.exe" Adobe FLASH Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[emailprotected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean AutoCAD LT 2008 - English --> C:\Program Files\AutoCAD LT 2008\Setup\Setup.exe /P {5783F2D7-6009-0409-0002-0060B0CE6BBA} /M ACADLT Autodesk DWF Viewer 7 --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057} AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe Broadcom 802.11 Wireless LAN Adapter --> "C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver" BurnAware Free Edition 1.2.8 --> "C:\Program Files\BurnAware Free Edition\unins000.exe" CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" CircuitEase LT 2008 v10r1 --> "C:\Program Files\unins000.exe" Cisco Systems VPN Client 4.6.00.0049 --> MsiExec.exe /X{6DC47739-3BB0-4494-A43D-193BF54070AE} Conexant AC-Link Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO\UIU32a.exe -U -ICPL309BA.INF DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Eraser --> "C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe" REMOVE=TRUE MODIFY=FALSE Eraser --> C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe H1 Offline Configurator --> MsiExec.exe /I{DE278733-2BB4-48EA-922A-E3BA1655D538} HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\Setup.exe" -l0x9 -removeonly HP Wireless Assistant 2.00 C1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\Setup.exe" -l0x9 hpquninst Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java(TM) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060} Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" McAfee VirusScan Enterprise --> MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65} Media Player Codec Pack 2.2.0 --> C:\WINDOWS\system32\C2MP\Uninst.exe Microsoft COMPRESSION Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel PandoraRecovery (Remove Only) --> "C:\Program Files\Pandora Recovery\Uninstall.exe" Qantel QIC-PC II --> MsiExec.exe /X{BEA1F96D-04DD-4778-94F6-347B48AD2E7A} Real Alternative 1.7.5 --> "C:\Program Files\Real Alternative\unins000.exe" RealFlight G4 R/C Simulator --> C:\Program Files\Common Files\KnifeEdge\LauncherHelperG4.exe -task=UninstallProduct -productname="RealFlight G4" Sauer-Danfoss Electronic Catalogue --> C:\PROGRA~1\SAUER-~1\UNWISE.EXE C:\PROGRA~1\SAUER-~1\INSTALL.LOG Search Settings --> MsiExec.exe /X{90529245-9C54-45B5-BBB3-B180CA04F248} Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378\HXFSETUP.EXE -U -Icpl309bk.inf SouthPark Mario Bros 2.1 --> C:\WINDOWS\iun6002.exe "c:\spm2\irunin.ini" StompSoft Digital Vault --> C:\PROGRA~1\STOMPS~1\DIGITA~1\UNWISE.EXE C:\PROGRA~1\STOMPS~1\DIGITA~1\INSTALL.LOG Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\Program Files\InstallShield Installation Information\{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}\setup.exe -runfromtemp -l0x0409 TrojanHunter 5.0 --> "C:\Program Files\TrojanHunter 5.0\unins000.exe" Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_6FE44FCD212D4A086C7BC0C98B9A619782073FB7\amdk8.inf Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5} Zune --> MsiExec.exe /X{7583239A-D4BE-48CA-A253-396122B3D3E9} Zune Language Pack (ES) --> MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF} Zune Language Pack (FR) --> MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3} -- Application Event Log ------------------------------------------------------- Event Record #/Type3715 / Error Event Submitted/Written: 06/09/2008 07:41:06 PM Event ID/Source: 15 / AutoEnrollment Event Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. Event Record #/Type3712 / Error Event Submitted/Written: 06/09/2008 07:40:21 PM Event ID/Source: 1054 / Userenv Event Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. Event Record #/Type3710 / Error Event Submitted/Written: 06/09/2008 07:40:05 PM Event ID/Source: 1054 / Userenv Event Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. Event Record #/Type3706 / Error Event Submitted/Written: 06/09/2008 07:17:59 PM Event ID/Source: 15 / AutoEnrollment Event Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. Event Record #/Type3705 / Error Event Submitted/Written: 06/09/2008 07:17:03 PM Event ID/Source: 1054 / Userenv Event Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type13162 / Warning Event Submitted/Written: 06/09/2008 09:41:25 PM Event ID/Source: 8193 / LSASRV Event Description: The Security System could not establish a secured connection with the server DNS/faith.logixcom.net. No authentication protocol was available. Event Record #/Type13161 / Warning Event Submitted/Written: 06/09/2008 09:41:25 PM Event ID/Source: 8192 / LSASRV Event Description: The Security System detected an attempted downgrade attack for server DNS/faith.logixcom.net. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request. (0xc000005e)". Event Record #/Type13160 / Error Event Submitted/Written: 06/09/2008 09:25:34 PM Event ID/Source: 29 / W32Time Event Description: The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 119 minutes. NtpClient has no source of accurate time. Event Record #/Type13159 / Warning Event Submitted/Written: 06/09/2008 09:25:34 PM Event ID/Source: 14 / W32Time Event Description: The time provider NtpClient was unable to find a domain controller to use as a time source. NtpClient will try again in 120 minutes. Event Record #/Type13157 / Warning Event Submitted/Written: 06/09/2008 08:41:24 PM Event ID/Source: 8193 / LSASRV Event Description: The Security System could not establish a secured connection with the server DNS/faith.logixcom.net. No authentication protocol was available. -- End of Deckard's System Scanner: finished at 2008-06-09 21:57:41 ------------ Open Hijackthis and select Do a system scan only. Place a check mark next to the following entries: (if there)
Important: Close all windows except for Hijackthis and then click Fix checked. Exit Hijackthis. ---------- Go to add/remove programs and uninstall:
Try this first. Go to Start > Run and copy/paste this in the window then click OK. C:\Program Files\TrojanHunter 5.0\unins000.exe If that doesn't work we will remove it manually. I uninstalled the java 3&5, and the search settings. Ran the hjt and there was no search settings stuff listed. I copy/pasted the trojan uninstaller in the "run" and it would not work. I got: c:\program files\trojan hunter 5.0\unins000.dat" does not exist. Cannot uninstall. So far today, I ran the McAfee on demand scan, and the AVG antispyware,MalwareBytes and the Deckards. The only thing that came up was the Search Settings.(really I don't know what that is) Hope I can get the Trojan Hunter out. Is that actually a legit program? JimTrojan Hunter is a legit program but you shouldn't have a problem removing it. Hold on a minute while I work up a removal fix. Be right back.....Now download The Avenger by Swandog46 and save it to your Desktop.
Files to delete: C:\Program Files\TrojanHunter 5.0\unins000.exe Folders to delete: C:\Program Files\TrojanHunter 5.0 C:\Documents and Settings\jplake\Application Data\TrojanHunter Note: the above instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system
|
|
| 3107. |
Solve : MASSIVE virus? |
|
Answer» EDIT: nvm it finally finished. here it is: 2009-05-29 14:42 . 2009-05-29 14:42--------d-----wc:\users\admin\AppData\Roaming\KillProcessthe top two are. theres nothing in the bottom folder but i can delete it if i need to. i never made it. The top two is a program i installed to kill multiple processes at once. came in handy when i had to delete 400 processes otherwise it would have been one at a time. im also on chat so if you think it would be quicker talking there then thats fine. OK. I just need to know what I'm seeing. Also let me know how the computer is running now? Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: Folder:: C:\Kelahx Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\whtcg] 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freezeWell my pc seems to be running fine. Nothing suspicious seems to be running in the process list. And some of my taskbar icons are gone. But thats cool. They are the one i wanted gone :p attached is the new log [attachment deleted by admin]OK you should run a full virus scan now to make sure nothing is hiding. First... Go to Start > Run and type notepad.exe then click OK Copy and paste the below into Notepad and save as fixme.reg to Your Desktop Code: [Select]REGEDIT4 [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work. Delete the fixme.reg from the Desktop. ----------
---------- Download ATF Cleaner by Atribune to your Desktop. Alternate download link Note: Vista users must use Run As Administrator
Note that your system will run slower for a reboot or two after having used this tool so don't panic. ---------- Run the F-Secure Online Scanner for Viruses, Spyware and RootKits. Note: This Scanner is for Internet Explorer Only!
Scanning Report Friday, May 29, 2009 15:26:56 - 18:27:52 Computer name: HOME Scanning type: Scan system for malware, spyware and rootkits Target: C:\ D:\ E:\ 10 malware found TrackingCookie.2o7 (spyware) * System (Disinfected) TrackingCookie.Advertising (spyware) * System (Disinfected) TrackingCookie.Atdmt (spyware) * System (Disinfected) Client-IRC.Win32.mIRC (spyware) * System (Disinfected) TrackingCookie.Doubleclick (spyware) * System (Disinfected) TrackingCookie.Webtrends (spyware) * System (Disinfected) RiskTool.Win32.PsKill (spyware) * System (Disinfected) TrackingCookie.Tradedoubler (spyware) * System (Disinfected) TrackingCookie.Statcounter (spyware) * System (Disinfected) TrackingCookie.Yieldmanager (spyware) * System (Disinfected) Statistics Scanned: * Files: 253041 * System: 7246 * Not scanned: 24 Actions: * Disinfected: 10 * Renamed: 0 * Deleted: 0 * Not cleaned: 0 * Submitted: 0 Files not scanned: * C:\HIBERFIL.SYS * C:\PAGEFILE.SYS * C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT * C:\WINDOWS\SYSTEM32\CONFIG\SAM * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM * C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB * C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB * C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D170E603AFD15CC2442279AF79CB9C32_76A95DD8-23B2-4EC8-AC8E-0362A6DCF90D * C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\HSPERFDATA_ADMIN\6032 * C:\SYSTEM VOLUME INFORMATION\{0C9FEA18-4534-11DE-BF67-001BB9FB9F7A}{3808876B-C176-4E48-B7AE-04046E6CC752} * C:\SYSTEM VOLUME INFORMATION\{3507940F-4B85-11DE-BAAD-001BB9FB9F7A}{3808876B-C176-4E48-B7AE-04046E6CC752} * C:\SYSTEM VOLUME INFORMATION\{0C9FEAA0-4534-11DE-BF67-001BB9FB9F7A}{3808876B-C176-4E48-B7AE-04046E6CC752} * C:\SYSTEM VOLUME INFORMATION\{BDDD2F1F-4598-11DE-9989-001BB9FB9F7A}{3808876B-C176-4E48-B7AE-04046E6CC752} * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D170E603AFD15CC2442279AF79CB9C32_76A95DD8-23B2-4EC8-AC8E-0362A6DCF90D * C:\BOOT\BCD Options Scanning engines: Scanning options: * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR * Use advanced heuristics Copyright © 1998-2009 Product support | Send virus sample to F-Secure F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide WEB pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability. That didn't find anything unexpected. Is the computer running OK now?it seems like it is. Running normal speed right now. So i guess its gone. Iv run scans with everything i can think of.I think it's gone. Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.I've done a little studying with your virus, so all I am asking is to go to my computer>c:\ and look for some EXE files that are labeled with number and have a picture on them of a colorful baby with weird blue eyes. When i was reaserching I saw about 40000 files like that. |
|
| 3108. |
Solve : Keyloggers? |
|
Answer» Klicker, give this a go...... |
|
| 3109. |
Solve : Firefox & IE search results go to wrong page. Can't run HijackThis. HELP Please? |
|
Answer» I've been reading the forums here and have learned a lot including there are some folks on this board that really help people in a jam. Here's my situation. Hopefully someone can help me.
Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer. I followed your instructions. Here is the combofix log. ComboFix 09-06-04.06 - Owner 06/04/2009 21:04.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.310 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\gxvxchymaibdhttpwlxvbsqvufafdfexobsvv.sys c:\windows\system32\gxvxcuvhtqgtfqlstwowdsocppjbmfwcqjuee.dll c:\windows\system32\gxvxcviyiautbldtlyvdwhxtekonohcxjjvbv.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_GXVXCSERV.SYS ((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 ))))))))))))))))))))))))))))))) . 2009-06-05 01:13 . 2009-06-05 01:13--------d--h--w-c:\windows\PIF 2009-06-04 01:48 . 2009-06-04 11:21117760----a-w-c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-06-04 01:47 . 2009-06-04 01:47--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-06-04 01:40 . 2009-06-04 01:41--------d-----w-c:\program files\SUPERAntiSpyware 2009-06-04 01:40 . 2009-06-04 01:40--------d-----w-c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com 2009-06-04 01:40 . 2009-06-04 01:40--------d-----w-c:\program files\Common Files\Wise Installation Wizard 2009-06-03 01:13 . 2009-06-03 01:13--------d-----w-c:\documents and settings\Owner\Application Data\Malwarebytes 2009-06-03 01:00 . 2009-05-26 18:2040160----a-w-c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-03 01:00 . 2009-06-03 01:13--------d-----w-c:\program files\Malwarebytes' Anti-Malware 2009-06-03 01:00 . 2009-06-03 01:00--------d-----w-c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-03 01:00 . 2009-05-26 18:1919096----a-w-c:\windows\system32\drivers\mbam.sys 2009-06-03 00:52 . 2009-06-03 00:52--------d-----w-c:\program files\CCleaner 2009-06-02 22:09 . 2009-06-03 00:49--------d-----w-C:\HJT 2009-06-02 21:39 . 2009-06-02 21:51--------d-----w-c:\program files\Spybot - Search & Destroy2 2009-06-02 11:46 . 2009-03-25 16:0640552----a-w-c:\windows\system32\drivers\mfesmfk.sys 2009-06-02 11:46 . 2009-03-25 16:0679880----a-w-c:\windows\system32\drivers\mfeavfk.sys 2009-06-02 11:46 . 2009-03-25 16:0635272----a-w-c:\windows\system32\drivers\mfebopk.sys 2009-06-02 11:46 . 2008-10-23 18:08120136----a-w-c:\windows\system32\drivers\Mpfp.sys 2009-06-02 11:45 . 2009-06-02 11:46--------d-----w-c:\program files\Common Files\McAfee 2009-06-02 11:45 . 2009-06-02 11:45--------d-----w-c:\program files\McAfee.com 2009-06-02 11:45 . 2009-06-04 02:59--------d-----w-c:\program files\McAfee 2009-06-02 11:41 . 2009-03-25 16:0534216----a-w-c:\windows\system32\drivers\mferkdk.sys 2009-06-02 03:44 . 2009-06-02 03:4427584----a-w-c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-02 02:38 . 2009-06-02 02:381078----a-r-c:\documents and settings\Owner\Application Data\Microsoft\Installer\{76EFAC4F-1712-401F-B2AE-590B170C9BCE}\_60c11ac7.exe 2009-06-02 02:26 . 2009-06-03 01:05--------d-----w-c:\program files\Trend Micro 2009-06-02 02:15 . 2009-06-02 22:10--------d-----w-c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-06-02 02:15 . 2009-06-02 03:49--------d-----w-c:\program files\Spybot - Search & Destroy 2009-06-01 11:22 . 2009-06-01 11:22--------d-----w-c:\documents and settings\Owner\Local Settings\Application Data\SupportSoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-04 22:39 . 2008-11-27 04:37--------d-----w-c:\documents and settings\All Users\Application Data\Google Updater 2009-06-03 00:31 . 2008-12-21 15:53--------d-----w-c:\program files\Coupons 2009-06-02 21:31 . 2007-04-04 03:25--------d-----w-c:\documents and settings\All Users\Application Data\McAfee 2009-06-02 11:35 . 2007-04-04 01:00--------d--h--w-c:\documents and settings\Owner\Application Data\GTek 2009-05-27 15:11 . 2008-10-04 23:01--------d-----w-c:\documents and settings\LocalService\Application Data\SACore 2009-05-27 01:50 . 2007-04-04 00:54--------d--h--w-c:\program files\InstallShield Installation Information 2009-05-25 15:28 . 2007-04-05 02:15--------d-----w-c:\documents and settings\Owner\Application Data\U3 2009-05-25 04:19 . 2007-10-24 23:42--------d-----w-c:\documents and settings\Owner\Application Data\LimeWire 2009-04-19 12:05 . 2009-04-19 12:04--------d-----w-c:\program files\iTunes 2009-04-19 12:05 . 2009-04-19 12:04--------d-----w-c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-04-19 12:04 . 2009-04-19 12:04--------d-----w-c:\program files\iPod 2009-04-19 12:04 . 2007-07-08 17:37--------d-----w-c:\program files\Common Files\Apple 2009-04-19 12:02 . 2009-04-19 12:02--------d-----w-c:\program files\Bonjour 2009-04-19 12:00 . 2009-04-19 11:59--------d-----w-c:\program files\QuickTime 2009-04-19 11:46 . 2009-04-19 11:4675048----a-w-c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe 2009-04-17 22:04 . 2007-10-24 23:40--------d-----w-c:\program files\Java 2009-04-17 22:01 . 2009-04-17 22:01152576----a-w-c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-04-10 18:03 . 2009-04-10 18:03--------d-----w-c:\windows\system32\config\systemprofile\Application Data\SACore 2009-03-25 16:06 . 2009-03-25 16:06214024----a-w-c:\windows\system32\drivers\mfehidk.sys 2009-03-19 21:32 . 2009-03-19 21:3223400----a-w-c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys 2009-03-19 21:32 . 2008-01-29 17:0123400----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys 2009-03-15 00:26 . 2009-03-15 00:26152576----a-w-c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_12\lzma.dll 2009-03-09 19:08 . 2009-03-09 19:085248----a-w-c:\windows\system32\giveio.sys 2009-03-09 10:19 . 2008-12-05 15:35410984----a-w-c:\windows\system32\deploytk.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-12 1961984] "Universal Installer"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616] "Desktop Software"="c:\program files\ComcastUI\Universal Installer\uinstaller.exe" [2008-03-18 984616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688] "EPSON Stylus CX4600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE" [2004-03-04 98304] "Name of App"="c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2008-07-07 675935] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328] "BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880] "Run StartupMonitor"="StartupMonitor.exe" - c:\windows\StartupMonitor.exe [2000-05-20 86016] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-4-6 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 17:05356352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave"= serwvdrv.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944] R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/2/2009 6:49 AM 210216] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408] . Contents of the 'Scheduled Tasks' folder 2009-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2009-06-05 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-27 05:06] 2009-06-02 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-02 15:53] 2009-06-02 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-02 15:53] . - - - - ORPHANS REMOVED - - - - SafeBoot-mfehidk SafeBoot-mferkdk SafeBoot-mfetdik SafeBoot-mfetdik.sys SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig?hl=en uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 Trusted Zone: turbotax.com FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\577il9vi.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-04 21:10 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(632) c:\program files\SUPERAntiSpyware\SASWINLO.dll . Completion time: 2009-06-05 21:13 ComboFix-quarantined-files.txt 2009-06-05 02:13 Pre-Run: 11,309,228,032 bytes free Post-Run: 11,376,951,296 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 191--- E O F ---2009-05-13 12:12
. The above procedure will:
---------- Run CCleaner. ---------- Use the Kaspersky Lab Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.
There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As
Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet Explorer 7 and 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%. If needed, this animation will guide you through the process.Followed your instructions and here is the scan -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Friday, June 5, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Friday, June 05, 2009 05:55:16 Records in database: 2309311 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ G:\ Scan statistics: Files scanned: 174908 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 03:57:51 No malware has been detected. The scan area is clean. The selected area was scanned. Looks good. Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Well all I can say is Thank You!. Everything seems to working perfectly now. You have truly been a help and I can't say thank you enough. I would like to make a donation to a charity or website of your choice as a thank you for your time and your help. Let me know where to make it. Thanks again! |
|
| 3110. |
Solve : Multiple infections, problems connecting to Internet? |
|
Answer» Your welcome. |
|
| 3111. |
Solve : Virus removal? |
|
Answer» Hi I had posted at an earlier date about some viruses I had in my computer. I followed the steps given to me by patio for malware removal. I ran a scan and the viruses are gone but Hijack says I may need to remove some things but not to before I consult an expert. Here are the logs. Do I need to do anything more?
---------- How is the computer running now? Dwayne Austin I'm not sure what the dmdlgs32.dll was. I do know it wasn't supposed to be there. Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 3112. |
Solve : help re: HJT log please.? |
|
Answer» ComboFix 09-06-07.02 - mike 07/06/2009 22:43:52.2 - NTFSx86
. The above procedure will:
---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. |
|
| 3113. |
Solve : is it possible for a virus or spyware to open ports in my router?? |
|
Answer» I typically open a single port for TORRENTS, and leave it alone. Upon coming back home from college HOWEVER, I noticed that my family's NETWORK for OPENING ports is filled with randomly opened ports for ips in the network. I've closed the ports and opened ports for myself, but that is undone after some degree of time with a new set of opened ports. No one else in the family is doing it, and I've since taken security precautions. Previously, the network had no password, but I now changed the router password from default and I've added WPA-2 Personal password. However, the ports keep on opening (and overriding mine). I've asked the people in my family to run virus checks, although I'm not sure all of them have. |
|
| 3114. |
Solve : Thomas Bailey spyware prob?? |
|
Answer» Ok 4th times a dream! Using File Dropper so you can see the dialogue boxes I get.
---------- Download Alternate download link Note: Vista users must use Run As Administrator
Note that your system will run slower for a reboot or two after having used this tool so don't panic. ---------- How is the computer now?Thanks, again! The computer can now operate the HP printer just fine but the Sounds and Audio Devices does not show anything. As it was before the "cleaners" did their work. Don't know if this dialogue box is related to Sounds and devices, but upon boot I get the "Welcome to the found new hardware wizard" and I don't know what CD it wants to locate the needed files. By the way my computer isn't slower, but what do you believe was living in my O.S.? Yes, the kids use this computer for gaming as well. Should I kick them off and remove their games? Or did my or my wifes email cause this problem. Any ideas on getting my S&A D to work? Or should I repost in Hardware? Great help you all are, I really can't believe my luck in discovering Comp. Hope years ago.Quote By the way my computer isn't slower, but what do you believe was living in my O.S.? ...... Or did my or my wifes email cause this problem. I'm still not sure what was or is wrong. Quote the kids use this computer for gaming as well. Should I kick them off and remove their games? I can't make that call. Download Rooter.exe to your desktop * Double click Rooter.exe to start the tool. * A DOS window will appear and show the scan progress. * Once complete a notepad file containing the report will open. * Copy & paste the results in your next reply. * Close notepad and Rooter will close. A log will also save at %systemdrive%\Rooter.txt (Where %systemdrive% is usually C: or the drive that you have Windows installed).Here you go.... [attachment deleted by admin]OK you can delete Rooter. Have you tried looking in the Device Manager and updating or rolling back the sound DRIVERS?Evilfantasy, went ahead and ROLLED back the driver for the PCI DEV. that was "yellowed/ exclaim marked in PCI devices and a found new HW box came up asking for a RealTek HD Audio driver...fired the CD at it and BOOM!, we are back. But, do you have any idea on what "gummed up" my my system? Or is it that bad things happen to O.K. people? Peace and care for your patience. I'll Twitter about Comp. Hope this afternoon. Sincerely' Thom BaileyI'm not sure what happened. What we did find shouldn't have effected all that it did but then you never know what malware might do... OK we can finish up now. Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 3115. |
Solve : Why would my IE Slow But Chrome is Fast...VIRUS maybe.....? |
|
Answer» I sometimes see that a huge issue is if you have a lot of toolbars installed on IE. My brother's computer had like 4 and it took FOREVER to load. I removed them, and it started right up.There is no way I have over 2 million 3 hundred thousand files on my computer. Could SUPERantispyware just keep repeating the scan over and over. I have started this scan over 5 days ago now. Could this be harmful to my laptop CPU to be running like this. It is maxed out CONSTANTLY. Should I stop the scan and run in safe mode?Superantispyware is most likely not repeating the search over and over again. It might be that it is stuck on trying to scan a file. Did you check the screen to see what it's scanning? Is it still scanning or attempting to scan the same file or something with same filename?I think Evilfantasy would agree after 5 days it's time to move on to the next program and post your log of SAS if you get one.Quote from: 2x3i5x on June 05, 2009, 03:59:01 PM Superantispyware is most likely not repeating the search over and over again. It might be that it is stuck on trying to scan a file. Did you check the screen to see what it's scanning? Is it still scanning or attempting to scan the same file or something with same filename?Like if there are too many folders in one directory (about 10000), then dir just freezes.So I finally stopped SUPERantispyware after it was reading almost 2400000 files. I posted an earier log this year to show you the boost in files scanned from before til now. My logs are attached below. I laso had error messages during HJT. I pressed ok but included a screenshot before I did it. Thanks for any help. Will post Older SUPERscan I did in January showing the influx in files. [attachment deleted by admin]Here is the older scan [attachment deleted by admin]Quote I laso had error messages during HJT. I pressed ok but included a screenshot before I did it. Because you didn't use the 'Run as Administrator' option as stated in the instructions. -- This does not appear to be malware but we can do some cleanup as well as double check for anything that might be hiding. Download DDS by sUBs and save it to your desktop. Alternate DDS download link Vista users right click on dds and select Run as administrator (you will receive a UAC PROMPT, please allow it) * XP users Double click on dds to run it. * If your antivirus or firewall try to block DDS then please allow it to run. * When finished DDS will open two (2) logs. 1) DDS.txt 2) Attach.txt * Save both logs to your desktop. * Please copy and paste the entire contents of both logs in your next reply. Note: DDS will instruct you to post the Attach.txt log as an attachment. Please just post it as you would any other log by copy and pasting it into the reply.dds doesn't give me a run as administrator option, It just gives me test, configure, or install at the top. Should I install it. I definitely right clicked it. You were correct about my HJT error. Sorry about that. Just double click it. It should run.Here are the completed logs. It worked by double clicking it I attached the logs instead. I didn't think they would FIT in the reply. I appreciate your help Evilfantasy. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-05-14.01) Microsoft® Windows Vista™ Home Basic Boot Device: \Device\HarddiskVolume1 Install Date: 9/2/2008 12:25:46 AM System Uptime: 6/6/2009 3:53:06 PM (5 hours ago) Motherboard: TOSHIBA | | Portable PC Processor: Intel(R) Pentium(R) M processor 1.60GHz | mFCPGA | 1595/133mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 74 GiB total, 10.938 GiB free. D: is CDROM () E: is Removable ==== Disabled Device Manager Items ============= Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Intel(R) PRO/Wireless 2200BG Network Connection Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27418086&REV_05\4&15FA4845&0&20F0 Manufacturer: Intel Corporation Name: Intel(R) PRO/Wireless 2200BG Network Connection PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27418086&REV_05\4&15FA4845&0&20F0 Service: NETw2v32 Class GUID: {a0a588a4-c46f-4b37-b7ea-c82fe89870c6} Description: SDA Standard Compliant SD Host Controller Device ID: PCI\VEN_104C&DEV_8034&SUBSYS_FF101179&REV_00\4&15FA4845&0&34F0 Manufacturer: SDA Standard Compliant SD Host Controller Vendor Name: SDA Standard Compliant SD Host Controller PNP Device ID: PCI\VEN_104C&DEV_8034&SUBSYS_FF101179&REV_00\4&15FA4845&0&34F0 Service: sdbus Class GUID: {4d36e96d-e325-11ce-bfc1-08002be10318} Description: TOSHIBA Software Modem Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_00011179&REV_04\3&33FD14CA&0&F3 Manufacturer: Agere Name: TOSHIBA Software Modem PNP Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_00011179&REV_04\3&33FD14CA&0&F3 Service: Modem ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== AC3Filter (remove only) Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.1.4 Adobe Shockwave Player AutoSizer AVG 8.5 Canon iP2600 series CCleaner (remove only) Choice Guard Compatibility Pack for the 2007 Office system G-Force Google Chrome Google Earth HijackThis 2.0.2 honestech TVR Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) InterActual Player InterVideo WinDVD Creator 2 InterVideo WinDVD for TOSHIBA Java(TM) 6 Update 13 LimeWire PRO 4.12.3 Linksys WCG200 Wireless-G Cable Gateway(B) Linksys Wireless-N Notebook Adapter Driver - WPC300N Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB929729) Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Office Live Add-in 1.3 Microsoft Office Professional Edition 2003 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 Redistributable Microsoft Works Mozilla Firefox (3.0b5) MSVCRT MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) Native Instruments - Traktor 1.06 ObjectDock PeerGuardian 2.0 PowerISO Project64 1.6 RealPlayer Realtek AC'97 Audio Rhapsody Player Engine Roxio Burn Engine Screenshot Captor 2.56.01 SD Secure Module Secunia PSI Sonique SoundMAX SpywareBlaster 4.2 SUPERAntiSpyware Free Edition Symantec KB-DocID:2003093015493306 Texas Instruments PCIxx21/x515 drivers. TIxx21/x515 Torrent Harvester TOSHIBA Assist TOSHIBA Controls TOSHIBA Hotkey Utility TOSHIBA PC Diagnostic Tool TOSHIBA Power Saver Toshiba Registration TOSHIBA Software Upgrades TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 Toshiba Tbiosdrv Driver TOSHIBA TouchPad ON/Off Utility TOSHIBA Utilities TOSHIBA Virtual Sound TOSHIBA Zooming Utility Touch and Launch Viewpoint Media Player Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebFldrs XP WhiteCap Winamp Winamp Remote Windows Defender Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Live Communications Platform Windows Live Essentials Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Media Format 11 runtime Windows Media Player 11 WinRAR archiver WOT for Internet Explorer Xvid 1.1.2 final uninstall ==== Event Viewer Messages From Past Week ======== 6/6/2009 8:08:43 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 5/31/2009 9:52:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avg8wd service. 5/31/2009 1:41:22 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer DENNIS-HENDERSO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{83E2F9DE-2FF9-4E5D-84BF-E1. The master browser is stopping or an election is being forced. 5/30/2009 11:38:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd sptd 5/30/2009 11:38:29 PM, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 5/30/2009 11:38:29 PM, Error: Service Control Manager [7000] - The Universal WDM TV Tuner service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 5/30/2009 11:38:29 PM, Error: Service Control Manager [7000] - The SAA7135 TV Card service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 5/30/2009 11:38:29 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified. 5/30/2009 11:38:29 PM, Error: Service Control Manager [7000] - The AEGIS Protocol (IEEE 802.1x) v3.1.6.0 service failed to start due to the following error: The system cannot find the file specified. 5/30/2009 11:32:44 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0. 5/30/2009 11:31:36 PM, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 5/30/2009 11:31:18 PM, Error: sptd [4] - Driver detected an internal error in its data structures for . ==== End Of File =========================== DDS (Ver_09-05-14.01) - NTFSx86 Run by Justin Henderson at 20:34:52.85 on Sat 06/06/2009 Internet Explorer: 8.0.6001.18702 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1527.898 [GMT -7:00] SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\System32\snmp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Windows\system32\svchost.exe -k imgsvc c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\mobsync.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\AutoSizer\AutoSizer.exe C:\Users\Justin Henderson\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Justin Henderson\Desktop\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uSearch Bar = Preserve uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://www.cox.net uInternet Settings,ProxyOverride = *.local BHO: {00000000-6cb0-410c-8c3d-8fa8d2011d0a} - DownloadRedirect Class BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [AutoSizer] "c:\program files\autosizer\AutoSizer.exe" uRun: [Google Update] "c:\users\justin henderson\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon StartupFolder: c:\users\justin~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe uPolicies-explorer: NoViewOnDrive = 0 (0x0) uPolicies-explorer: HideRunAsVerb = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\partygaming\partypoker\RunApp.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1239532918143&h=7cb9c575117baf78e6cc365dec55b55f/&filename=jinstall-6u13-windows-i586-jc.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL AppInit_DLLs: avgrsstx.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\users\justin~1\appdata\roaming\mozilla\firefox\profiles\o53cq62b.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/ FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\justin henderson\appdata\local\google\update\1.2.145.5\npGoogleOneClick8.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 200000 FF - user.js: content.notify.interval - 100000 FF - user.js: content.switch.threshold - 650000 FF - user.js: nglayout.initialpaint.delay - 300 c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("browser.urlbar.matchOnWordBoundary", true); c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("browser.safebrowsing.malware.reportURL", "http://www.stopbadware.org/reports/container?source=Firefox&version=3.0b5&reportname="); c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("browser.places.importBookmarksHTML", true); c:\program files\mozilla firefox 3 beta 5\defaults\pref\firefox.js - pref("browser.places.createdSmartBookmarks", false); ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-10 325896] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-10 108552] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 55024] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-10 298776] R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512] R3 WPC300N;Linksys Wireless Notebook Adapter WPC300N Driver;c:\windows\system32\drivers\WPC300N.SYS [2009-5-21 691192] S2 713xTVCard;SAA7135 TV Card;c:\windows\system32\drivers\SAA713x.sys [2008-9-2 277504] S2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [2008-9-2 23680] S3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [2007-7-6 906368] S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184] S3 nwusbmdm;Novatel Wireless Merlin CDMA EV-DO Modem Driver;c:\windows\system32\drivers\nwusbmdm.sys [2005-5-3 63360] S3 nwusbser;Novatel Wireless Merlin CDMA EV-DO Status Port;c:\windows\system32\drivers\nwusbser.sys [2005-5-3 63360] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096] S3 WCG200BVistaI386;Linksys WCG200 Wireless-G Cable Gateway(B);c:\windows\system32\drivers\WCG200BVistaI386.sys [2006-12-22 15872] =============== Created Last 30 ================ 2009-06-06 02:00--d-----c:\users\justin~1\appdata\roaming\DonationCoder 2009-06-06 01:58--d-----c:\programdata\DonationCoder 2009-06-06 01:58--d-----c:\program files\ScreenshotCaptor 2009-06-06 01:58--d-----c:\progra~2\DonationCoder 2009-06-06 00:40--d-h---C:\BJPrinter 2009-05-21 01:1634,304a-------c:\windows\DrvTool64.exe 2009-05-21 01:1632,768a-------c:\windows\DrvTool.exe 2009-05-21 01:16520a-------c:\windows\Hardware.ID 2009-05-21 01:16825,336a-------c:\windows\bcmwl664.sys 2009-05-21 01:16691,192a-------c:\windows\system32\drivers\WPC300N.SYS 2009-05-21 01:16691,192a-------c:\windows\bcmwl6.sys 2009-05-21 01:16113,756a-------c:\windows\Lsbcmnds.inf 2009-05-21 01:1611,166a-------c:\windows\bcm43xx64.cat 2009-05-21 01:1611,166a-------c:\windows\bcm43xx.cat 2009-05-21 01:1627,072--------c:\windows\system32\drivers\CBPSp50.sys 2009-05-21 01:163,262--------c:\windows\Linksys.ico 2009-05-21 01:13139,264a-------c:\windows\UIButton.dll 2009-05-21 01:13126,976a-------c:\windows\UIListCtrl.dll 2009-05-21 01:1394,208a-------c:\windows\UITabCtrl.dll 2009-05-21 01:1320,480a-------c:\windows\RegActiveX.exe 2009-05-21 01:131,700,352a-------c:\windows\GdiPlus.dll 2009-05-21 01:10--d-----c:\program files\Torrent Harvester 2009-05-14 16:370a-------c:\windows\system32\tviresource.val 2009-05-12 16:02--d-----c:\windows\TweakVI ==================== Find3M ==================== 2009-06-06 02:171,660a-------c:\windows\bthservsdp.dat 2009-05-26 13:2040,160a-------c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-26 13:1919,096a-------c:\windows\system32\drivers\mbam.sys 2009-05-21 01:1851,200a-------c:\windows\inf\infpub.dat 2009-05-21 01:18143,360a-------c:\windows\inf\infstrng.dat 2009-05-21 01:1886,016a-------c:\windows\inf\infstor.dat 2009-05-04 09:1211,952a-------c:\windows\system32\avgrsstx.dll 2009-05-04 09:12325,896a-------c:\windows\system32\drivers\avgldx86.sys 2009-05-04 09:12108,552a-------c:\windows\system32\drivers\avgtdix.sys 2009-04-17 09:440a---h---c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf 2009-04-12 03:41410,984a-------c:\windows\system32\deploytk.dll 2009-03-16 20:3840,960a-------c:\windows\apppatch\apihex86.dll 2009-03-16 20:3813,824a-------c:\windows\system32\apilogen.dll 2009-03-16 20:3824,064a-------c:\windows\system32\amxread.dll 2008-09-03 23:19174a--sh---c:\program files\desktop.ini 2008-09-03 22:58665,600a-------c:\windows\inf\drvindex.dat 2006-11-02 05:39287,440a-------c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 05:39287,440a-------c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 05:3930,674a-------c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 05:3930,674a-------c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 02:20287,440a-------c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 02:20287,440a-------c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 02:2030,674a-------c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 02:2030,674a-------c:\windows\inf\perflib\0000\perfc.dat 2005-05-22 20:28152a-------c:\users\justin~1\appdata\roaming\wklnhst.dat ============= FINISH: 20:36:14.87 =============== [attachment deleted by admin]It makes it easier on me with logs posted directly in the reply. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. First install the new Sun Java Runtime Environment Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update. Be sure to close all browser windows before beginning the install. Remove the old version(s) Download JavaRa
Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the BOX for Java Quick Starter. Click OK and restart your computer. ---------- I see no indication of a malware issue here. Try posting in the Windows forum for more suggestions.Quote from: evilfantasy on June 07, 2009, 06:58:36 AM It makes it easier on me with logs posted directly in the reply. Sorry about that I will remove older Java. I am surprised Secunia didn't pick up on that one. I was also wondering why you recommend disabling SUPERantispyware at startup. Is it because its the freeware version and is no help to my computer unless I do a scan myself? If that is so, heck, I might as well buy the darn thing for $20 bucks. I tried to win it on your blog. Nice blog BTW. Very useful information. Sorry for wasting your time. I will now go post my problem in the windows forum and see if someone can help me get these extra files off my computer and free up my CPU. I think I might have screwed up my cache or something. I dunno. I know that vista always takes up all my free memory and puts it to use so no worries there, but I still know that something is up. Thanks for all your help.Quote Is it because its the freeware version and is no help to my computer unless I do a scan myself? Exactly. Good luck with the other issues and thanks for the compliments! |
|
| 3116. |
Solve : Can't install or delete programs? |
|
Answer» I ran the bitdefender on line scan and saved the file. Went to the file dropper site paid the monthly fee and then rebooted to get out of safe mode. The computer did not start up right. I was given the option to repair or go to a restore point. Tried the repair option but didn't work and had to restore from a previous point. So I've lost all the programs I installed and of course the files and logs. Back to square one. I am going to start in the morning, I've had enough for one day. I really appreciate all the help you have given me, just bare with me I'll get back to this point again. Went to the file dropper site paid the monthly fee What? It's a free service with a paid option for more space. Anything I suggest will always be 100% free. Did you get the file uploaded to FileDropper so I can see it? I really need to get some names and LOCATIONS of the malware to know what to do next. Do you remember if anything was called Virut or Sality?Maybe I read it wrong but File dropper wouldn't LET me proceed with out making a payment of some kind. The cheapest option was .99 a month so I went with that. Not that much and I can drop it at any time. I had saved the file from Bitdefender on my desk top so it was lost when I rebooted. I do remember it was a Trojan virus but don't remember the name. There was a total of two. Can I proceed to the Bitdefender on line scan again without going through all the other programs as before? You are right, I went back and found that you can upload 2 G free, more than that cost extra. Sorry, my mistake Yes try BitDefender again and post the results.I finally got combo fix downloaded and tried to run the program. Got a message saying "comodo antivirus and comodo defense +" is running and needs to be shut down first. I have no idea where this is at, it never showed up in uninstall manager or in programs list. Now we have to find a way to shut them down. Is Comodo what you use for your antivirus or is it Avast? Just continue on with ComboFix. It should still run.I run Avast. The comodo shouldn't be there, it is from one I used and didn't like it and deleted it, I thought. I will continue on with the Combo fixComboFix 09-06-05.09 - William Michels 06/06/2009 23:07.1 - NTFSx86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.1484 [GMT -4:00] Running from: c:\users\William Michels\Desktop\ComboFix.exe AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B} SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\cluster 119497.PIF c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf D:\Desktop.ini . ((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 ))))))))))))))))))))))))))))))) . 2009-06-07 03:15 . 2009-06-07 03:15--------d-----w-c:\users\William Michels\AppData\Local\temp 2009-06-06 20:27 . 2009-06-07 03:11--------d---a-w-\Qoobox 2009-06-06 19:19 . 2009-06-06 19:19--------d-----w-c:\users\William Michels\AppData\Local\COMODO 2009-06-06 19:19 . 2009-06-06 19:19--------d-----w-c:\users\WILLIA~1\AppData\Local\COMODO 2009-06-06 17:16 . 2009-05-26 17:2040160----a-w-c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-06 17:16 . 2009-05-26 17:1919096----a-w-c:\windows\system32\drivers\mbam.sys 2009-06-06 15:40 . 2009-02-05 20:07114768----a-w-c:\windows\system32\drivers\aswSP.sys 2009-06-06 15:40 . 2009-02-05 20:0720560----a-w-c:\windows\system32\drivers\aswFsBlk.sys 2009-06-06 15:40 . 2009-02-05 20:0651376----a-w-c:\windows\system32\drivers\aswTdi.sys 2009-06-06 15:40 . 2009-02-05 20:0623152----a-w-c:\windows\system32\drivers\aswRdr.sys 2009-06-06 15:40 . 2009-02-05 20:0497480----a-w-c:\windows\system32\AvastSS.scr 2009-06-06 15:40 . 2009-02-05 20:111256296----a-w-c:\windows\system32\aswBoot.exe 2009-06-06 15:40 . 2009-02-05 20:0651792----a-w-c:\windows\system32\drivers\aswMonFlt.sys 2009-06-06 02:42 . 2009-06-07 02:59117760----a-w-c:\users\William Michels\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-06-06 02:15 . 2009-06-06 02:15--------d-----w-c:\program files\Common Files\Wise Installation Wizard 2009-06-06 02:09 . 2009-06-06 02:13--------d-----w-c:\program files\CCleaner 2009-06-05 22:50 . 2009-06-06 18:57--------d-----w-c:\windows\BDOSCAN8 2009-06-04 21:36 . 2009-06-06 15:30680----a-w-c:\users\William Michels\AppData\Local\d3d9caps.dat 2009-06-04 21:36 . 2009-06-06 15:30680----a-w-c:\users\WILLIA~1\AppData\Local\d3d9caps.dat 2009-06-04 21:32 . 2009-06-04 21:32--------d-----w-c:\users\William Michels\AppData\Roaming\Malwarebytes 2009-06-04 21:32 . 2009-06-04 21:32--------d-----w-c:\users\WILLIA~1\AppData\Roaming\Malwarebytes 2009-06-04 21:32 . 2009-06-06 17:18--------d-----w-c:\program files\Malwarebytes' Anti-Malware 2009-06-04 21:32 . 2009-06-04 21:32--------d-----w-c:\progra~2\Malwarebytes 2009-06-04 17:35 . 2009-06-04 17:35--------d-----w-c:\progra~2\SUPERAntiSpyware.com 2009-06-04 17:31 . 2009-06-06 02:36--------d-----w-c:\program files\SUPERAntiSpyware 2009-06-04 17:31 . 2009-06-04 17:31--------d-----w-c:\users\William Michels\AppData\Roaming\SUPERAntiSpyware.com 2009-06-04 17:31 . 2009-06-04 17:31--------d-----w-c:\users\WILLIA~1\AppData\Roaming\SUPERAntiSpyware.com 2009-06-03 01:33 . 2009-06-03 01:33--------d-----w-c:\program files\Alwil Software 2009-05-31 23:31 . 2009-06-01 00:33--------d-----w-c:\program files\SpywareBlaster 2009-05-28 21:20 . 2009-05-30 23:58--------d-----w-c:\users\William Michels\AppData\Roaming\System Tweaker 2009-05-28 21:20 . 2009-05-30 23:58--------d-----w-c:\users\WILLIA~1\AppData\Roaming\System Tweaker 2009-05-27 19:29 . 2009-06-06 04:53--------d-----w-c:\users\William Michels\{2be83168-6029-4d46-b0f6-10bbc66433b5} 2009-05-27 19:07 . 2009-06-07 02:49408464----a-w-c:\windows\system32\drivers\sfi.dat 2009-05-27 16:25 . 2009-05-27 19:2828704----a-w-c:\windows\system32\drivers\cmdhlp.sys 2009-05-27 16:25 . 2009-05-27 19:28168208----a-w-c:\windows\system32\guard32.dll 2009-05-27 16:25 . 2009-05-27 19:28130080----a-w-c:\windows\system32\drivers\cmdguard.sys 2009-05-24 23:26 . 2009-06-06 04:52--------d-----w-c:\program files\tinySpell 2009-05-24 23:26 . 2009-05-24 23:26--------d-----w-c:\users\William Michels\AppData\Roaming\tinySpell 2009-05-24 23:26 . 2009-05-24 23:26--------d-----w-c:\users\WILLIA~1\AppData\Roaming\tinySpell 2009-05-10 22:04 . 2009-05-10 22:0410769104----a-w-c:\users\William Michels\AppData\Roaming\Nikon\Message Center\DOWNLOAD_LOG\13213\S-P2____-176WU-NSAEN.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-07 03:03 . 2008-02-15 22:372325553152--sha-w-\pagefile.sys 2009-06-06 15:27 . 2008-08-15 02:27--------d-----w-c:\program files\Uniblue 2009-06-06 04:53 . 2009-04-22 21:51--------d-----w-c:\users\William Michels\AppData\Roaming\uTorrent 2009-06-06 04:53 . 2009-04-22 21:51--------d-----w-c:\users\WILLIA~1\AppData\Roaming\uTorrent 2009-06-06 04:52 . 2008-11-20 19:31--------d-----w-c:\program files\searchandwintoolbar 2009-06-06 04:52 . 2008-09-04 23:41--------d-----w-c:\program files\LimeWire 2009-06-06 04:52 . 2008-02-02 02:58--------d-----w-c:\program files\PC-Doctor 5 for Windows 2009-06-06 04:52 . 2008-02-02 02:47--------d---a-w-c:\program files\Common Files\LightScribe 2009-06-06 04:52 . 2008-02-02 02:47--------d-----w-c:\program files\Common Files\SureThing Shared 2009-06-06 04:52 . 2009-05-07 22:21--------d-----w-c:\program files\TouchStoneSoftware 2009-06-02 03:10 . 2008-08-23 19:49--------d-----w-c:\program files\Coupons 2009-05-31 19:53 . 2008-09-05 23:3820---h--w-c:\progra~2\PKP_DLec.DAT 2009-05-31 19:53 . 2008-09-05 23:2820---h--w-c:\progra~2\PKP_DLds.DAT 2009-05-30 20:40 . 2008-08-14 01:53--------d-----w-c:\program files\google 2009-05-30 19:55 . 2008-08-31 16:58--------d-----w-c:\progra~2\Avg8 2009-05-29 23:42 . 2009-04-01 16:51--------d-----w-c:\users\William Michels\AppData\Roaming\Comodo 2009-05-29 23:42 . 2009-04-01 16:51--------d-----w-c:\users\WILLIA~1\AppData\Roaming\Comodo 2009-05-29 23:42 . 2009-04-01 16:51--------d-----w-c:\progra~2\comodo 2009-05-29 23:42 . 2009-04-01 16:51--------d-----w-c:\program files\COMODO 2009-05-29 21:48 . 2008-08-31 16:58--------d-----w-c:\progra~2\Avg8(61) 2009-05-29 00:05 . 2008-09-04 23:41--------d-----w-c:\users\William Michels\AppData\Roaming\LimeWire 2009-05-29 00:05 . 2008-09-04 23:41--------d-----w-c:\users\WILLIA~1\AppData\Roaming\LimeWire 2009-05-28 21:17 . 2008-08-31 16:58--------d-----w-c:\progra~2\Avg8(62) 2009-05-28 20:31 . 2008-08-31 16:58--------d-----w-c:\progra~2\Avg8(54) 2009-05-17 15:26 . 2009-04-01 16:5168640----a-w-c:\windows\system32\drivers\inspect.sys 2009-05-14 14:45 . 2008-02-02 02:54--------d-----w-c:\progra~2\Microsoft Help 2009-05-14 14:41 . 2006-11-02 11:18--------d-----w-c:\program files\Windows Mail 2009-05-09 23:18 . 2008-08-23 18:41--------d-----w-c:\users\William Michels\AppData\Roaming\GoodSync 2009-05-09 23:18 . 2008-08-23 18:41--------d-----w-c:\users\WILLIA~1\AppData\Roaming\GoodSync 2009-05-07 22:46 . 2009-04-11 03:35--------d-----w-c:\users\William Michels\AppData\Roaming\Azureus 2009-05-07 22:46 . 2009-04-11 03:35--------d-----w-c:\users\WILLIA~1\AppData\Roaming\Azureus 2009-05-07 18:13 . 2009-05-07 18:13--------d-----w-c:\progra~2\Azureus 2009-04-26 15:08 . 2009-03-21 17:41541696----a-w-c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdater.exe 2009-04-23 23:49 . 2008-12-10 05:00350----a-w-c:\users\William Michels\AppData\Roaming\wklnhst.dat 2009-04-23 23:49 . 2008-12-10 05:00350----a-w-c:\users\WILLIA~1\AppData\Roaming\wklnhst.dat 2009-04-22 21:52 . 2009-04-22 21:52--------d-----w-c:\program files\uTorrent 2009-04-11 03:39 . 2009-04-11 03:35--------d-----w-c:\program files\Vuze 2009-04-02 03:56 . 2009-03-21 17:4179872----a-w-c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe 2009-04-01 16:57 . 2009-04-01 16:57249592----a-w-c:\windows\system32\cssdll32.dll 2009-03-21 17:41 . 2009-03-21 17:41349184----a-w-c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe 2009-03-17 03:38 . 2009-04-17 00:4213824----a-w-c:\windows\system32\apilogen.dll 2009-03-17 03:38 . 2009-04-17 00:4224064----a-w-c:\windows\system32\amxread.dll 2009-03-09 18:51 . 2009-03-09 18:5110134----a-r-c:\users\William Michels\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe 2009-03-09 09:19 . 2008-12-06 16:07410984----a-w-c:\windows\system32\deploytk.dll 2008-09-04 18:15 . 2008-09-04 18:1522--sha-w-c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-C8ED-EA2EFAD2ED61}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 39408] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "SansaDispatch"="c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-04-02 79872] "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-04-12 160592] "tinySpell"="c:\program files\tinySpell\tinyspell.exe" [2008-03-26 200704] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536] "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "PCDrProfiler"="c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe" [2007-02-08 73728] "Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168] c:\users\William Michels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-8-22 157000] c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-9-5 118784] c:\users\WILLIA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-8-22 157000] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 16:05356352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4280910030-2114780719-3168784256-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{A4199458-5782-4B3E-8E51-C8E56A91E286}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{4C0A85EA-D703-46FB-AB37-357A1813E6BC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{B9030142-4060-4EE9-B4F8-0C73A6835873}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{57A41350-B9F7-42AB-9FC5-DE393A284472}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{D26B0CD2-729F-4B50-9CBE-3762030EF607}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{5DE4593B-9552-4936-A64F-55757A067408}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{BC1D0FF5-4079-459E-81B6-CB7C1EDA7EF6}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{31C95077-9A24-41A8-A42F-25CF4B8FEB82}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "TCP Query User{FD3048A1-CE40-4EF4-9CC2-05561BC6DD03}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{5128A22C-DC98-4B20-A29A-275D996B414F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{463A1A22-E433-4394-8209-CB30B84EDAAA}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{2DFE46E2-93D8-47E2-BAFE-552A2C64F8F1}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{CCD2AB17-D386-4349-B092-1CD31CB63173}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{467D2113-BD2A-4402-95EA-0217AEFCDA9D}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{C3CDCAA3-B3C7-4A15-9205-88E312385017}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{FAD5518F-43BD-4EE5-BDE0-B1C3035638EA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{0B06C9F2-B837-4B77-9077-CC481F3461AD}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{BC0EF3F1-0E26-4568-88A0-2424648FC647}c:\\program files\\laplink\\pcsync\\sfthost.exe"= UDP:c:\program files\laplink\pcsync\sfthost.exe:PCsync Host Module "UDP Query User{25326B8B-07FA-41EA-971A-F4B9C292E1C4}c:\\program files\\laplink\\pcsync\\sfthost.exe"= TCP:c:\program files\laplink\pcsync\sfthost.exe:PCsync Host Module "{B58F19EE-652E-4A6C-B426-BD2AA1980B3C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{EC1E1CE4-7B8F-4D7B-8CF8-767D4C80D898}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{7E8BD5A2-4812-434B-9740-EC75B68C3336}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus "UDP Query User{4C1EA7AC-F5FF-4CBF-8009-68AA163EC9A4}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [5/27/2009 12:25 PM 28704] S1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [6/6/2009 11:40 AM 114768] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [5/27/2009 12:25 PM 130080] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944] S2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [6/6/2009 11:40 AM 20560] S2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [6/6/2009 11:40 AM 51792] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408] --- Other Services/Drivers In Memory --- *NewlyCreated* - ECACHE . - - - - ORPHANS REMOVED - - - - HKLM-Run-HP Software Update - c:\program files\Hp\HP Software Update\HPWuSchd2.exe SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: FILL Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-06 23:15 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run SansaDispatch = c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe??E??h?`??type???P? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @DENIED: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2009-06-07 23:17 ComboFix-quarantined-files.txt 2009-06-07 03:17 Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application. Post-Run: 224,851,353,600 bytes free 236--- E O F ---2009-06-06 04:38 Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: Driver:: cmdHlp cmdGuard File:: c:\windows\System32\drivers\cmdhlp.sys c:\windows\System32\drivers\cmdguard.sys Folder:: c:\users\William Michels\AppData\Local\COMODO c:\users\WILLIA~1\AppData\Local\COMODO Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze ---------- Now look in C:\Program Files for the Comodo folder and delete the entire folder. Next go to this post and follow the instructions for running the removal tool to get rid of the rest of Comodo. ---------- Download Registry Search by Bobbi Flekman (see the link titled RegSearch Download Link)
[attachment deleted by admin]I still can't delete the Comodo file from Program Files ComboFix 09-06-05.09 - William Michels 06/07/2009 12:03.1 - NTFSx86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.1484 [GMT -4:00] Running from: c:\users\William Michels\Desktop\ComboFix.exe Command switches used :: c:\users\William Michels\Desktop\CFScript.txt AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B} SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "c:\windows\System32\drivers\cmdguard.sys" "c:\windows\System32\drivers\cmdhlp.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\WILLIA~1\AppData\Local\COMODO c:\users\WILLIA~1\AppData\Local\COMODO\.tmp\ctx0.tmp c:\users\WILLIA~1\AppData\Local\COMODO\.tmp\ctx1.tmp c:\users\William Michels\AppData\Local\COMODO\.tmp\ctx0.tmp c:\users\William Michels\AppData\Local\COMODO\.tmp\ctx1.tmp c:\windows\System32\drivers\cmdguard.sys c:\windows\System32\drivers\cmdhlp.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CMDGUARD -------\Legacy_CMDHLP -------\Service_cmdGuard -------\Service_cmdHlp ((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 ))))))))))))))))))))))))))))))) . 2009-06-07 16:10 . 2009-06-07 16:10--------d-sh--w-\$RECYCLE.BIN 2009-06-07 16:10 . 2009-06-07 16:102011750400--sha-w-\hiberfil.sys 2009-06-07 16:09 . 2009-06-07 16:10--------d-----w-c:\users\William Michels\AppData\Local\temp 2009-06-07 16:09 . 2009-06-07 16:09--------d-----w-C:\temp 2009-06-07 16:09 . 2009-06-07 16:09--------d-----w-\temp 2009-06-07 16:01 . 2009-06-07 16:10--------d-s---w-\ComboFix 2009-06-06 20:27 . 2009-06-07 16:03--------d---a-w-\Qoobox 2009-06-06 17:16 . 2009-05-26 17:2040160----a-w-c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-06 17:16 . 2009-05-26 17:1919096----a-w-c:\windows\system32\drivers\mbam.sys 2009-06-06 15:40 . 2009-02-05 20:07114768----a-w-c:\windows\system32\drivers\aswSP.sys 2009-06-06 15:40 . 2009-02-05 20:0720560----a-w-c:\windows\system32\drivers\aswFsBlk.sys 2009-06-06 15:40 . 2009-02-05 20:0651376----a-w-c:\windows\system32\drivers\aswTdi.sys 2009-06-06 15:40 . 2009-02-05 20:0623152----a-w-c:\windows\system32\drivers\aswRdr.sys 2009-06-06 15:40 . 2009-02-05 20:0497480----a-w-c:\windows\system32\AvastSS.scr 2009-06-06 15:40 . 2009-02-05 20:111256296----a-w-c:\windows\system32\aswBoot.exe 2009-06-06 15:40 . 2009-02-05 20:0651792----a-w-c:\windows\system32\drivers\aswMonFlt.sys 2009-06-06 02:42 . 2009-06-07 15:35117760----a-w-c:\users\William Michels\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-06-06 02:15 . 2009-06-06 02:15--------d-----w-c:\program files\Common Files\Wise Installation Wizard 2009-06-06 02:09 . 2009-06-06 02:13--------d-----w-c:\program files\CCleaner 2009-06-05 22:50 . 2009-06-06 18:57--------d-----w-c:\windows\BDOSCAN8 2009-06-04 21:36 . 2009-06-06 15:30680----a-w-c:\users\William Michels\AppData\Local\d3d9caps.dat 2009-06-04 21:32 . 2009-06-04 21:32--------d-----w-c:\users\William Michels\AppData\Roaming\Malwarebytes 2009-06-04 21:32 . 2009-06-06 17:18--------d-----w-c:\program files\Malwarebytes' Anti-Malware 2009-06-04 21:32 . 2009-06-04 21:32--------d-----w-c:\progra~2\Malwarebytes 2009-06-04 17:35 . 2009-06-04 17:35--------d-----w-c:\progra~2\SUPERAntiSpyware.com 2009-06-04 17:31 . 2009-06-06 02:36--------d-----w-c:\program files\SUPERAntiSpyware 2009-06-04 17:31 . 2009-06-04 17:31--------d-----w-c:\users\William Michels\AppData\Roaming\SUPERAntiSpyware.com 2009-06-03 01:33 . 2009-06-03 01:33--------d-----w-c:\program files\Alwil Software 2009-05-31 23:31 . 2009-06-01 00:33--------d-----w-c:\program files\SpywareBlaster 2009-05-28 21:20 . 2009-05-30 23:58--------d-----w-c:\users\William Michels\AppData\Roaming\System Tweaker 2009-05-27 19:29 . 2009-06-06 04:53--------d-----w-c:\users\William Michels\{2be83168-6029-4d46-b0f6-10bbc66433b5} 2009-05-27 19:07 . 2009-06-07 15:54408464----a-w-c:\windows\system32\drivers\sfi.dat 2009-05-27 16:25 . 2009-05-27 19:28168208----a-w-c:\windows\system32\guard32.dll 2009-05-24 23:26 . 2009-06-06 04:52--------d-----w-c:\program files\tinySpell 2009-05-24 23:26 . 2009-05-24 23:26--------d-----w-c:\users\William Michels\AppData\Roaming\tinySpell 2009-05-10 22:04 . 2009-05-10 22:0410769104----a-w-c:\users\William Michels\AppData\Roaming\Nikon\Message Center\DOWNLOAD_LOG\13213\S-P2____-176WU-NSAEN.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-07 16:10 . 2008-02-15 22:372325553152--sha-w-\pagefile.sys 2009-06-06 15:27 . 2008-08-15 02:27--------d-----w-c:\program files\Uniblue 2009-06-06 04:53 . 2009-04-22 21:51--------d-----w-c:\users\William Michels\AppData\Roaming\uTorrent 2009-06-06 04:52 . 2008-11-20 19:31--------d-----w-c:\program files\searchandwintoolbar 2009-06-06 04:52 . 2008-09-04 23:41--------d-----w-c:\program files\LimeWire 2009-06-06 04:52 . 2008-02-02 02:58--------d-----w-c:\program files\PC-Doctor 5 for Windows 2009-06-06 04:52 . 2008-02-02 02:47--------d---a-w-c:\program files\Common Files\LightScribe 2009-06-06 04:52 . 2008-02-02 02:47--------d-----w-c:\program files\Common Files\SureThing Shared 2009-06-06 04:52 . 2009-05-07 22:21--------d-----w-c:\program files\TouchStoneSoftware 2009-06-02 03:10 . 2008-08-23 19:49--------d-----w-c:\program files\Coupons 2009-05-31 19:53 . 2008-09-05 23:3820---h--w-c:\progra~2\PKP_DLec.DAT 2009-05-31 19:53 . 2008-09-05 23:2820---h--w-c:\progra~2\PKP_DLds.DAT 2009-05-30 20:40 . 2008-08-14 01:53--------d-----w-c:\program files\google 2009-05-30 19:55 . 2008-08-31 16:58--------d-----w-c:\progra~2\Avg8 2009-05-29 23:42 . 2009-04-01 16:51--------d-----w-c:\users\William Michels\AppData\Roaming\Comodo 2009-05-29 23:42 . 2009-04-01 16:51--------d-----w-c:\progra~2\comodo 2009-05-29 23:42 . 2009-04-01 16:51--------d-----w-c:\program files\COMODO 2009-05-29 21:48 . 2008-08-31 16:58--------d-----w-c:\progra~2\Avg8(61) 2009-05-29 00:05 . 2008-09-04 23:41--------d-----w-c:\users\William Michels\AppData\Roaming\LimeWire 2009-05-28 21:17 . 2008-08-31 16:58--------d-----w-c:\progra~2\Avg8(62) 2009-05-28 20:31 . 2008-08-31 16:58--------d-----w-c:\progra~2\Avg8(54) 2009-05-17 15:26 . 2009-04-01 16:5168640----a-w-c:\windows\system32\drivers\inspect.sys 2009-05-14 14:45 . 2008-02-02 02:54--------d-----w-c:\progra~2\Microsoft Help 2009-05-14 14:41 . 2006-11-02 11:18--------d-----w-c:\program files\Windows Mail 2009-05-09 23:18 . 2008-08-23 18:41--------d-----w-c:\users\William Michels\AppData\Roaming\GoodSync 2009-05-07 22:46 . 2009-04-11 03:35--------d-----w-c:\users\William Michels\AppData\Roaming\Azureus 2009-05-07 18:13 . 2009-05-07 18:13--------d-----w-c:\progra~2\Azureus 2009-04-26 15:08 . 2009-03-21 17:41541696----a-w-c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdater.exe 2009-04-23 23:49 . 2008-12-10 05:00350----a-w-c:\users\William Michels\AppData\Roaming\wklnhst.dat 2009-04-22 21:52 . 2009-04-22 21:52--------d-----w-c:\program files\uTorrent 2009-04-11 03:39 . 2009-04-11 03:35--------d-----w-c:\program files\Vuze 2009-04-02 03:56 . 2009-03-21 17:4179872----a-w-c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe 2009-04-01 16:57 . 2009-04-01 16:57249592----a-w-c:\windows\system32\cssdll32.dll 2009-03-21 17:41 . 2009-03-21 17:41349184----a-w-c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe 2009-03-17 03:38 . 2009-04-17 00:4213824----a-w-c:\windows\system32\apilogen.dll 2009-03-17 03:38 . 2009-04-17 00:4224064----a-w-c:\windows\system32\amxread.dll 2009-03-09 18:51 . 2009-03-09 18:5110134----a-r-c:\users\William Michels\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe 2008-09-04 18:15 . 2008-09-04 18:1522--sha-w-c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-C8ED-EA2EFAD2ED61}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 39408] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "SansaDispatch"="c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-04-02 79872] "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-04-12 160592] "tinySpell"="c:\program files\tinySpell\tinyspell.exe" [2008-03-26 200704] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536] "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "PCDrProfiler"="c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe" [2007-02-08 73728] "Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168] c:\users\William Michels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-8-22 157000] c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-9-5 118784] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 16:05356352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4280910030-2114780719-3168784256-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{A4199458-5782-4B3E-8E51-C8E56A91E286}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{4C0A85EA-D703-46FB-AB37-357A1813E6BC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{B9030142-4060-4EE9-B4F8-0C73A6835873}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{57A41350-B9F7-42AB-9FC5-DE393A284472}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{D26B0CD2-729F-4B50-9CBE-3762030EF607}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{5DE4593B-9552-4936-A64F-55757A067408}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{BC1D0FF5-4079-459E-81B6-CB7C1EDA7EF6}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{31C95077-9A24-41A8-A42F-25CF4B8FEB82}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "TCP Query User{FD3048A1-CE40-4EF4-9CC2-05561BC6DD03}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{5128A22C-DC98-4B20-A29A-275D996B414F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{463A1A22-E433-4394-8209-CB30B84EDAAA}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{2DFE46E2-93D8-47E2-BAFE-552A2C64F8F1}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{CCD2AB17-D386-4349-B092-1CD31CB63173}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{467D2113-BD2A-4402-95EA-0217AEFCDA9D}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{C3CDCAA3-B3C7-4A15-9205-88E312385017}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{FAD5518F-43BD-4EE5-BDE0-B1C3035638EA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{0B06C9F2-B837-4B77-9077-CC481F3461AD}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{BC0EF3F1-0E26-4568-88A0-2424648FC647}c:\\program files\\laplink\\pcsync\\sfthost.exe"= UDP:c:\program files\laplink\pcsync\sfthost.exe:PCsync Host Module "UDP Query User{25326B8B-07FA-41EA-971A-F4B9C292E1C4}c:\\program files\\laplink\\pcsync\\sfthost.exe"= TCP:c:\program files\laplink\pcsync\sfthost.exe:PCsync Host Module "{B58F19EE-652E-4A6C-B426-BD2AA1980B3C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{EC1E1CE4-7B8F-4D7B-8CF8-767D4C80D898}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{7E8BD5A2-4812-434B-9740-EC75B68C3336}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus "UDP Query User{4C1EA7AC-F5FF-4CBF-8009-68AA163EC9A4}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [6/6/2009 11:40 AM 114768] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [6/6/2009 11:40 AM 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [6/6/2009 11:40 AM 51792] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-07 12:10 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\audiodg.exe c:\windows\System32\rundll32.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\System32\drivers\XAudio.exe c:\windows\System32\WUDFHost.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\System32\rundll32.exe c:\program files\Alwil Software\Avast4\ashDisp.exe c:\program files\Webshots\Webshots.scr c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\ehome\ehmsas.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\System32\wbem\WMIADAP.exe . ************************************************************************** . Completion time: 2009-06-07 12:14 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-07 16:14 ComboFix2.txt 2009-06-07 03:17 Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application. Post-Run: 222,641,451,008 bytes free 246--- E O F ---2009-06-06 04:38 Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.6.0 ; Results at 6/7/2009 1:45:29 PM for strings: ; 'comodo' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Comodo Antivirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CavShell.CntMenu] @="Comodo Antivirus Context Menu Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CavShell.CntMenu.1] @="Comodo Antivirus Context Menu Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4255A182-CAD9-4214-A19B-7BA7FB633BBD}] @="Comodo AntiVirus" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4255A182-CAD9-4214-A19B-7BA7FB633BBD}\InprocServer32] @="C:\\Program Files\\COMODO\\COMODO Internet Security\\cavshell.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Comodo Antivirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\file\ShellEx\ContextMenuHandlers\Comodo Antivirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Comodo Antivirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96D27592-5FAA-4B65-AE65-C41AA290ABCD}\1.0] @="Comodo Antivirus Shell Menu" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96D27592-5FAA-4B65-AE65-C41AA290ABCD}\1.0\0\win64] @="C:\\Program Files\\COMODO\\COMODO Internet Security\\cavshell.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{4255A182-CAD9-4214-A19B-7BA7FB633BBD}"="Comodo Antivirus" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}] "LocDescription"="@oem48.inf,%inspect_desc%;COMODO Internet Security Firewall Driver" "Description"="COMODO Internet Security Firewall Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}\Ndi] "HelpText"="COMODO Internet Security Firewall Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INSPECT\0000] "DeviceDesc"="COMODO Internet Security Firewall Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}] "LocDescription"="@oem48.inf,%inspect_desc%;COMODO Internet Security Firewall Driver" "Description"="COMODO Internet Security Firewall Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}\Ndi] "HelpText"="COMODO Internet Security Firewall Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_INSPECT\0000] "DeviceDesc"="COMODO Internet Security Firewall Driver" [HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}] "LocDescription"="@oem48.inf,%inspect_desc%;COMODO Internet Security Firewall Driver" "Description"="COMODO Internet Security Firewall Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}\Ndi] "HelpText"="COMODO Internet Security Firewall Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INSPECT\0000] "DeviceDesc"="COMODO Internet Security Firewall Driver" [HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\ComodoGroup] [HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\ComodoGroup\COMODO Internet Security] [HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\ComodoGroup\COMODO Internet Security\CisMainDialog] [HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\\Users\\William Michels\\Desktop\\CIS_Setup_3.9.95478.509_XP_Vista_x32.exe"="COMODO Internet Security Installer" "C:\\Program Files\\COMODO\\COMODO Internet Security\\cfpconfg.exe"="COMODO Internet Security" "C:\\Program Files\\COMODO\\COMODO Internet Security\\cavscan.exe"="COMODO Internet Security" [HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\\Users\\William Michels\\Desktop\\CIS_Setup_3.9.95478.509_XP_Vista_x32.exe"="COMODO Internet Security Installer" "C:\\Program Files\\COMODO\\COMODO Internet Security\\cfpconfg.exe"="COMODO Internet Security" "C:\\Program Files\\COMODO\\COMODO Internet Security\\cavscan.exe"="COMODO Internet Security" ; End Of The Log... Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: File:: C:\Users\William Michels\Desktop\CIS_Setup_3.9.95478.509_XP_Vista_x32.exe Folder:: C:\Program Files\COMODO Registry:: [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Comodo Antivirus] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CavShell.CntMenu] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CavShell.CntMenu.1] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4255A182-CAD9-4214-A19B-7BA7FB633BBD}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4255A182-CAD9-4214-A19B-7BA7FB633BBD}\InprocServer32] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Comodo Antivirus] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\file\ShellEx\ContextMenuHandlers\Comodo Antivirus] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Comodo Antivirus] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96D27592-5FAA-4B65-AE65-C41AA290ABCD}\1.0] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96D27592-5FAA-4B65-AE65-C41AA290ABCD}\1.0\0\win64] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{4255A182-CAD9-4214-A19B-7BA7FB633BBD}"="Comodo Antivirus" [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}\Ndi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INSPECT\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}\Ndi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_INSPECT\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}\Ndi] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INSPECT\0000] "DeviceDesc"=- [-HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\ComodoGroup] [-HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\ComodoGroup\COMODO Internet Security] [-HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\ComodoGroup\COMODO Internet Security\CisMainDialog] 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze ---------- Go to Start > Run and type Notepad.exe then click OK. Copy and paste the following text within the code box into the new Notepad file. Code: [Select]@ECHO OFF net stop winmgmt cd /d %windir%\system32\wbem ren repository repository.old net start winmgmt exit In Notepad select File and Save as Choose the Save to location to be the Desktop and for the File name: type in fixme.bat making sure that the Save as type field says All files. Next double click fixservice.bat to run it. A black box should open and close after a short time, this is normal. Do not continue until the black box has closed Delete fixservice.bat from the Desktop. ---------- Also let me know how the computer is running now.Computer is running much faster, but still have a couple more issues. I haven't mentioned it but everytime I have to reboot or shut down I get a message, "Configuring updates" It will stay there for hours if I let it but I have been doing a hard shut down. I have went to Windows update and there are some updates that are trying to download, when I hit Install, the screen freezes and have to go to task manager to shut down Windows update screen. They won't install and I can't make them go away. Also there is a program that I deleted about the time all these problems started that keeps trying to initialize but the program is not there anymore. It trys to start on every startup. As of now this is all I can find wrong. Program is called "tiny spell" Here is the Combofix from the last run: ComboFix 09-06-05.09 - William Michels 06/07/2009 14:54:52.1 - NTFSx86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.1486 [GMT -4:00] Running from: C:\Users\William Michels\Desktop\ComboFix.exe Command switches used :: C:\Users\William Michels\Desktop\CFScript7.txt AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B} SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "C:\Users\William Michels\Desktop\CIS_Setup_3.9.95478.509_XP_Vista_x32.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\COMODO C:\Program Files\COMODO\COMODO Internet Security\cavscan.dll C:\Program Files\COMODO\COMODO Internet Security\cavscan.exe C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll C:\Program Files\COMODO\COMODO Internet Security\cfp.chinese.chm C:\Program Files\COMODO\COMODO Internet Security\cfp.chm C:\Program Files\COMODO\COMODO Internet Security\cfp.dll C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.russian.chm C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.dll C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe C:\Program Files\COMODO\COMODO Internet Security\cfplogvw.dll C:\Program Files\COMODO\COMODO Internet Security\cfplogvw.exe C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.dll C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe C:\Program Files\COMODO\COMODO Internet Security\cfpver.dat C:\Program Files\COMODO\COMODO Internet Security\cisinfo.ini C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Program Files\COMODO\COMODO Internet Security\COMODO - Antivirus Security.cfg C:\Program Files\COMODO\COMODO Internet Security\COMODO - Firewall Security.cfg C:\Program Files\COMODO\COMODO Internet Security\COMODO - Internet Security.cfg C:\Program Files\COMODO\COMODO Internet Security\COMODO - Proactive Security.cfg C:\Program Files\COMODO\COMODO Internet Security\crashrep.exe C:\Program Files\COMODO\COMODO Internet Security\database\pending.hse C:\Program Files\COMODO\COMODO Internet Security\database\pending.nme C:\Program Files\COMODO\COMODO Internet Security\database\safe.hse C:\Program Files\COMODO\COMODO Internet Security\database\safe.nme C:\Program Files\COMODO\COMODO Internet Security\database\vendor.nme C:\Program Files\COMODO\COMODO Internet Security\EULA.txt C:\Program Files\COMODO\COMODO Internet Security\framework.dll C:\Program Files\COMODO\COMODO Internet Security\incompatsw.ini C:\Program Files\COMODO\COMODO Internet Security\inspect.cat C:\Program Files\COMODO\COMODO Internet Security\inspect.inf C:\Program Files\COMODO\COMODO Internet Security\inspect.sys C:\Program Files\COMODO\COMODO Internet Security\LPSSetup.exe C:\Program Files\COMODO\COMODO Internet Security\registration.txt C:\Program Files\COMODO\COMODO Internet Security\s1.tmp C:\Program Files\COMODO\COMODO Internet Security\s2.tmp C:\Program Files\COMODO\COMODO Internet Security\scanners\bases.cav C:\Program Files\COMODO\COMODO Internet Security\scanners\common.cav C:\Program Files\COMODO\COMODO Internet Security\scanners\dosmz.cav C:\Program Files\COMODO\COMODO Internet Security\scanners\first.cav C:\Program Files\COMODO\COMODO Internet Security\scanners\gunpack.cav C:\Program Files\COMODO\COMODO Internet Security\scanners\heur.cav C:\Program Files\COMODO\COMODO Internet Security\scanners\mach32.dll C:\Program Files\COMODO\COMODO Internet Security\scanners\mem.cav C:\Program Files\COMODO\COMODO Internet Security\scanners\pe32.cav C:\Program Files\COMODO\COMODO Internet Security\scanners\pkann.dll C:\Program Files\COMODO\COMODO Internet Security\scanners\unarch.cav C:\Program Files\COMODO\COMODO Internet Security\scanners\unpack.cav C:\Program Files\COMODO\COMODO Internet Security\scanners\white.cav C:\Program Files\COMODO\COMODO Internet Security\Themes\cfp.theme C:\Program Files\COMODO\COMODO Internet Security\tlicense.txt C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.arabic.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.brazilian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.Chinese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.chinesetraditional.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.czech.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.danish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.dutch.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.english.lang.template C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.estonian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.finnish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.french.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.german.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.italian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.japanese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.polish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.portuguese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.romanian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.russian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.slovak.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.swedish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.arabic.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.brazilian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.Chinese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.chinesetraditional.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.czech.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.danish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.dutch.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.english.lang.template C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.estonian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.finnish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.french.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.german.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.italian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.japanese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.polish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.portuguese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.romanian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.russian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.slovak.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.swedish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.arabic.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.brazilian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.Chinese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.chinesetraditional.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.czech.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.danish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.dutch.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.english.lang.template C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.estonian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.finnish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.french.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.german.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.italian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.japanese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.polish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.portuguese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.romanian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.russian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.slovak.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.swedish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.arabic.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.brazilian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.Chinese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.chinesetraditional.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.czech.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.danish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.dutch.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.english.lang.template C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.estonian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.finnish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.french.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.german.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.italian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.japanese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.polish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.portuguese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.romanian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.russian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.slovak.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.swedish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.arabic.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.brazilian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.Chinese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.chinesetraditional.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.czech.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.danish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.dutch.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.english.lang.template C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.estonian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.finnish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.french.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.german.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.italian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.japanese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.polish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.portuguese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.romanian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.russian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.slovak.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.swedish.lang . ((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 ))))))))))))))))))))))))))))))) . 2009-06-07 19:02:41 . 2009-06-07 19:02:410d-sh--w-\$RECYCLE.BIN 2009-06-07 19:01:57 . 2009-06-07 19:01:572009694208--sha-w-\hiberfil.sys 2009-06-07 19:00:38 . 2009-06-07 19:02:470d-----w-C:\Users\William Michels\AppData\Local\temp 2009-06-07 19:00:38 . 2009-06-07 19:00:380d-----w-C:\temp 2009-06-07 19:00:38 . 2009-06-07 19:00:380d-----w-\temp 2009-06-07 18:53:09 . 2009-06-07 19:02:480d-s---w-\ComboFix 2009-06-07 16:28:25 . 2009-06-07 16:28:250d-----w-C:\Users\William Michels\AppData\Local\COMODO 2009-06-06 20:27:25 . 2009-06-07 18:54:330d---a-w-\Qoobox 2009-06-06 17:16:29 . 2009-05-26 17:20:0840160----a-w-C:\Windows\system32\drivers\mbamswissarmy.sys 2009-06-06 17:16:28 . 2009-05-26 17:19:5619096----a-w-C:\Windows\system32\drivers\mbam.sys 2009-06-06 15:40:39 . 2009-02-05 20:07:23114768----a-w-C:\Windows\system32\drivers\aswSP.sys 2009-06-06 15:40:39 . 2009-02-05 20:07:1220560----a-w-C:\Windows\system32\drivers\aswFsBlk.sys 2009-06-06 15:40:39 . 2009-02-05 20:06:2051376----a-w-C:\Windows\system32\drivers\aswTdi.sys 2009-06-06 15:40:39 . 2009-02-05 20:06:1023152----a-w-C:\Windows\system32\drivers\aswRdr.sys 2009-06-06 15:40:39 . 2009-02-05 20:04:4597480----a-w-C:\Windows\system32\AvastSS.scr 2009-06-06 15:40:30 . 2009-02-05 20:11:351256296----a-w-C:\Windows\system32\aswBoot.exe 2009-06-06 15:40:30 . 2009-02-05 20:06:5951792----a-w-C:\Windows\system32\drivers\aswMonFlt.sys 2009-06-06 02:42:32 . 2009-06-07 16:42:01117760----a-w-C:\Users\William Michels\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-06-06 02:15:51 . 2009-06-06 02:15:510d-----w-C:\Program Files\Common Files\Wise Installation Wizard 2009-06-06 02:09:11 . 2009-06-06 02:13:120d-----w-C:\Program Files\CCleaner 2009-06-05 22:50:18 . 2009-06-06 18:57:440d-----w-C:\Windows\BDOSCAN8 2009-06-04 21:36:13 . 2009-06-06 15:30:58680----a-w-C:\Users\William Michels\AppData\Local\d3d9caps.dat 2009-06-04 21:32:08 . 2009-06-04 21:32:080d-----w-C:\Users\William Michels\AppData\Roaming\Malwarebytes 2009-06-04 21:32:03 . 2009-06-06 17:18:320d-----w-C:\Program Files\Malwarebytes' Anti-Malware 2009-06-04 21:32:03 . 2009-06-04 21:32:030d-----w-C:\PROGRA~2\Malwarebytes 2009-06-04 17:35:40 . 2009-06-04 17:35:400d-----w-C:\PROGRA~2\SUPERAntiSpyware.com 2009-06-04 17:31:43 . 2009-06-06 02:36:370d-----w-C:\Program Files\SUPERAntiSpyware 2009-06-04 17:31:43 . 2009-06-04 17:31:430d-----w-C:\Users\William Michels\AppData\Roaming\SUPERAntiSpyware.com 2009-06-03 01:33:08 . 2009-06-03 01:33:080d-----w-C:\Program Files\Alwil Software 2009-05-31 23:31:04 . 2009-06-01 00:33:500d-----w-C:\Program Files\SpywareBlaster 2009-05-28 21:20:35 . 2009-05-30 23:58:080d-----w-C:\Users\William Michels\AppData\Roaming\System Tweaker 2009-05-27 19:29:15 . 2009-06-06 04:53:300d-----w-C:\Users\William Michels\{2be83168-6029-4d46-b0f6-10bbc66433b5} 2009-05-27 19:07:57 . 2009-06-07 15:54:17408464----a-w-C:\Windows\system32\drivers\sfi.dat 2009-05-27 16:25:05 . 2009-05-27 19:28:34168208----a-w-C:\Windows\system32\guard32.dll 2009-05-24 23:26:22 . 2009-06-06 04:52:270d-----w-C:\Program Files\tinySpell 2009-05-24 23:26:22 . 2009-05-24 23:26:490d-----w-C:\Users\William Michels\AppData\Roaming\tinySpell 2009-05-10 22:04:53 . 2009-05-10 22:04:5310769104----a-w-C:\Users\William Michels\AppData\Roaming\Nikon\Message Center\DOWNLOAD_LOG\13213\S-P2____-176WU-NSAEN.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-07 19:01:55 . 2008-02-15 22:37:352325553152--sha-w-\pagefile.sys 2009-06-06 15:27:19 . 2008-08-15 02:27:490d-----w-C:\Program Files\Uniblue 2009-06-06 04:53:27 . 2009-04-22 21:51:520d-----w-C:\Users\William Michels\AppData\Roaming\uTorrent 2009-06-06 04:52:27 . 2008-11-20 19:31:490d-----w-C:\Program Files\searchandwintoolbar 2009-06-06 04:52:26 . 2008-09-04 23:41:300d-----w-C:\Program Files\LimeWire 2009-06-06 04:52:26 . 2008-02-02 02:58:220d-----w-C:\Program Files\PC-Doctor 5 for Windows 2009-06-06 04:52:18 . 2008-02-02 02:47:260d---a-w-C:\Program Files\Common Files\LightScribe 2009-06-06 04:52:18 . 2008-02-02 02:47:180d-----w-C:\Program Files\Common Files\SureThing Shared 2009-06-06 04:52:08 . 2009-05-07 22:21:480d-----w-C:\Program Files\TouchStoneSoftware 2009-06-02 03:10:55 . 2008-08-23 19:49:040d-----w-C:\Program Files\Coupons 2009-05-31 19:53:05 . 2008-09-05 23:38:3620---h--w-C:\PROGRA~2\PKP_DLec.DAT 2009-05-31 19:53:05 . 2008-09-05 23:28:4320---h--w-C:\PROGRA~2\PKP_DLds.DAT 2009-05-30 20:40:50 . 2008-08-14 01:53:270d-----w-C:\Program Files\google 2009-05-30 19:55:43 . 2008-08-31 16:58:330d-----w-C:\PROGRA~2\Avg8 2009-05-29 23:42:41 . 2009-04-01 16:51:520d-----w-C:\Users\William Michels\AppData\Roaming\Comodo 2009-05-29 23:42:41 . 2009-04-01 16:51:490d-----w-C:\PROGRA~2\comodo 2009-05-29 21:48:33 . 2008-08-31 16:58:330d-----w-C:\PROGRA~2\Avg8(61) 2009-05-29 00:05:41 . 2008-09-04 23:41:440d-----w-C:\Users\William Michels\AppData\Roaming\LimeWire 2009-05-28 21:17:45 . 2008-08-31 16:58:330d-----w-C:\PROGRA~2\Avg8(62) 2009-05-28 20:31:18 . 2008-08-31 16:58:330d-----w-C:\PROGRA~2\Avg8(54) 2009-05-17 15:26:21 . 2009-04-01 16:51:4968640----a-w-C:\Windows\system32\drivers\inspect.sys 2009-05-14 14:45:51 . 2008-02-02 02:54:310d-----w-C:\PROGRA~2\Microsoft Help 2009-05-14 14:41:57 . 2006-11-02 11:18:330d-----w-C:\Program Files\Windows Mail 2009-05-09 23:18:25 . 2008-08-23 18:41:260d-----w-C:\Users\William Michels\AppData\Roaming\GoodSync 2009-05-07 22:46:37 . 2009-04-11 03:35:450d-----w-C:\Users\William Michels\AppData\Roaming\Azureus 2009-05-07 18:13:57 . 2009-05-07 18:13:570d-----w-C:\PROGRA~2\Azureus 2009-04-26 15:08:55 . 2009-03-21 17:41:14541696----a-w-C:\Users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdater.exe 2009-04-23 23:49:40 . 2008-12-10 05:00:34350----a-w-C:\Users\William Michels\AppData\Roaming\wklnhst.dat 2009-04-22 21:52:31 . 2009-04-22 21:52:310d-----w-C:\Program Files\uTorrent 2009-04-11 03:39:41 . 2009-04-11 03:35:090d-----w-C:\Program Files\Vuze 2009-04-02 03:56:11 . 2009-03-21 17:41:1479872----a-w-C:\Users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe 2009-04-01 16:57:56 . 2009-04-01 16:57:56249592----a-w-C:\Windows\system32\cssdll32.dll 2009-03-21 17:41:15 . 2009-03-21 17:41:15349184----a-w-C:\Users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe 2009-03-17 03:38:46 . 2009-04-17 00:42:2713824----a-w-C:\Windows\system32\apilogen.dll 2009-03-17 03:38:44 . 2009-04-17 00:42:2724064----a-w-C:\Windows\system32\amxread.dll 2008-09-04 18:15:54 . 2008-09-04 18:15:5422--sha-w-C:\Windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((( [emailprotected]_16.10.53 ))))))))))))))))))))))))))))))))))))))))) . + 2008-02-02 03:17:43 . 2009-06-07 16:43:1547880 C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05:11 . 2009-06-07 16:43:1671032 C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-08-13 21:13:17 . 2009-06-07 15:36:1616384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-08-13 21:13:17 . 2009-06-07 16:42:5216384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-08-13 21:13:17 . 2009-06-07 15:36:1632768 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-08-13 21:13:17 . 2009-06-07 16:42:5232768 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-08-13 21:13:17 . 2009-06-07 15:36:1616384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-08-13 21:13:17 . 2009-06-07 16:42:5216384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-08-13 23:01:39 . 2009-06-07 16:43:169870 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4280910030-2114780719-3168784256-1000_UserData.bin - 2006-11-02 10:33:01 . 2009-06-07 15:42:24595446 C:\Windows\System32\perfh009.dat + 2006-11-02 10:33:01 . 2009-06-07 16:48:58595446 C:\Windows\System32\perfh009.dat - 2006-11-02 10:33:01 . 2009-06-07 15:42:24101144 C:\Windows\System32\perfc009.dat + 2006-11-02 10:33:01 . 2009-06-07 16:48:58101144 C:\Windows\System32\perfc009.dat - 2006-11-02 10:22:39 . 2009-06-07 15:38:026553600 C:\Windows\System32\SMI\Store\Machine\schema.dat + 2006-11-02 10:22:39 . 2009-06-07 16:44:426553600 C:\Windows\System32\SMI\Store\Machine\schema.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-C8ED-EA2EFAD2ED61}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 12:35:14 801904] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 07:33:09 125952] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 05:15:24 39408] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 07:33:39 202240] "SansaDispatch"="C:\Users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-04-02 03:56:11 79872] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-04-12 11:56:35 160592] "tinySpell"="C:\Program Files\tinySpell\tinyspell.exe" [2008-03-26 18:09:38 200704] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 14:05:52 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 13:42:24 65536] "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 10:59:00 118784] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-23 02:49:00 13539872] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-23 02:49:00 92704] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 11:00:48 33648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 06:04:34 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-03-09 09:19:17 148888] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 20:08:45 81000] "RtHDVCpl"="RtHDVCpl.exe" - C:\WINDOWS\RtHDVCpl.exe [2008-01-15 16:26:18 4874240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "PCDrProfiler"="C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" [2007-02-08 22:27:12 73728] "Launcher"="C:\Windows\SMINST\launcher.exe" [2007-03-07 19:09:52 44168] C:\Users\William Michels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2008-8-22 157000] C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2008-9-5 118784] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 14:13:36 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 16:05:34356352----a-w-C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4280910030-2114780719-3168784256-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{A4199458-5782-4B3E-8E51-C8E56A91E286}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{4C0A85EA-D703-46FB-AB37-357A1813E6BC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{B9030142-4060-4EE9-B4F8-0C73A6835873}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{57A41350-B9F7-42AB-9FC5-DE393A284472}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{D26B0CD2-729F-4B50-9CBE-3762030EF607}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{5DE4593B-9552-4936-A64F-55757A067408}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{BC1D0FF5-4079-459E-81B6-CB7C1EDA7EF6}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{31C95077-9A24-41A8-A42F-25CF4B8FEB82}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "TCP Query User{FD3048A1-CE40-4EF4-9CC2-05561BC6DD03}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{5128A22C-DC98-4B20-A29A-275D996B414F}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{463A1A22-E433-4394-8209-CB30B84EDAAA}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{2DFE46E2-93D8-47E2-BAFE-552A2C64F8F1}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{CCD2AB17-D386-4349-B092-1CD31CB63173}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{467D2113-BD2A-4402-95EA-0217AEFCDA9D}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{C3CDCAA3-B3C7-4A15-9205-88E312385017}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{FAD5518F-43BD-4EE5-BDE0-B1C3035638EA}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{0B06C9F2-B837-4B77-9077-CC481F3461AD}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{BC0EF3F1-0E26-4568-88A0-2424648FC647}C:\\program files\\laplink\\pcsync\\sfthost.exe"= UDP:C:\program files\laplink\pcsync\sfthost.exe:PCsync Host Module "UDP Query User{25326B8B-07FA-41EA-971A-F4B9C292E1C4}C:\\program files\\laplink\\pcsync\\sfthost.exe"= TCP:C:\program files\laplink\pcsync\sfthost.exe:PCsync Host Module "{B58F19EE-652E-4A6C-B426-BD2AA1980B3C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{EC1E1CE4-7B8F-4D7B-8CF8-767D4C80D898}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{7E8BD5A2-4812-434B-9740-EC75B68C3336}C:\\program files\\vuze\\azureus.exe"= UDP:C:\program files\vuze\azureus.exe:Azureus "UDP Query User{4C1EA7AC-F5FF-4CBF-8009-68AA163EC9A4}C:\\program files\\vuze\\azureus.exe"= TCP:C:\program files\vuze\azureus.exe:Azureus [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [6/6/2009 11:40:39 AM 114768] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05:54 AM 9968] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05:52 AM 72944] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\System32\drivers\aswFsBlk.sys [6/6/2009 11:40:39 AM 20560] R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [6/6/2009 11:40:30 AM 51792] R3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05:56 AM 7408] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html . Try reinstalling tiny spell and then uninstall it through Add or Remove Programs (programs and features) Shut down IE. Open it up by right clicking the IE icon and choose 'Run as Administrator' and then try the Windows Updates. Let me know... |
|
| 3117. |
Solve : Had a rundll error, was infected, cleaned, attached HJT, still no IE? |
|
Answer» Scan with Panda ActiveScan 2.0
Post the contents of the ActiveScan report in your next reply.Ran the Panda scan and attached the log [attachment deleted by admin]I forgot to mention that Panda says that it can disinfect it for me, but I have not clicked the box yet.You have to buy Panda for it to disinfect and that isn't necessary. * Download Qoofix to your Desktop or any other convient location * Unzip the files from Qoofix.zip to a convenient location such as C:\Qoofix. * Navigate to the folder you unzipped the files to and double click on the file named Qoofix.exe. * Finally, select Begin Removal and the removal process will commence. A reboot may be necessary if an infection is found. ---------- Locate and delete this file: c:\windows\system32\csuninstall.exe ---------- Download OTMoveIt3 by OldTimer OTMoveIt3.exe and place it on your desktop. (unless you already have it installed) 1. Double click OTMoveIt3.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt3 ---------- Set a New Restore Point to PREVENT possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.I can not get past step one - Qoofix: http://majorgeeks.com/download.php?det=5175 (there is nothing on this page to download - at least nothing appears on my screen).Try here: http://www.besttechie.net/forums/index.php?showtopic=9051This java issue keeps coming back to haunt me . . . secunia also requires java to WORK (keep in mind I have the latest version of it, but it doesn't work). I see that there are two "important" windows updates for me to download: Windows Vista: Important: Microsoft .NET Framework 3.5 Service Pack1 and .NET Framework 3.5 Family Update Optional: Group Policy Preference Client Side Extensions for Windows Vista Optional: Windows PowerShell 1.0 for Windows Vista Office Live Add-in Optional: Office LIve add-in SQL Server 2005: Important: Microsoft SQL Server 2005 Express Edition Service Pack 3 When I attempt to perform these updates I get an error message (screen shot attached). I attempted to research the error codes. They tell me to be sure that the firewall will allow microsoft access etc... and turn off the antivirus software (well I did and they still will not download). For some reason I feel that this is the reason JAVA doesn't work - and therefore I cannot run the additional software programs you've recommended. Also, I am pretty maxed out on my hard drive and I am wondering if that is also playing a role in this. I have about 3 Gigs free. Again, I really appreciate your patience with me and your help. [attachment deleted by admin]Anything that is Important or critical are just the. Optional is optional...finally got Java to enable PROPERLY so I ran the Kscan . . . file attached - as it was on your oringinal list of things to do (nothing detected). Still no luck in downloading those windows updates. Will try some things this afternoon. Thanks for all of your help, Crispin [attachment deleted by admin]Close all browser windows. Right click IE and choose 'Run as Administrator' and then get the updates.What is K Scan evil fantasy is it an online scanner?KASPERSKY Lab Online Scanner http://www.kaspersky.com/virusscannerQuote from: evilfantasy on April 06, 2009, 07:27:59 AM Close all browser windows. Right click IE and choose 'Run as Administrator' and then get the updates. I did exactly that, but still no beans . . . I am perplexed. I feel great that my original issue has been solved, but I don't know what to think regarding the lack of ability to perform "windows updates". Should a start a new thread? evilfantasy you have been a great help, my wife and I thank you!I am not sure why that wouldn't work. Ah by the way I'm using Kaspersky anti virus 2009 right now and this anti virus for me is the best. Well 2nd for me is NOD 32. Well it's good that you have already fixed the problem. Remember the last tip that i gave you that was just said to me by my friend he is a computer technician. Well it's good you have solved your problem. |
|
| 3118. |
Solve : .exe Bad image warnings(logs attached as requested)? |
|
Answer» I have attached the logs. My problem is: |
|
| 3119. |
Solve : Another W32.silly.fdc, Logs posted? |
|
Answer» The only other 3rd party program I have on this computer, particularity, is EndItAll. (Not counting the programs for these scans)
Important: Close all open windows except for HijackThis and then click Fix checked. Once completed, exit HijackThis. ---------- Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFixOk, here is my combofix log.... So is it safe to delete all these transparent folders? Or even log on important sites, I.E. my online bank account? Sorry, most of my knowledge is in building computers, not removing worms, trojans, whatever have you... ComboFix 09-04-04.01 - Doris 2009-04-07 15:23:26.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3061.2023 [GMT -4:00] Running from: c:\users\Doris\Desktop\ComboFix.exe AV: Norton Internet Security *On-access scanning disabled* (Updated) FW: Norton Internet Security *enabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\AutoRun.inf c:\windows\system32\KBL.LOG c:\windows\system32\x64 . ((((((((((((((((((((((((( Files Created from 2009-03-07 to 2009-04-07 ))))))))))))))))))))))))))))))) . 2009-04-07 09:56 . 2009-04-07 09:56118--a------c:\windows\System32\MRT.INI 2009-04-06 23:44 . 2009-04-06 23:53d--------c:\users\Doris\AppData\Roaming\IObit 2009-04-06 23:44 . 2009-04-07 10:00d--------c:\program files\IObit 2009-04-06 23:43 . 2009-04-06 23:43d--------c:\program files\CCleaner 2009-04-06 18:19 . 2009-04-06 18:18410,984--a------c:\windows\System32\deploytk.dll 2009-04-06 18:10 . 2009-04-06 18:10d--------c:\program files\Trend Micro 2009-04-06 16:00 . 2009-04-06 16:00d--------c:\users\Doris\AppData\Roaming\Malwarebytes 2009-04-06 16:00 . 2009-04-06 16:00d--------c:\users\All Users\Malwarebytes 2009-04-06 16:00 . 2009-04-06 16:00d--------c:\programdata\Malwarebytes 2009-04-06 16:00 . 2009-04-06 18:02d--------c:\program files\Malwarebytes' Anti-Malware 2009-04-06 16:00 . 2009-03-26 16:4938,496--a------c:\windows\System32\drivers\mbamswissarmy.sys 2009-04-06 16:00 . 2009-03-26 16:4915,504--a------c:\windows\System32\drivers\mbam.sys 2009-04-06 14:44 . 2009-04-06 14:44d--------c:\users\Doris\AppData\Roaming\SUPERAntiSpyware.com 2009-04-06 14:44 . 2009-04-06 14:44d--------c:\users\All Users\SUPERAntiSpyware.com 2009-04-06 14:44 . 2009-04-06 14:44d--------c:\programdata\SUPERAntiSpyware.com 2009-04-06 14:44 . 2009-04-06 14:44d--------c:\program files\SUPERAntiSpyware 2009-04-05 09:52 . 2009-04-05 09:52d--------c:\users\Doris\AppData\Roaming\Darkfall 2009-04-05 09:26 . 2008-07-12 08:183,851,784--a------c:\windows\System32\D3DX9_39.dll 2009-04-05 09:26 . 2008-05-30 14:113,850,760--a------c:\windows\System32\D3DX9_38.dll 2009-04-05 09:26 . 2008-03-05 15:563,786,760--a------c:\windows\System32\D3DX9_37.dll 2009-04-05 09:26 . 2007-10-12 15:143,734,536--a------c:\windows\System32\d3dx9_36.dll 2009-04-05 09:26 . 2007-07-19 18:143,727,720--a------c:\windows\System32\d3dx9_35.dll 2009-04-05 09:26 . 2007-05-16 16:453,497,832--a------c:\windows\System32\d3dx9_34.dll 2009-04-05 09:26 . 2007-03-12 16:423,495,784--a------c:\windows\System32\d3dx9_33.dll 2009-04-05 09:26 . 2006-11-29 13:063,426,072--a------c:\windows\System32\d3dx9_32.dll 2009-04-05 09:26 . 2006-09-28 16:052,414,360--a------c:\windows\System32\d3dx9_31.dll 2009-04-05 09:25 . 2009-04-05 09:51d--------c:\program files\Darkfall 2009-03-30 14:46 . 2008-10-31 13:2553,248--a------c:\windows\nswatchdog.exe 2009-03-26 21:01 . 2009-03-26 21:01d--------c:\program files\The Weather Channel Toolbar 2009-03-26 21:01 . 2008-07-22 13:31327,680--a------c:\windows\System32\TwcToolbarIe7.dll 2009-03-26 21:01 . 2008-07-22 13:2498,304--a------c:\windows\System32\TwcToolbarBho.dll 2009-03-26 21:01 . 2007-12-03 12:3625,600--a------c:\windows\System32\TwcToolInstDll.dll 2009-03-26 21:00 . 2009-03-26 21:00d--------c:\program files\The Weather Channel FW 2009-03-26 18:27 . 2009-03-26 18:27d--------c:\users\Doris\AppData\Roaming\AVS4YOU 2009-03-26 18:27 . 2009-03-26 18:27d--------c:\users\All Users\AVS4YOU 2009-03-26 18:27 . 2009-03-26 18:27d--------c:\programdata\AVS4YOU 2009-03-26 18:25 . 2009-04-05 18:39d--------c:\program files\Common Files\AVSMedia 2009-03-26 18:25 . 2009-04-05 18:39d--------c:\program files\AVS4YOU 2009-03-26 18:25 . 2002-01-05 14:40487,424--a------c:\windows\System32\msvcp70.dll 2009-03-26 18:25 . 2003-05-21 12:5024,576--a------c:\windows\System32\msxml3a.dll 2009-03-23 14:45 . 2009-04-07 09:48d--------c:\users\Doris\Tracing 2009-03-23 14:44 . 2009-03-23 14:44d--------c:\program files\Windows Live SkyDrive 2009-03-23 14:44 . 2009-03-23 14:44d--------c:\program files\Microsoft 2009-03-23 14:41 . 2009-03-23 14:41d--------c:\program files\Common Files\Windows Live 2009-03-14 16:35 . 2009-03-14 16:36d--------c:\program files\EndItAll 2009-03-14 04:19 . 2009-03-14 04:19d--------c:\program files\Movie Maker 2.6 2009-03-14 03:35 . 2009-03-14 03:40d--------c:\users\Doris\AppData\Roaming\vlc 2009-03-14 03:35 . 2009-03-14 03:35d--------c:\program files\VideoLAN 2009-03-14 03:27 . 2009-03-14 16:25d--------c:\program files\Winamp 2009-03-14 02:22 . 2009-03-14 02:22d--------c:\users\Doris\AppData\Roaming\Xilisoft Corporation 2009-03-14 02:20 . 2009-03-14 02:20d--------c:\program files\Xilisoft 2009-03-14 02:10 . 2009-03-14 16:25d--------c:\program files\WM Converter 2009-03-14 01:58 . 2009-03-14 03:27d--------c:\program files\Common Files\PX Storage Engine 2009-03-14 01:57 . 2009-03-27 09:27d--------c:\program files\DivX 2009-03-14 01:37 . 2009-03-15 01:32d-a------c:\users\All Users\TEMP 2009-03-14 01:37 . 2009-03-15 01:32d-a------c:\programdata\TEMP 2009-03-14 01:37 . 2009-03-15 01:32d--------C:\Fraps 2009-03-11 03:43 . 2002-01-05 13:48974,848---------c:\windows\System32\mfc70.dll 2009-03-11 03:43 . 2002-01-05 12:37344,064---------c:\windows\System32\msvcr70.dll 2009-03-11 03:43 . 2003-07-24 10:24237,568--a------c:\windows\System32\demoover.exe 2009-03-11 03:43 . 2004-05-29 17:5291,072---------c:\windows\System32\RoseCo2.dll 2009-03-11 03:43 . 2004-05-29 17:5382,896---------c:\windows\System32\KickCom2.dll 2009-03-11 03:42 . 2009-03-11 04:36d--------C:\moove 2009-03-11 03:42 . 2001-10-12 15:443,310---------c:\windows\System32\advanced.ico 2009-03-11 03:42 . 1998-04-24 00:001,078---------c:\windows\System32\rosewaste.ico 2009-03-11 03:22 . 2009-03-14 16:28d--------c:\program files\Kaneva 2009-03-10 13:17 . 2008-12-15 23:298,147,456--a------c:\windows\System32\wmploc.DLL 2009-03-10 13:17 . 2008-12-16 01:317,680--a------c:\windows\System32\spwmp.dll 2009-03-10 13:17 . 2008-12-16 01:314,096--a------c:\windows\System32\msdxm.ocx 2009-03-10 13:17 . 2008-12-16 01:314,096--a------c:\windows\System32\dxmasf.dll 2009-03-10 13:16 . 2009-02-08 23:102,033,152--a------c:\windows\System32\win32k.sys 2009-03-10 13:16 . 2008-11-27 00:43268,288--a------c:\windows\System32\schannel.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-07 16:58---------d-----wc:\programdata\Symantec 2009-04-07 02:55---------d--h--wc:\program files\InstallShield Installation Information 2009-04-07 02:40---------d-----wc:\program files\Microsoft Games 2009-04-07 02:34---------d-----wc:\users\Doris\AppData\Roaming\uTorrent 2009-04-06 22:18---------d-----wc:\program files\Java 2009-04-06 18:43---------d-----wc:\program files\Common Files\Wise Installation Wizard 2009-04-05 22:12---------d-----wc:\program files\Common Files\Symantec Shared 2009-03-27 22:45---------d-----wc:\users\Doris\AppData\Roaming\HP 2009-03-23 18:43---------d-----wc:\program files\Windows Live 2009-03-14 20:30---------d-----wc:\program files\Yahoo! 2009-03-14 20:22---------d-----wc:\program files\Warcraft III 2009-03-11 21:19---------d-----wc:\program files\Maxis 2009-03-11 07:44---------d-----wc:\program files\Windows Mail 2009-03-04 10:29---------d-----wc:\programdata\Yahoo! 2009-03-04 10:26---------d-----wc:\users\Doris\AppData\Roaming\Yahoo! 2009-02-28 04:03---------d-----wc:\users\Doris\AppData\Roaming\Ideazon 2009-02-28 04:01---------d-----wc:\program files\Ideazon 2009-02-20 01:48---------d-----wc:\program files\7-Zip 2009-02-19 17:3196,560----a-wc:\windows\system32\drivers\symfw.sys 2009-02-19 17:319,844----a-wc:\windows\system32\drivers\SymRedir.cat 2009-02-19 17:3141,008----a-wc:\windows\system32\drivers\symndisv.sys 2009-02-19 17:3138,576----a-wc:\windows\system32\drivers\symids.sys 2009-02-19 17:3124,112----a-wc:\windows\system32\drivers\SymIMV.sys 2009-02-19 17:3122,320----a-wc:\windows\system32\drivers\symredrv.sys 2009-02-19 17:31184,496----a-wc:\windows\system32\drivers\symtdi.sys 2009-02-19 17:3113,616----a-wc:\windows\system32\drivers\symdns.sys 2009-02-19 17:311,611----a-wc:\windows\system32\drivers\SymRedir.inf 2009-02-10 20:56---------d-----wc:\users\Doris\AppData\Roaming\GetRightToGo 2009-02-06 22:5249,504----a-wc:\windows\System32\sirenacm.dll 2009-01-15 06:11827,392----a-wc:\windows\System32\wininet.dll 2008-01-21 02:43174--sha-wc:\program files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-20 1233920] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504] "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-25 212992] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "Zboard"="c:\program files\Ideazon\ZEngine\Zboard.exe" [2008-11-12 57344] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-06 148888] "MRT"="c:\windows\system32\MRT.exe" [2009-02-25 24768960] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3codecp"= l3codecp.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-05-11 07:06 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] --a------ 2007-10-03 19:15 480560 c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] --a------ 2007-10-03 18:44 178712 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-256968735-640673003-351684455-1004] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{0C53955B-DA7B-4D19-BA7F-C3CB861DD127}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{FD04AC5D-80BB-4236-B929-5FE0F9062AA1}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{7B754820-430B-45BC-94F4-41B6E1FE1C31}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{5DAE2496-F342-4EDC-AD0D-57C4F2FBD791}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{5506AB42-C949-428E-9933-843D58434240}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{70BBC0E6-A428-4B94-AED1-03C6FC39BEF7}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{B1DD21E3-600D-4A50-BFC1-46449F6C36B9}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{03510A4F-F70C-41A5-BCBC-ACE4311F5B29}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{E8474A6C-2929-473E-BC70-2CAF59DF1323}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{9D3EAB25-7FE2-4059-99AD-705B409E0582}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{7AC37F4F-38B2-467D-9B36-5928C8AE0322}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{0E2AE14D-5586-4934-BDB9-A8F70E2B55B8}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play "{45FABCFD-6E9B-4EB4-93F1-895F353A67BC}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{B440AFF3-8EE0-4D1A-9DFB-61E0B55D8BD5}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{ED3E1680-003B-426D-9408-CDF644F7D019}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{836450E8-5137-45BF-9A16-2CF8F78ACF9E}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{DD3C3DCF-01F9-44F9-BFD5-F880336DFBBC}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{94B91045-FA70-47D5-BA2E-73CAAE9B3DBA}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe "{879FFDE0-AD61-4957-9273-00A29424AC84}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe "{8FC23F4B-A223-47CE-AAF6-80D1ECCA86E3}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe "{388F61DD-611C-41AD-A683-ADA389F202DA}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe "{B7058F4F-EF2A-4A66-AD3C-F12AF8F61AD7}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{C6D9C9BC-4D8E-4BC4-A497-318C91E8718C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{43037F55-683A-4730-953C-52E5C9AE903A}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe "{DFCD453A-013C-4E44-B814-DF8A13DBECF8}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe "{11D47BC6-927C-446B-B95B-2F12BB5DCD83}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe "{949E98F9-9D71-4F4D-B614-A612C3ED49CA}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe "{FBE336B9-2DA9-4BAA-AF38-7B5367D4F205}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe "{3E387DF5-D4AE-4BCC-8E41-79DC113F3C48}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe "{29AB88E1-4A3C-4469-82EA-3BA6912D4DD7}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe "{4AFE900C-BF8C-47C0-96F1-FDC0B170FAB6}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe "{2B3A7DE9-42B4-486A-A869-D629014218F7}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe "{7959871D-B519-44FD-A2A9-38B50744F7B8}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe "{C838A574-C47C-4072-BB8D-F0182151F6D2}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe "{A90D1241-56BC-46CE-A8FE-855A3AB04C28}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe "{B61A6346-323D-455F-9CE9-8488A575F881}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{1E017D30-5307-4F81-B074-70CAFA94D7DC}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{9F636F78-1F18-4E1E-B7B5-12219041BFE1}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{65B23307-6F92-41CD-A629-AE686E1D5AEB}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090331.003\IDSvix86.sys [2009-04-02 272432] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944] R2 atashost;WebEx Service Host for Support Center;c:\windows\System32\atashost.exe [2008-09-09 20376] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2007-08-25 149352] R3 Alpham1;Ideazon ZBoard USB Human Interface Device;c:\windows\System32\drivers\Alpham1.sys [2007-07-23 42624] R3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;c:\windows\System32\drivers\Alpham2.sys [2007-03-20 18432] R3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [2007-05-29 23888] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-01 101936] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408] R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2009-02-19 41008] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-04-07 c:\windows\Tasks\AWC Startup.job - c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-02-22 14:45] 2009-04-07 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Doris.job - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 20:19] 2009-04-07 c:\windows\Tasks\SmartDefrag.job - c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-02-13 18:15] 2009-04-07 c:\windows\Tasks\SmartDefrag.job - c:\program files\IObit\IObit SmartDefrag\ [2009-04-06 23:44] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: moove.com FF - ProfilePath - c:\users\Doris\AppData\Roaming\Mozilla\Firefox\Profiles\ea13htpd.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.perfectworld.com FF - plugin: c:\program files\Mozilla Firefox\plugins\npkanevapatch.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-07 15:27:33 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-04-07 15:31:00 ComboFix-quarantined-files.txt 2009-04-07 19:30:54 Pre-Run: 106,823,573,504 bytes free Post-Run: 106,879,004,672 bytes free 285--- E O F ---2009-04-07 13:56:33 So is it safe to delete all these transparent folders? Or even log on important sites, I.E. my online bank account? Sorry, most of my knowledge is in building computers, not removing worms, trojans, whatever have you Let me know how everything is after this next step.
---------- Are the icons still there and if so which ones? They are all still there (The notpad file you see, is just the instructions I was to print.)
---------- Now delete any hidden (transparent) files/folders left on the desktop. Download CCleaner Slim and save it to your Desktop. When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe Follow the prompts to install the program. Complete the installation then:
Note CCleaner is a 100% free tool. I suggest keeping it and running it regularly to keep your computer running smooth. ---------- We have not done a full virus scan yet so we should do so now. Use the Kaspersky Lab Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.
There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As
Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet Explorer 7 and 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%. If needed, this animation will guide you through the process.The Hidden files, are fully hidden now, didn't have to delete any of them, started the scan an hour ago, its at 18%, will post it as soon as its done. Thanks for your help thus far, by the way.Uhhh.... heres the log..., lol, 0 problems... So am I clean? No malware has been detected. The scan area is clean.Looks good. Final steps. Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Ok, thanks again, glad I found a place that won't charge me an arm and a leg for this Take careYour welcome. Safe surfing... |
|
| 3120. |
Solve : .exe bad image warnings? |
|
Answer» Hello EVERYONE. Everytime I open a program I see the same warning. I will use firefox as an example. |
|
| 3121. |
Solve : browser keeps redirecting me and can't install windows update...? |
|
Answer» Hi. running Vista with IE 8 and yahoo canada and didn't know if I can follow the same steps as the sticky TOPIC.. |
|
| 3122. |
Solve : Blaster email spying? |
|
Answer» Has ANYONE ever used this to keep track of emails etc,, for kids and spouses?Thanks,,Do you mean eBlaster http://www.eblaster.com Sounds like a lot of MONEY and a very distinct invasion of a person's privacy.That would be the one,and yes it is an invasion of privacy but for keeping kids safe,and a spouse honest thats what you have to do,,,Quote from: illini3023 on April 06, 2009, 03:43:31 PM That would be the one,and yes it is an invasion of privacy but for keeping kids safe,and a spouse honest thats what you have to do,,, I'm not going to tell you that's wrong and right but I and many of us here disagree. For kids it's education and parenting. Not spying. That only destroys trust. If they are breaking the rules then they loose computer privileges and other things they like. You know, discipline? Won't COMMENT on your spouse but I think you already know that if you can't trust someone, spouse, best friend or whoever, then it will never work out. I remember a KEYLOGGER meant for "security"... Keylogger is to security as George W. Bush is to smart. I can't remember what those are called...but this is basically the same thing. The eBlaster will probably send a copy of all their email addresses to advertising companies. I advise not using it for both privacy and security issues.huge waste of money too. may as well attach a security limpet to their head or something.Quote from: BC_Programmer on April 07, 2009, 04:47:17 PM huge waste of money too. may as well attach a security limpet to their head or something. I can't belive someone would actually be stupid ENOUGH to pay so their private emails sent to large corporations, just so they can make better ads. |
|
| 3123. |
Solve : Is this dangerous?? |
|
Answer» My AVG resident virus shield has given me this notice: Resident shield alert; Threat name: runtime packed nspack detected on open. |
|
| 3124. |
Solve : Virus emails? |
|
Answer» I have a couple of VIRUS emails that are saved in my email account.. would anybody like to have them? In the sense email to them? I would just like to know what they are? Norton stopped me from opening them. It would be cool if SOMEONE COULD tell me what they were. If not no MATTER...Does not Norton report to you what kinds of viruses it found? |
|
| 3125. |
Solve : no name file in system tray? |
|
Answer» hi again. i've got another issue i can't fix on my own... any help is always appreciated. |
|
| 3126. |
Solve : Mountain of problems? |
|
Answer» Sorry gunbrown but with Virut it is a no win battle. There are a few lines in a HJT log that I LOOK for that point to Virut. Unfortunately your log has not one but multiple which means that the infection has gotten very well rooted into the entire system. O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Katt\reader_s.exe (User 'SYSTEM') Your thread title "Mountain of PROBLEMS" is more accurate than you might have realized... Dr Web CureIt is your best bet. Run that now. Then again tomorrow. Quote from: BC_Programmer on April 02, 2009, 01:24:29 PM I'm speshul? Yea macDad is one of our members who "get's it." BC I'm sure you could/can read these logs just as well or better than I do. I'm just waiting for you to pick up a thread and follow it through to the end There is also this. O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) You need to uninstall anything that says NORTON, Symantec or Live Update. Two antivirus will only cause you problems. Run this tool to ensure all of Norton is gone. Norton Removal Tool (SymNRT)Quote from: BC_Programmer on April 02, 2009, 01:24:29 PM I'm speshul? Thanks BC and Evil, just wanted to direct them to the right place. My knowledge of viruses, malware is pretty vague...but to get them on track is at least something that i can help with. I'm speshul? aww shucks. Yes, You Are and You Know it, Evil's a heck of a Guy too....................Well i'm not an expert or anything but i think i may have gotten rid of the virut but there are still on or two other trojans that keep popping up each time upon boot up. i say this because neither avg or any of the virut removers detect ANYMORE virut infected files and they usually do. But as i had anticipated the system files are messed up and stuff so some programs won't work. i think i might be able to work them out individually but now that i have most of the control of the pc i'll just backup the files and reformat, only problem now is that my girlfriend lost the hp cd . Anyways thank you very much for your time and help. I'm only in here once every two years or so but i love what you guys do. maybe one day i'll grow up to be like you. Quote from: gunbrown on April 03, 2009, 11:01:21 AM thank you very much for your time and help. I'm only in here once every two years or so but i love what you guys do. maybe one day i'll grow up to be like you. Grow-up is what everybody I meet tells me to do. Well I Hope You never Do it's the Worst thingthat can happen You know That shouldnt need to be a requriement unless you want to take care of all of it yourself. I would try spybot and see if that wouldnt help, since its built to do this stuff.Virut prevents any App from running.Quote from: squall_01 on April 04, 2009, 05:36:57 PM That shouldnt need to be a requriement unless you want to take care of all of it yourself. I would try spybot and see if that wouldnt help, since its built to do this stuff. I'm not sure what u're talking about squall_01. Whats does spybot do?same as SuperAntiSpyware....its another Anti-Spyware ProgI see just a thought in case it gets rid of a lot of my junk....Not trying to put you down, just saying that its an Anti-Spyware Program.I understand no hard feelings or anything of that for that matter. |
|
| 3127. |
Solve : program name.exe - Bad Image Error (logs inside)? |
|
Answer» Hi, Can you please help with what I have to do to FIX this!!! Logfile of Trend MICRO HijackThis v2.0.2 mbam-log-2009-04-06 (19-23-26) Quote Malwarebytes' Anti-Malware 1.28 SUPERAntiSpyware Scan Log - 04-06-2009 - 18-32-22 Quote SUPERAntiSpyware Scan Log |
|
| 3128. |
Solve : My NOrton expired today should I renew it or get something else?? |
|
Answer» Quote outgoing traffic is only dangerous when you've already been compromised.Your computer may become infected but at least, the infections are not calling home with all your secret passwords and other sensitive information. Ahh, yes, that's a very good point; I was thinking of "danger level" more ALONG the LINES of probability to infect, not wether said traffic could contain sensitive data, which is far worse.Quote outgoing traffic is only dangerous when you've already been compromised.Whoever said that should retract it. How about: Mass breeding rattlesnakes and releasing them in a schoolyard is not dangerous if you are MENTALLY ill. One of the biggest THINGS the media picked up was how LimeWrie was PROVIDING software tools to allow professional criminals get credit card information and make millions. Not dangerous? Your e-mail list is a liability, if not for you, for your contacts. Now don't argue about how easy is it was or not. It happened.heh, Like I say, I was thinking more along the lines of danger from getting infected- since that wouldn't matter if one was already infected. But obviously the outgoing traffic from a trojan could prompt the download of further infections and the upload of personal information. |
|
| 3129. |
Solve : Packed Generic.200 Norton can't remove? |
|
Answer» I can't get rid of this virus. Norton keeps alerting me that it's infected. I've ran combofix,Malwarebytes,Superantispyware. Those got rid of a lot of stuff. They now read CLEAN on a re scan. But Norton Still SAYS it's infected. I cleared out the system restore and rebooted and cleared the Quarantine of Norton out and it still says it's infected. Is there a remover program for Packed Generic.200?Logfile of Trend Micro HijackThis v2.0.2 |
|
| 3130. |
Solve : 2 iexplore.exe in task manager? |
|
Answer» Hello, |
|
| 3131. |
Solve : computer virus/malware? |
|
Answer» Here are the latest logs. The CCleaner didn't find ANYTHING to delete. |
|
| 3132. |
Solve : Search result issue? |
|
Answer» Hello Phil. Could you please run MBAM again and this time clean the infection. Then, let me know how your computer is running.SD |
|
| 3133. |
Solve : Keyboard screwed up on a XP SP3 OS? |
|
Answer» Has anyone had a problem with the keys on the right side only changing to different letters and numbers that don’t match what you type?? For instants the letters on the left of the keyboard QWERTYASDFGHZXCVBN123456 work fine but on the right side is all screwed up. U goes back space then up, I does nothing, O STEP forward one and stops, P -, J steps down one and stops, L nothing, ; +, M nothing, . nothing, 7 nothing, 8 goes up, 9 nothing, 0 *. Sounds like you have number lock turned on, Try Fn+F11 (may be something besides F11, look for the key with a picture that looks like a calculator) ;DThanks, You where right!!! Pressed Fn and F8 and all ok now! |
|
| 3134. |
Solve : Super Anti-Spyware Log? |
|
Answer» This is the log I got after running the Super Anti-Spyware. What information/advice could you give me from this data?
Download Security Check by screen317 from one of the following links and save it to your desktop. Link 1 Link 2 * Unzip SecurityCheck.zip and a folder named Security Check should appear. * Open the Security Check folder and double-click Security Check.bat * Follow the on-screen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt * Post the contents of that document in your next reply. Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so. ================================ Please download ComboFix from BleepingComputer.com Alternate link: GeeksToGo.com Alternate link: Forospyware.com Rename ComboFix.exe to commy.exe before you save it to your Desktop
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Scan saved at 3:01:32 PM, on 6/27/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\lpcl.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\PC Tools Firewall Plus\FWService.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe C:\WINDOWS\system32\hphmon03.exe C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Motive\AsstCommon\motmon.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\AT&T\Internet Security Wizard\ISW.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Lifeline\bin\mpbtn.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (filesize 62080 bytes, MD5 C11F6A1F61481E24BE3FDC06EA6F7D2A) O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL (filesize 1865544 bytes, MD5 9F7C6AADF6B57946D4C37C9C910EC3F4) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (filesize 41760 bytes, MD5 385BD69743EA92E76CDF07B3345A25D5) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (filesize 79648 bytes, MD5 4E2BB6D2677B42AD04BE18A6E9817B68) O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL (filesize 1865544 bytes, MD5 9F7C6AADF6B57946D4C37C9C910EC3F4) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start (filesize 405504 bytes, MD5 24C588CD72DDD39F7808922F711A3DF8) O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exeC:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exeC:\WINDOWS\system32\hphmon03.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exeC:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart (filesize 3739648 bytes, MD5 BCD9CBF0621F9A6767276A2E0BF1DD15) O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" (filesize 63712 bytes, MD5 FC9E59FE8BC4FE05382CFF5C8FC59DE1) O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (filesize 213936 bytes, MD5 2BAD84B393AF47006D80BA2F03B18029) O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exeC:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [MotiveMonitor] "C:\Program Files\Motive\AsstCommon\motmon.exe" (filesize 155648 bytes, MD5 5DBCACF3FC3E81524128D4BFBC9725D5) O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exec:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" (filesize 45056 bytes, MD5 45C07E3EE85A318D2DC8C391E952182A) O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (filesize 344064 bytes, MD5 1FF662360032871AF5F5DB9812321097) O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (filesize 39792 bytes, MD5 8B9145D229D4E89D15ACB820D4A3A90F) O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN (filesize 2061816 bytes, MD5 C6FC3B54AD1FEE0FE4069AB51BF4C724) O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (filesize 417792 bytes, MD5 55D7A219AD8D0DB8980528944152A6FD) O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (filesize 141600 bytes, MD5 68A553BDFA855C4F1074696682FCDEB6) O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey (filesize 1093208 bytes, MD5 5DB28B77A1A75DDDFEED99FB9722C540) O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s (filesize 3168216 bytes, MD5 B4C1C657FCCCAF24EBF028CE68E6D086) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" (filesize 248040 bytes, MD5 52DB6CDAC5BC7A1FC884E97C41C91213) O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2) O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Digital Lifeline.lnk = C:\Program Files\Digital Lifeline\bin\mpbtn.exe (filesize 172032 bytes, MD5 6564B07717189A921C428E7B62A90CDB) O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (filesize 471040 bytes, MD5 F8FB2CA91F25D3EAA2CAE2F0B55FEC54) O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe (filesize 118784 bytes, MD5 8C920DFE944B0DCE788DB3CB0320B336) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2) O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184988058187 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLLC:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exeC:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeC:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeC:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lpcl - Warranty Corporation of America - C:\WINDOWS\lpcl.exeC:\WINDOWS\lpcl.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exeC:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exeC:\Program Files\PC Tools Firewall Plus\FWService.exe O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exeC:\WINDOWS\system32\HPHipm09.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing) O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exeC:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- End of file - 13819 bytes ComboFix 10-06-27.03 - Sandra 06/27/2010 15:25:34.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.452 [GMT -5:00] Running from: c:\documents and settings\Sandra\My Documents\Downloads\commy.exe AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Bobby\Local Settings\Application Data\{060A2A6F-FF3B-49E3-B01B-7D2F74549326} c:\documents and settings\Bobby\Local Settings\Application Data\{060A2A6F-FF3B-49E3-B01B-7D2F74549326}\chrome.manifest c:\documents and settings\Bobby\Local Settings\Application Data\{060A2A6F-FF3B-49E3-B01B-7D2F74549326}\chrome\content\_cfg.js c:\documents and settings\Bobby\Local Settings\Application Data\{060A2A6F-FF3B-49E3-B01B-7D2F74549326}\chrome\content\overlay.xul c:\documents and settings\Bobby\Local Settings\Application Data\{060A2A6F-FF3B-49E3-B01B-7D2F74549326}\install.rdf c:\documents and settings\Sandra\Local Settings\Application Data\{C7BD1C5F-319E-495C-8B9B-EB010B705AA1} c:\documents and settings\Sandra\Local Settings\Application Data\{C7BD1C5F-319E-495C-8B9B-EB010B705AA1}\chrome.manifest c:\documents and settings\Sandra\Local Settings\Application Data\{C7BD1C5F-319E-495C-8B9B-EB010B705AA1}\chrome\content\_cfg.js c:\documents and settings\Sandra\Local Settings\Application Data\{C7BD1C5F-319E-495C-8B9B-EB010B705AA1}\chrome\content\overlay.xul c:\documents and settings\Sandra\Local Settings\Application Data\{C7BD1C5F-319E-495C-8B9B-EB010B705AA1}\install.rdf . ((((((((((((((((((((((((( Files Created from 2010-05-27 to 2010-06-27 ))))))))))))))))))))))))))))))) . 2010-06-27 19:58 . 2010-06-27 19:58--------d-----w-c:\program files\Trend Micro 2010-06-27 03:19 . 2010-06-27 03:19503808----a-w-c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20f215ac-n\msvcp71.dll 2010-06-27 03:19 . 2010-06-27 03:19499712----a-w-c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20f215ac-n\jmc.dll 2010-06-27 03:19 . 2010-06-27 03:19348160----a-w-c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20f215ac-n\msvcr71.dll 2010-06-27 03:19 . 2010-06-27 03:1961440----a-w-c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-186516e0-n\decora-sse.dll 2010-06-27 03:19 . 2010-06-27 03:1912800----a-w-c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-186516e0-n\decora-d3d.dll 2010-06-27 03:19 . 2010-06-27 03:18411368----a-w-c:\windows\system32\deployJava1.dll 2010-06-26 16:48 . 2010-06-26 16:48--------d-----w-c:\documents and settings\Sandra\Application Data\Malwarebytes 2010-06-26 16:47 . 2010-04-29 20:3938224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-26 16:47 . 2010-06-26 16:47--------d-----w-c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-26 16:43 . 2010-06-26 16:47--------d-----w-c:\program files\Malwarebytes' Anti-Malware 2010-06-26 16:43 . 2010-04-29 20:3920952----a-w-c:\windows\system32\drivers\mbam.sys 2010-06-25 02:46 . 2010-05-21 19:14221568------w-c:\windows\system32\MpSigStub.exe 2010-06-25 00:34 . 2010-06-25 00:3463488----a-w-c:\documents and settings\Sandra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-06-25 00:34 . 2010-06-25 00:3452224----a-w-c:\documents and settings\Sandra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-06-25 00:34 . 2010-06-25 00:34117760----a-w-c:\documents and settings\Sandra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-06-25 00:34 . 2010-06-25 00:34--------d-----w-c:\documents and settings\Sandra\Application Data\SUPERAntiSpyware.com 2010-06-25 00:34 . 2010-06-25 00:34--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-06-25 00:33 . 2010-06-25 00:33--------d-----w-c:\program files\SUPERAntiSpyware 2010-06-25 00:06 . 2010-06-25 00:07--------d-----w-c:\program files\CCleaner 2010-06-24 23:55 . 2010-06-24 23:56--------d-----w-c:\documents and settings\Sandra\Application Data\PCToolsFirewallPlus 2010-06-24 01:59 . 2010-06-24 01:59--------d-----w-c:\documents and settings\All Users\Application Data\RegSERVO 2010-06-24 01:47 . 2009-11-23 18:5488040----a-w-c:\windows\system32\drivers\PCTAppEvent.sys 2010-06-24 01:47 . 2009-11-09 16:20207792----a-w-c:\windows\system32\drivers\PCTCore.sys 2010-06-24 01:47 . 2010-01-07 17:40233136----a-w-c:\windows\system32\drivers\pctgntdi.sys 2010-06-24 01:47 . 2010-06-24 01:47--------d-----w-c:\program files\Common Files\PC Tools 2010-06-24 01:47 . 2010-01-12 14:3470664----a-w-c:\windows\system32\drivers\pctNdis-PacketFilter.sys 2010-06-24 01:47 . 2010-01-07 16:3558816----a-w-c:\windows\system32\drivers\pctNdis.sys 2010-06-24 01:47 . 2010-01-07 16:3532680----a-w-c:\windows\system32\drivers\pctNdis-DNS.sys 2010-06-24 01:47 . 2010-01-13 13:59115216----a-w-c:\windows\system32\drivers\pctplfw.sys 2010-06-24 01:47 . 2010-06-24 23:57--------d-----w-c:\program files\PC Tools Firewall Plus 2010-06-24 01:26 . 2010-06-24 01:26--------d-sh--w-c:\documents and settings\Administrator\IECompatCache 2010-06-24 01:25 . 2010-06-24 01:25--------d-sh--w-c:\documents and settings\Administrator\PrivacIE 2010-06-24 01:24 . 2010-06-24 01:2473424----a-w-c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-22 04:55 . 2010-06-22 04:55--------d-----w-c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2010-06-22 04:51 . 2010-06-22 04:52--------d-----w-c:\program files\Microsoft Security Essentials 2010-06-22 04:47 . 2010-06-22 04:47--------d-----w-C:\76681267014789b6f130998a7b092a 2010-06-22 04:46 . 2010-06-22 04:46--------d-----w-C:\6c46460cc4353a7a5f30ff2463 2010-06-22 04:45 . 2010-06-22 04:45--------d-----w-C:\1e2df3c2d7506665fafd0372e8c7d1 2010-06-22 04:35 . 2010-06-22 04:35--------d-----w-C:\cf0812036585e0f292cd8391f11a33ca 2010-06-22 04:15 . 2010-06-22 04:15--------d-----w-C:\0497a1ce892cce9c6dfc0a02e6 2010-06-22 03:38 . 2010-06-22 03:38--------d-sh--w-c:\documents and settings\Administrator\IETldCache 2010-06-20 04:35 . 2010-06-22 02:390----a-w-c:\windows\Thizozido.bin 2010-06-20 04:33 . 2010-06-24 05:36--------d-----w-c:\documents and settings\Bobby\Local Settings\Application Data\kuqoqmppe 2010-06-18 01:47 . 2010-05-06 10:41743424-c----w-c:\windows\system32\dllcache\iedvtool.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-27 19:53 . 2008-12-14 21:12--------d---a-w-c:\documents and settings\All Users\Application Data\TEMP 2010-06-27 03:19 . 2005-11-29 05:23--------d-----w-c:\program files\Common Files\Java 2010-06-27 02:40 . 2005-11-29 05:23--------d-----w-c:\program files\Java 2010-06-25 00:26 . 2009-08-28 20:48--------d-----w-c:\documents and settings\All Users\Application Data\ATTToolbar 2010-06-22 04:49 . 2005-11-29 05:53--------d-----w-c:\program files\Common Files\Symantec Shared 2010-06-22 04:45 . 2005-11-29 05:53--------d-----w-c:\documents and settings\All Users\Application Data\Symantec 2010-06-22 03:57 . 2008-12-14 21:07--------d-----w-c:\program files\Norton Security Scan 2010-06-22 03:32 . 2005-11-29 05:53--------d-----w-c:\program files\Symantec 2010-05-23 23:17 . 2010-05-23 23:17503808----a-w-c:\documents and settings\Bobby\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-18e85dce-n\msvcp71.dll 2010-05-23 23:17 . 2010-05-23 23:17499712----a-w-c:\documents and settings\Bobby\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-18e85dce-n\jmc.dll 2010-05-23 23:17 . 2010-05-23 23:17348160----a-w-c:\documents and settings\Bobby\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-18e85dce-n\msvcr71.dll 2010-05-06 10:41 . 2004-08-10 12:00916480----a-w-c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2004-08-10 12:001851264----a-w-c:\windows\system32\win32k.sys 2010-04-20 05:30 . 2004-08-10 12:00285696----a-w-c:\windows\system32\atmfd.dll 2010-03-31 05:16 . 2010-03-31 05:1699176----a-w-c:\windows\system32\PresentationHostProxy.dll 2010-03-31 05:10 . 2010-03-31 05:10295264----a-w-c:\windows\system32\PresentationHost.exe 2006-07-20 02:28 . 2006-07-20 02:28251----a-w-c:\program files\wt3d.ini 2007-06-21 23:38 . 2007-06-21 23:3830280----a-w-c:\program files\mozilla firefox\plugins\cgpcfg.dll 2007-06-21 23:38 . 2007-06-21 23:3879432----a-w-c:\program files\mozilla firefox\plugins\CgpCore.dll 2007-06-21 23:38 . 2007-06-21 23:3871240----a-w-c:\program files\mozilla firefox\plugins\confmgr.dll 2007-06-21 23:38 . 2007-06-21 23:38140872----a-w-c:\program files\mozilla firefox\plugins\ctxmui.dll 2007-06-21 23:39 . 2007-06-21 23:3938472----a-w-c:\program files\mozilla firefox\plugins\icafile.dll 2007-06-21 23:39 . 2007-06-21 23:3946664----a-w-c:\program files\mozilla firefox\plugins\icalogon.dll 2007-06-21 23:39 . 2007-06-21 23:3934376----a-w-c:\program files\mozilla firefox\plugins\logging.dll 2007-06-21 23:39 . 2007-06-21 23:39685640----a-w-c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2007-06-21 23:40 . 2007-06-21 23:4030280----a-w-c:\program files\mozilla firefox\plugins\TcpPServ.dll 2003-12-05 03:16 . 2006-03-20 05:3969632--sha-r-c:\windows\lnchshll.exe 2003-12-05 17:41 . 2006-03-20 05:39368640--sha-r-c:\windows\lpcl.exe 2003-12-05 03:16 . 2006-03-20 05:3949152--sha-r-c:\windows\ScrnInt.exe 2004-08-10 12:00 . 2004-08-10 12:0094784--sh--w-c:\windows\twain.dll 2008-04-14 00:12 . 2004-08-10 12:0050688--sh--w-c:\windows\twain_32.dll 2004-08-20 05:26 . 2004-08-20 05:261216--sh--w-c:\windows\Twunk_16.dll 2004-08-20 05:26 . 2004-08-20 05:261216--sh--w-c:\windows\Twunk_32.dll 2008-04-14 00:11 . 2004-08-10 12:001028096--sha-w-c:\windows\system32\mfc42.dll 2008-04-14 00:12 . 2004-08-10 12:0057344--sh--w-c:\windows\system32\msvcirt.dll 2008-04-14 00:12 . 2004-08-10 12:00413696--sha-w-c:\windows\system32\msvcp60.dll 2008-04-14 00:12 . 2004-08-10 12:00343040--sha-w-c:\windows\system32\msvcrt.dll 2008-04-14 00:12 . 2004-08-10 12:00551936--sh--w-c:\windows\system32\oleaut32.dll 2008-04-14 00:12 . 2004-08-10 12:0084992--sh--w-c:\windows\system32\olepro32.dll 2008-04-14 00:12 . 2004-08-10 12:0011776--sh--w-c:\windows\system32\regsvr32.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2006-04-18 405504] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 188416] "HPHmon03"="c:\windows\system32\hphmon03.exe" [2001-10-25 311296] "Motive SmartBridge"="c:\progra~1\SBCLIG~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936] "WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-16 430080] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344] "MotiveMonitor"="c:\program files\Motive\AsstCommon\motmon.exe" [2003-10-10 155648] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152] "CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-09-19 45056] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-28 344064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208] "00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Lifeline.lnk - c:\program files\Digital Lifeline\bin\mpbtn.exe [2006-3-20 172032] HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040] NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2006-3-19 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21548352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [6/23/2010 8:47 PM 233136] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656] R2 lpcl;lpcl;c:\windows\lpcl.exe [3/20/2006 12:39 AM 368640] R2 pciinfo;HP Pci Information;\??\c:\docume~1\Sandra\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\Sandra\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?] R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [6/23/2010 8:47 PM 88040] R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [5/16/2008 6:12 PM 102400] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 4:06 AM 231424] R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [6/23/2010 8:47 PM 70664] R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [6/23/2010 8:47 PM 58816] R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [6/23/2010 8:47 PM 115216] S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [10/25/2001 9:54 AM 18864] S3 Net6IM;Net6;c:\windows\system32\DRIVERS\CAG_im51.sys --> c:\windows\system32\DRIVERS\CAG_im51.sys [?] S4 AutoSyncService;Memeo AutoSync ;c:\program files\Memeo\AutoSync\MemeoService.exe [7/6/2007 6:28 PM 31768] . Contents of the 'Scheduled Tasks' folder 2010-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34] 2010-06-27 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 23:02] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.att.net uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html uInternet Settings,ProxyOverride = uInternet Settings,ProxyServer = http=127.0.0.1:5555 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\v0znyxy7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe HKCU-Run-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-27 15:31 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??6?2?0?5??P? ???B????hLC? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(800) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll . Completion time: 2010-06-27 15:35:12 ComboFix-quarantined-files.txt 2010-06-27 20:35 Pre-Run: 38,059,266,048 bytes free Post-Run: 38,712,512,512 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect - - End Of File - - 931F704807B959E5A5B9C10B2FC04B8A Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups. Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply. Exit out of MessengerDisable then delete the two files that were put on the desktop. =============================== Download Security Check by screen317 from one of the following links and save it to your desktop. Link 1 Link 2 * Unzip SecurityCheck.zip and a folder named Security Check should appear. * Open the Security Check folder and double-click Security Check.bat * Follow the on-screen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt * Post the contents of that document in your next reply. Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so. ====================================== Open HijackThis and select Do a system scan only Place a check MARK next to the following entries: (if there) R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2) Important: Close all open windows except for HijackThis and then click Fix checked. Once completed, exit HijackThis. =============================== Re-running ComboFix to remove infections:
Results of screen317's Security Check version 0.99.4 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! PC Tools Firewall Plus 6.0 Microsoft Security Essentials Antivirus up to date! (On Access scanning disabled!) ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware HijackThis 2.0.2 CCleaner Cleaner 5 EZ Java(TM) 6 Update 20 Adobe Flash Player 10.0.32.18 Adobe Reader 8.1.1 Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) Out of date Adobe Reader installed! ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Microsoft Security Essentials msseces.exe PC Tools Firewall Plus FWService.exe PC Tools Firewall Plus FirewallGUI.exe ```````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) ``````````End of Log```````````` ComboFix 10-06-27.03 - Sandra 06/27/2010 22:19:07.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.519 [GMT -5:00] Running from: c:\documents and settings\Sandra\My Documents\Downloads\commy.exe AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52} . ((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-28 ))))))))))))))))))))))))))))))) . 2010-06-28 02:52 . 2010-06-28 02:53--------d-----w-c:\documents and settings\Bobby\Application Data\PCToolsFirewallPlus 2010-06-27 19:58 . 2010-06-27 19:58--------d-----w-c:\program files\Trend Micro 2010-06-27 03:19 . 2010-06-27 03:19503808----a-w-c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20f215ac-n\msvcp71.dll 2010-06-27 03:19 . 2010-06-27 03:19499712----a-w-c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20f215ac-n\jmc.dll 2010-06-27 03:19 . 2010-06-27 03:19348160----a-w-c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20f215ac-n\msvcr71.dll 2010-06-27 03:19 . 2010-06-27 03:1961440----a-w-c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-186516e0-n\decora-sse.dll 2010-06-27 03:19 . 2010-06-27 03:1912800----a-w-c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-186516e0-n\decora-d3d.dll 2010-06-27 03:19 . 2010-06-27 03:18411368----a-w-c:\windows\system32\deployJava1.dll 2010-06-26 16:48 . 2010-06-26 16:48--------d-----w-c:\documents and settings\Sandra\Application Data\Malwarebytes 2010-06-26 16:47 . 2010-04-29 20:3938224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-26 16:47 . 2010-06-26 16:47--------d-----w-c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-26 16:43 . 2010-06-26 16:47--------d-----w-c:\program files\Malwarebytes' Anti-Malware 2010-06-26 16:43 . 2010-04-29 20:3920952----a-w-c:\windows\system32\drivers\mbam.sys 2010-06-25 02:46 . 2010-05-21 19:14221568------w-c:\windows\system32\MpSigStub.exe 2010-06-25 00:34 . 2010-06-25 00:3463488----a-w-c:\documents and settings\Sandra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-06-25 00:34 . 2010-06-25 00:3452224----a-w-c:\documents and settings\Sandra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-06-25 00:34 . 2010-06-25 00:34117760----a-w-c:\documents and settings\Sandra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-06-25 00:34 . 2010-06-25 00:34--------d-----w-c:\documents and settings\Sandra\Application Data\SUPERAntiSpyware.com 2010-06-25 00:34 . 2010-06-25 00:34--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-06-25 00:33 . 2010-06-25 00:33--------d-----w-c:\program files\SUPERAntiSpyware 2010-06-25 00:06 . 2010-06-25 00:07--------d-----w-c:\program files\CCleaner 2010-06-24 23:55 . 2010-06-24 23:56--------d-----w-c:\documents and settings\Sandra\Application Data\PCToolsFirewallPlus 2010-06-24 01:59 . 2010-06-24 01:59--------d-----w-c:\documents and settings\All Users\Application Data\RegSERVO 2010-06-24 01:47 . 2009-11-23 18:5488040----a-w-c:\windows\system32\drivers\PCTAppEvent.sys 2010-06-24 01:47 . 2009-11-09 16:20207792----a-w-c:\windows\system32\drivers\PCTCore.sys 2010-06-24 01:47 . 2010-01-07 17:40233136----a-w-c:\windows\system32\drivers\pctgntdi.sys 2010-06-24 01:47 . 2010-06-24 01:47--------d-----w-c:\program files\Common Files\PC Tools 2010-06-24 01:47 . 2010-01-12 14:3470664----a-w-c:\windows\system32\drivers\pctNdis-PacketFilter.sys 2010-06-24 01:47 . 2010-01-07 16:3558816----a-w-c:\windows\system32\drivers\pctNdis.sys 2010-06-24 01:47 . 2010-01-07 16:3532680----a-w-c:\windows\system32\drivers\pctNdis-DNS.sys 2010-06-24 01:47 . 2010-01-13 13:59115216----a-w-c:\windows\system32\drivers\pctplfw.sys 2010-06-24 01:47 . 2010-06-24 23:57--------d-----w-c:\program files\PC Tools Firewall Plus 2010-06-24 01:26 . 2010-06-24 01:26--------d-sh--w-c:\documents and settings\Administrator\IECompatCache 2010-06-24 01:25 . 2010-06-24 01:25--------d-sh--w-c:\documents and settings\Administrator\PrivacIE 2010-06-24 01:24 . 2010-06-24 01:2473424----a-w-c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-22 04:55 . 2010-06-22 04:55--------d-----w-c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2010-06-22 04:51 . 2010-06-22 04:52--------d-----w-c:\program files\Microsoft Security Essentials 2010-06-22 04:47 . 2010-06-22 04:47--------d-----w-C:\76681267014789b6f130998a7b092a 2010-06-22 04:46 . 2010-06-22 04:46--------d-----w-C:\6c46460cc4353a7a5f30ff2463 2010-06-22 04:45 . 2010-06-22 04:45--------d-----w-C:\1e2df3c2d7506665fafd0372e8c7d1 2010-06-22 04:35 . 2010-06-22 04:35--------d-----w-C:\cf0812036585e0f292cd8391f11a33ca 2010-06-22 04:15 . 2010-06-22 04:15--------d-----w-C:\0497a1ce892cce9c6dfc0a02e6 2010-06-22 03:38 . 2010-06-22 03:38--------d-sh--w-c:\documents and settings\Administrator\IETldCache 2010-06-20 04:35 . 2010-06-22 02:390----a-w-c:\windows\Thizozido.bin 2010-06-20 04:33 . 2010-06-24 05:36--------d-----w-c:\documents and settings\Bobby\Local Settings\Application Data\kuqoqmppe 2010-06-18 01:47 . 2010-05-06 10:41743424-c----w-c:\windows\system32\dllcache\iedvtool.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-28 03:01 . 2008-12-14 21:12--------d---a-w-c:\documents and settings\All Users\Application Data\TEMP 2010-06-27 03:19 . 2005-11-29 05:23--------d-----w-c:\program files\Common Files\Java 2010-06-27 02:40 . 2005-11-29 05:23--------d-----w-c:\program files\Java 2010-06-25 00:26 . 2009-08-28 20:48--------d-----w-c:\documents and settings\All Users\Application Data\ATTToolbar 2010-06-22 04:49 . 2005-11-29 05:53--------d-----w-c:\program files\Common Files\Symantec Shared 2010-06-22 04:45 . 2005-11-29 05:53--------d-----w-c:\documents and settings\All Users\Application Data\Symantec 2010-06-22 03:57 . 2008-12-14 21:07--------d-----w-c:\program files\Norton Security Scan 2010-06-22 03:32 . 2005-11-29 05:53--------d-----w-c:\program files\Symantec 2010-05-23 23:17 . 2010-05-23 23:17503808----a-w-c:\documents and settings\Bobby\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-18e85dce-n\msvcp71.dll 2010-05-23 23:17 . 2010-05-23 23:17499712----a-w-c:\documents and settings\Bobby\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-18e85dce-n\jmc.dll 2010-05-23 23:17 . 2010-05-23 23:17348160----a-w-c:\documents and settings\Bobby\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-18e85dce-n\msvcr71.dll 2010-05-06 10:41 . 2004-08-10 12:00916480----a-w-c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2004-08-10 12:001851264----a-w-c:\windows\system32\win32k.sys 2010-04-20 05:30 . 2004-08-10 12:00285696----a-w-c:\windows\system32\atmfd.dll 2010-03-31 05:16 . 2010-03-31 05:1699176----a-w-c:\windows\system32\PresentationHostProxy.dll 2010-03-31 05:10 . 2010-03-31 05:10295264----a-w-c:\windows\system32\PresentationHost.exe 2006-07-20 02:28 . 2006-07-20 02:28251----a-w-c:\program files\wt3d.ini 2007-06-21 23:38 . 2007-06-21 23:3830280----a-w-c:\program files\mozilla firefox\plugins\cgpcfg.dll 2007-06-21 23:38 . 2007-06-21 23:3879432----a-w-c:\program files\mozilla firefox\plugins\CgpCore.dll 2007-06-21 23:38 . 2007-06-21 23:3871240----a-w-c:\program files\mozilla firefox\plugins\confmgr.dll 2007-06-21 23:38 . 2007-06-21 23:38140872----a-w-c:\program files\mozilla firefox\plugins\ctxmui.dll 2007-06-21 23:39 . 2007-06-21 23:3938472----a-w-c:\program files\mozilla firefox\plugins\icafile.dll 2007-06-21 23:39 . 2007-06-21 23:3946664----a-w-c:\program files\mozilla firefox\plugins\icalogon.dll 2007-06-21 23:39 . 2007-06-21 23:3934376----a-w-c:\program files\mozilla firefox\plugins\logging.dll 2007-06-21 23:39 . 2007-06-21 23:39685640----a-w-c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2007-06-21 23:40 . 2007-06-21 23:4030280----a-w-c:\program files\mozilla firefox\plugins\TcpPServ.dll 2003-12-05 03:16 . 2006-03-20 05:3969632--sha-r-c:\windows\lnchshll.exe 2003-12-05 17:41 . 2006-03-20 05:39368640--sha-r-c:\windows\lpcl.exe 2003-12-05 03:16 . 2006-03-20 05:3949152--sha-r-c:\windows\ScrnInt.exe 2004-08-10 12:00 . 2004-08-10 12:0094784--sh--w-c:\windows\twain.dll 2008-04-14 00:12 . 2004-08-10 12:0050688--sh--w-c:\windows\twain_32.dll 2004-08-20 05:26 . 2004-08-20 05:261216--sh--w-c:\windows\Twunk_16.dll 2004-08-20 05:26 . 2004-08-20 05:261216--sh--w-c:\windows\Twunk_32.dll 2008-04-14 00:11 . 2004-08-10 12:001028096--sha-w-c:\windows\system32\mfc42.dll 2008-04-14 00:12 . 2004-08-10 12:0057344--sh--w-c:\windows\system32\msvcirt.dll 2008-04-14 00:12 . 2004-08-10 12:00413696--sha-w-c:\windows\system32\msvcp60.dll 2008-04-14 00:12 . 2004-08-10 12:00551936--sh--w-c:\windows\system32\oleaut32.dll 2008-04-14 00:12 . 2004-08-10 12:0011776--sh--w-c:\windows\system32\regsvr32.exe . ((((((((((((((((((((((((((((( [emailprotected]_20.32.02 ))))))))))))))))))))))))))))))))))))))))) . + 2010-06-28 02:54 . 2010-06-28 02:5416384 c:\windows\Temp\Perflib_Perfdata_6e8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2006-04-18 405504] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 188416] "HPHmon03"="c:\windows\system32\hphmon03.exe" [2001-10-25 311296] "Motive SmartBridge"="c:\progra~1\SBCLIG~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936] "WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-16 430080] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344] "MotiveMonitor"="c:\program files\Motive\AsstCommon\motmon.exe" [2003-10-10 155648] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152] "CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-09-19 45056] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-28 344064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208] "00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Lifeline.lnk - c:\program files\Digital Lifeline\bin\mpbtn.exe [2006-3-20 172032] HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040] NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2006-3-19 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21548352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [6/23/2010 8:47 PM 233136] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656] R2 lpcl;lpcl;c:\windows\lpcl.exe [3/20/2006 12:39 AM 368640] R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [6/23/2010 8:47 PM 88040] R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [5/16/2008 6:12 PM 102400] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 4:06 AM 231424] R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [6/23/2010 8:47 PM 70664] R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [6/23/2010 8:47 PM 58816] R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [6/23/2010 8:47 PM 115216] S2 pciinfo;HP Pci Information;\??\c:\docume~1\Sandra\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\Sandra\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?] S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [10/25/2001 9:54 AM 18864] S3 Net6IM;Net6;c:\windows\system32\DRIVERS\CAG_im51.sys --> c:\windows\system32\DRIVERS\CAG_im51.sys [?] S4 AutoSyncService;Memeo AutoSync ;c:\program files\Memeo\AutoSync\MemeoService.exe [7/6/2007 6:28 PM 31768] . Contents of the 'Scheduled Tasks' folder 2010-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34] 2010-06-28 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 23:02] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.att.net uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html uInternet Settings,ProxyOverride = uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\v0znyxy7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-27 22:26 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??6?2?0?5? ???B????hLC? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(800) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(14508) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2010-06-27 22:29:21 ComboFix-quarantined-files.txt 2010-06-28 03:29 ComboFix2.txt 2010-06-27 20:35 Pre-Run: 38,784,167,936 bytes free Post-Run: 38,768,476,160 bytes free - - End Of File - - 034D137168A3027DEDD2556C3841487F Please download the newest version of Adobe Acrobat Reader from Adobe.com Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable. Go to the Control Panel and enter ADD or Remove Programs. Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them. Once old versions are gone, please install the newest version. ===================================== Did you run the ComboFix script as instructed in Reply #5. If not, please do so and send me the log.I had to run the ComboFx in Safe Mode it was running a memory physical dump. Here is my log after running the ComboFix with the script. ComboFix 10-06-27.06 - Sandra 06/28/2010 22:12:58.5.1 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.756 [GMT -5:00] Running from: c:\documents and settings\Sandra\My Documents\Downloads\commy.exe Command switches used :: c:\documents and settings\Sandra\My Documents\Downloads\CFScript.txt AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52} FILE :: "c:\windows\Thizozido.bin" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Thizozido.bin . ((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-29 ))))))))))))))))))))))))))))))) . 2010-06-29 02:48 . 2010-06-29 02:48--------d-----w-c:\documents and settings\Default User\Local Settings\Application Data\Adobe 2010-06-29 02:28 . 2010-06-29 02:2853632----a-w-c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-06-29 02:28 . 2010-06-29 02:28--------d-----w-c:\program files\Common Files\Adobe AIR 2010-06-29 02:21 . 2010-06-29 03:11--------d-----w-c:\documents and settings\All Users\Application Data\NOS 2010-06-29 00:35 . 2010-06-29 00:35--------d-----w-c:\documents and settings\Sandra\Local Settings\Application Data\PCHealth 2010-06-28 02:52 . 2010-06-28 02:53--------d-----w-c:\documents and settings\Bobby\Application Data\PCToolsFirewallPlus 2010-06-27 19:58 . 2010-06-27 19:58--------d-----w-c:\program files\Trend Micro 2010-06-27 03:19 . 2010-06-27 03:19503808----a-w-c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20f215ac-n\msvcp71.dll 2010-06-27 03:19 . 2010-06-27 03:19499712----a-w-c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20f215ac-n\jmc.dll 2010-06-27 03:19 . 2010-06-27 03:19348160----a-w-c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20f215ac-n\msvcr71.dll 2010-06-27 03:19 . 2010-06-27 03:1961440----a-w-c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-186516e0-n\decora-sse.dll 2010-06-27 03:19 . 2010-06-27 03:1912800----a-w-c:\documents and settings\Sandra\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-186516e0-n\decora-d3d.dll 2010-06-27 03:19 . 2010-06-27 03:18411368----a-w-c:\windows\system32\deployJava1.dll 2010-06-26 16:48 . 2010-06-26 16:48--------d-----w-c:\documents and settings\Sandra\Application Data\Malwarebytes 2010-06-26 16:47 . 2010-04-29 20:3938224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-26 16:47 . 2010-06-26 16:47--------d-----w-c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-26 16:43 . 2010-06-26 16:47--------d-----w-c:\program files\Malwarebytes' Anti-Malware 2010-06-26 16:43 . 2010-04-29 20:3920952----a-w-c:\windows\system32\drivers\mbam.sys 2010-06-25 02:46 . 2010-05-21 19:14221568------w-c:\windows\system32\MpSigStub.exe 2010-06-25 00:34 . 2010-06-25 00:3463488----a-w-c:\documents and settings\Sandra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-06-25 00:34 . 2010-06-25 00:3452224----a-w-c:\documents and settings\Sandra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-06-25 00:34 . 2010-06-25 00:34117760----a-w-c:\documents and settings\Sandra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-06-25 00:34 . 2010-06-25 00:34--------d-----w-c:\documents and settings\Sandra\Application Data\SUPERAntiSpyware.com 2010-06-25 00:34 . 2010-06-25 00:34--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-06-25 00:33 . 2010-06-25 00:33--------d-----w-c:\program files\SUPERAntiSpyware 2010-06-25 00:06 . 2010-06-25 00:07--------d-----w-c:\program files\CCleaner 2010-06-24 23:55 . 2010-06-24 23:56--------d-----w-c:\documents and settings\Sandra\Application Data\PCToolsFirewallPlus 2010-06-24 01:59 . 2010-06-24 01:59--------d-----w-c:\documents and settings\All Users\Application Data\RegSERVO 2010-06-24 01:47 . 2009-11-23 18:5488040----a-w-c:\windows\system32\drivers\PCTAppEvent.sys 2010-06-24 01:47 . 2009-11-09 16:20207792----a-w-c:\windows\system32\drivers\PCTCore.sys 2010-06-24 01:47 . 2010-01-07 17:40233136----a-w-c:\windows\system32\drivers\pctgntdi.sys 2010-06-24 01:47 . 2010-06-24 01:47--------d-----w-c:\program files\Common Files\PC Tools 2010-06-24 01:47 . 2010-01-12 14:3470664----a-w-c:\windows\system32\drivers\pctNdis-PacketFilter.sys 2010-06-24 01:47 . 2010-01-07 16:3558816----a-w-c:\windows\system32\drivers\pctNdis.sys 2010-06-24 01:47 . 2010-01-07 16:3532680----a-w-c:\windows\system32\drivers\pctNdis-DNS.sys 2010-06-24 01:47 . 2010-01-13 13:59115216----a-w-c:\windows\system32\drivers\pctplfw.sys 2010-06-24 01:47 . 2010-06-24 23:57--------d-----w-c:\program files\PC Tools Firewall Plus 2010-06-24 01:26 . 2010-06-24 01:26--------d-sh--w-c:\documents and settings\Administrator\IECompatCache 2010-06-24 01:25 . 2010-06-24 01:25--------d-sh--w-c:\documents and settings\Administrator\PrivacIE 2010-06-24 01:24 . 2010-06-24 01:2473424----a-w-c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-22 04:55 . 2010-06-22 04:55--------d-----w-c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2010-06-22 04:51 . 2010-06-22 04:52--------d-----w-c:\program files\Microsoft Security Essentials 2010-06-22 04:47 . 2010-06-22 04:47--------d-----w-C:\76681267014789b6f130998a7b092a 2010-06-22 04:46 . 2010-06-22 04:46--------d-----w-C:\6c46460cc4353a7a5f30ff2463 2010-06-22 04:45 . 2010-06-22 04:45--------d-----w-C:\1e2df3c2d7506665fafd0372e8c7d1 2010-06-22 04:35 . 2010-06-22 04:35--------d-----w-C:\cf0812036585e0f292cd8391f11a33ca 2010-06-22 04:15 . 2010-06-22 04:15--------d-----w-C:\0497a1ce892cce9c6dfc0a02e6 2010-06-22 03:38 . 2010-06-22 03:38--------d-sh--w-c:\documents and settings\Administrator\IETldCache 2010-06-20 04:33 . 2010-06-24 05:36--------d-----w-c:\documents and settings\Bobby\Local Settings\Application Data\kuqoqmppe 2010-06-18 01:47 . 2010-05-06 10:41743424-c----w-c:\windows\system32\dllcache\iedvtool.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-29 03:22 . 2008-12-14 21:12--------d---a-w-c:\documents and settings\All Users\Application Data\TEMP 2010-06-29 02:47 . 2006-03-09 03:55--------d-----w-c:\program files\Common Files\Adobe 2010-06-28 04:48 . 2009-08-28 20:48--------d-----w-c:\documents and settings\All Users\Application Data\ATTToolbar 2010-06-27 03:19 . 2005-11-29 05:23--------d-----w-c:\program files\Common Files\Java 2010-06-27 02:40 . 2005-11-29 05:23--------d-----w-c:\program files\Java 2010-06-22 04:49 . 2005-11-29 05:53--------d-----w-c:\program files\Common Files\Symantec Shared 2010-06-22 04:45 . 2005-11-29 05:53--------d-----w-c:\documents and settings\All Users\Application Data\Symantec 2010-06-22 03:57 . 2008-12-14 21:07--------d-----w-c:\program files\Norton Security Scan 2010-06-22 03:32 . 2005-11-29 05:53--------d-----w-c:\program files\Symantec 2010-05-23 23:17 . 2010-05-23 23:17503808----a-w-c:\documents and settings\Bobby\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-18e85dce-n\msvcp71.dll 2010-05-23 23:17 . 2010-05-23 23:17499712----a-w-c:\documents and settings\Bobby\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-18e85dce-n\jmc.dll 2010-05-23 23:17 . 2010-05-23 23:17348160----a-w-c:\documents and settings\Bobby\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-18e85dce-n\msvcr71.dll 2010-05-06 10:41 . 2004-08-10 12:00916480----a-w-c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2004-08-10 12:001851264----a-w-c:\windows\system32\win32k.sys 2010-04-20 05:30 . 2004-08-10 12:00285696----a-w-c:\windows\system32\atmfd.dll 2010-03-31 05:16 . 2010-03-31 05:1699176----a-w-c:\windows\system32\PresentationHostProxy.dll 2010-03-31 05:10 . 2010-03-31 05:10295264----a-w-c:\windows\system32\PresentationHost.exe 2006-07-20 02:28 . 2006-07-20 02:28251----a-w-c:\program files\wt3d.ini 2007-06-21 23:38 . 2007-06-21 23:3830280----a-w-c:\program files\mozilla firefox\plugins\cgpcfg.dll 2007-06-21 23:38 . 2007-06-21 23:3879432----a-w-c:\program files\mozilla firefox\plugins\CgpCore.dll 2007-06-21 23:38 . 2007-06-21 23:3871240----a-w-c:\program files\mozilla firefox\plugins\confmgr.dll 2007-06-21 23:38 . 2007-06-21 23:38140872----a-w-c:\program files\mozilla firefox\plugins\ctxmui.dll 2007-06-21 23:39 . 2007-06-21 23:3938472----a-w-c:\program files\mozilla firefox\plugins\icafile.dll 2007-06-21 23:39 . 2007-06-21 23:3946664----a-w-c:\program files\mozilla firefox\plugins\icalogon.dll 2007-06-21 23:39 . 2007-06-21 23:3934376----a-w-c:\program files\mozilla firefox\plugins\logging.dll 2007-06-21 23:39 . 2007-06-21 23:39685640----a-w-c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2007-06-21 23:40 . 2007-06-21 23:4030280----a-w-c:\program files\mozilla firefox\plugins\TcpPServ.dll 2003-12-05 03:16 . 2006-03-20 05:3969632--sha-r-c:\windows\lnchshll.exe 2003-12-05 17:41 . 2006-03-20 05:39368640--sha-r-c:\windows\lpcl.exe 2003-12-05 03:16 . 2006-03-20 05:3949152--sha-r-c:\windows\ScrnInt.exe 2004-08-10 12:00 . 2004-08-10 12:0094784--sh--w-c:\windows\twain.dll 2008-04-14 00:12 . 2004-08-10 12:0050688--sh--w-c:\windows\twain_32.dll 2004-08-20 05:26 . 2004-08-20 05:261216--sh--w-c:\windows\Twunk_16.dll 2004-08-20 05:26 . 2004-08-20 05:261216--sh--w-c:\windows\Twunk_32.dll 2008-04-14 00:11 . 2004-08-10 12:001028096--sha-w-c:\windows\system32\mfc42.dll 2008-04-14 00:12 . 2004-08-10 12:0057344--sh--w-c:\windows\system32\msvcirt.dll 2008-04-14 00:12 . 2004-08-10 12:00413696--sha-w-c:\windows\system32\msvcp60.dll 2008-04-14 00:12 . 2004-08-10 12:00551936--sh--w-c:\windows\system32\oleaut32.dll 2008-04-14 00:12 . 2004-08-10 12:0011776--sh--w-c:\windows\system32\regsvr32.exe . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\documents and settings\Bobby\Local Settings\Application Data\kuqoqmppe ---- ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2006-04-18 405504] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 188416] "HPHmon03"="c:\windows\system32\hphmon03.exe" [2001-10-25 311296] "Motive SmartBridge"="c:\progra~1\SBCLIG~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936] "WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-16 430080] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344] "MotiveMonitor"="c:\program files\Motive\AsstCommon\motmon.exe" [2003-10-10 155648] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152] "CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-09-19 45056] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-28 344064] "ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208] "00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Lifeline.lnk - c:\program files\Digital Lifeline\bin\mpbtn.exe [2006-3-20 172032] HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040] NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2006-3-19 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21548352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [6/23/2010 8:47 PM 233136] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656] R2 lpcl;lpcl;c:\windows\lpcl.exe [3/20/2006 12:39 AM 368640] R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [6/23/2010 8:47 PM 88040] R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [5/16/2008 6:12 PM 102400] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 4:06 AM 231424] R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [6/23/2010 8:47 PM 70664] R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [6/23/2010 8:47 PM 58816] R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [6/23/2010 8:47 PM 115216] S2 pciinfo;HP Pci Information;\??\c:\docume~1\Sandra\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\Sandra\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?] S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [10/25/2001 9:54 AM 18864] S3 Net6IM;Net6;c:\windows\system32\DRIVERS\CAG_im51.sys --> c:\windows\system32\DRIVERS\CAG_im51.sys [?] S4 AutoSyncService;Memeo AutoSync ;c:\program files\Memeo\AutoSync\MemeoService.exe [7/6/2007 6:28 PM 31768] . Contents of the 'Scheduled Tasks' folder 2010-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34] 2010-06-29 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 23:02] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.att.net uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html uInternet Settings,ProxyOverride = uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Sandra\Application Data\Mozilla\Firefox\Profiles\v0znyxy7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-28 22:22 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe???n??|??? ???B????hLC? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1124) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(4264) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Microsoft Security Essentials\MsMpEng.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\PC Tools Firewall Plus\FWService.exe c:\windows\system32\HPZipm12.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\progra~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\windows\eHome\ehmsas.exe c:\program files\HPQ\SHARED\HPQWMI.exe . ************************************************************************** . Completion time: 2010-06-28 22:29:42 - machine was rebooted ComboFix-quarantined-files.txt 2010-06-29 03:29 ComboFix2.txt 2010-06-28 03:29 ComboFix3.txt 2010-06-27 20:35 Pre-Run: 37,172,535,296 bytes free Post-Run: 37,158,219,776 bytes free - - End Of File - - FE582E01464266889D9389BD4DA18118 What issues were you having with your computer? Are they still occuring?I believe that it is working ok. I need to check the applications and other user accounts to make sure. Thank you soo much for your help in resolving these issues. Please run one more scan for me and if it comes up negative, we'll so some clean-up. I'd like us to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
•Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt I ran the ESET Online scanner with both the Remove Found Threats and Scan Archives checked and no threats were found. Looks like its working well. Thanks again for all your help.Ok. That sound good. Let's do some clean-up * Click START then RUN - Vista users press the Windows Key and the R keys for the Run box. * Now type commy /uninstall in the runbox * Make sure there's a space between commy and /Uninstall * Then hit Enter * The above procedure will: * Delete the following: * ComboFix and its associated files and folders. * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. ============================ Download OTC by OldTimer and save it to your desktop. 1. Double-click OTC to run it. 2. Click the CleanUp! button. 3. Select Yes when the "Begin cleanup Process?" prompt appears. 4. If you are prompted to Reboot during the cleanup, select Yes 5. OTC should delete itself once it finishes, if not delete it yourself. ============================= Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ================================= Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity THEFT, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! |
|
| 3135. |
Solve : In need of DESPERATE help...almost giving up, please!!!! Help!!? |
|
Answer» Something has happened to my internet, it just wont work..I have tried everything from system restoring to 4 months ago, doing countless virus scans and it just wont work. It happened about 3 weeks ago when I did a virus scan with avast and I had about 15 viruses, I got rid of them but then my internet didn't work. I did a diagnostic and this is what it said: WinSock Diagnostic WinSock status info Error attmpting to validate the Winsock base providers: 2 error Not all base service provider entries could be found in the winsock catalog. A reset is needed. info Redirecting user to support call Network Adapter Diagnostic Network location detection info Using home Internet connection Network adapter identification info Network connection: Name=Local Area Connection, Device=Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC, MediaType=LAN, SubMediaType=LAN info Network connection: Name=1394 Connection 2, Device=1394 Net Adapter, MediaType=LAN, SubMediaType=1394 info Ethernet connection selected Network adapter status info Network connection status: Connected HTTP, HTTPS, FTP Diagnostic HTTP, HTTPS, FTP connectivity warn FTP (Passive): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved warn HTTP: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved warn HTTPS: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved warn FTP (Active): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved warn HTTPS: Error 12007 connecting to www.passport.net: The server name or address could not be resolved warn HTTP: Error 12007 connecting to www.hotmail.com: The server name or address could not be resolved error Could not make an HTTP connection. error Could not make an HTTPS connection. error Could not make an FTP connection It says im connected but it wont load, I have tried winsockfix and everything but it wont work..I even tried google chrome but that didn't work too...please help me I beg u! Please download RenewMyDNS by DragonMaster Jay.
RenewMyDNS by DragonMaster Jay DNS Diagnostics and refresher Version 0.1.4 - November 2009 Microsoft Windows XP [Version 5.1.2600] (((((((((((((((((((( Network and DNS Information )))))))))))))))))))) Windows IP Configuration An internal error occurred: The request is not supported. Please contact Microsoft Product Support Services for further help. Additional information: Unable to query host name. (((((((((((((((((((( DNS-Fake Request Testing and Flush )))))))))))))))))))) ... Requests made were successful Windows IP Configuration An internal error occurred: The request is not supported. Please contact Microsoft Product Support Services for further help. Additional information: Unable to query host name. (((((((((((((((((((( Speed-test - Ping )))))))))))))))))))) Ping request could not find host yahoo.com. Please check the name and try again. Ping request could not find host geekpolice.net. Please check the name and try again. Ping request could not find host facebook.com. Please check the name and try again. Ping request could not find host microsoft.com. Please check the name and try again. ******************** EOF Thanks again.Please visit this webpage for a tutorial on downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix See the area: Using ComboFix, and when done, post the log back here.Thanks 4 reply: ComboFix 10-06-14.01 - Tom_2 06/15/2010 21:00:13.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2012.1391 [GMT 1:00] Running from: E:\ComboFix.exe AV: avast! Antivirus *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other DELETIONS ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf c:\documents and settings\Tom_2\Application Data\logs.dat c:\documents and settings\Tom_2\Application Data\SQLite3.dll c:\documents and settings\Tom_2\Local Settings\Temporary Internet Files\3Ho2Cejp.jpg c:\documents and settings\Tom_2\Local Settings\Temporary Internet Files\l4P2Ikk5.jpg c:\documents and settings\Tom_2\Local Settings\Temporary Internet Files\P3v3Y0e.jpg c:\documents and settings\Tom_2\Local Settings\Temporary Internet Files\Yt1n17En.jpg c:\program files\Cheat Engine\dbk32.sys c:\program files\Internet Explorer\IEXPLORER.EXE c:\windows\system32\Winlogon . ((((((((((((((((((((((((( Files Created from 2010-05-15 to 2010-06-15 ))))))))))))))))))))))))))))))) . 2010-06-11 18:47 . 2010-06-12 12:12--------d-----w-c:\documents and settings\Tom_2\Local Settings\Application Data\Google 2010-06-11 18:42 . 2010-06-11 18:42--------d-----w-c:\windows\system32\Registry Patrol 2010-06-11 18:35 . 2010-06-11 18:42--------d-----w-C:\ERDNT 2010-06-06 17:09 . 2010-06-11 18:42--------d-----w-c:\program files\Registry Patrol 2010-05-27 17:23 . 2010-04-14 16:3119024----a-w-c:\windows\system32\drivers\aswFsBlk.sys 2010-05-27 17:23 . 2010-04-14 16:35162768----a-w-c:\windows\system32\drivers\aswSP.sys 2010-05-27 17:23 . 2010-04-14 16:3123376----a-w-c:\windows\system32\drivers\aswRdr.sys 2010-05-27 17:23 . 2010-04-14 16:3546672----a-w-c:\windows\system32\drivers\aswTdi.sys 2010-05-27 17:23 . 2010-04-14 16:31100432----a-w-c:\windows\system32\drivers\aswmon2.sys 2010-05-27 17:23 . 2010-04-14 16:3194800----a-w-c:\windows\system32\drivers\aswmon.sys 2010-05-27 17:23 . 2010-04-14 16:3028880----a-w-c:\windows\system32\drivers\aavmker4.sys 2010-05-27 17:21 . 2010-04-14 16:4738848----a-w-c:\windows\system32\avastSS.scr 2010-05-27 17:21 . 2010-04-14 16:47153184----a-w-c:\windows\system32\aswBoot.exe 2010-05-27 14:56 . 2010-05-27 14:56--------d-sh--w-c:\documents and settings\LocalService\IETldCache 2010-05-27 06:34 . 2010-05-27 06:34--------d-sh--w-c:\documents and settings\Administrator.TOM-2C5350163A3.000\PrivacIE 2010-05-25 18:21 . 2010-05-25 18:21--------d-----w-C:\DF 2010-05-25 18:21 . 2010-05-25 18:21--------d-----w-C:\.yanillescapeclientv3_file_store_32 2010-05-25 18:21 . 2010-05-25 18:21--------d-----w-C:\.sabsabionline474 2010-05-25 18:21 . 2010-05-25 18:21--------d-----w-C:\.sabsabi_store_32 2010-05-25 18:21 . 2010-05-25 18:21--------d-----w-C:\.pc_store_32 2010-05-25 18:21 . 2010-05-25 18:21--------d-----w-C:\.fub_file_store_32 2010-05-25 18:21 . 2010-05-25 18:21--------d-----w-C:\.file_store_32 2010-05-25 16:42 . 2010-05-25 18:21--------d-s---w-c:\documents and settings\Administrator.TOM-2C5350163A3 2010-05-25 06:46 . 2010-05-25 17:55--------d-----w-c:\documents and settings\Administrator\Application Data\Orbit 2010-05-25 06:45 . 2010-05-25 06:45--------d-----w-c:\documents and settings\Administrator\PrivacIE 2010-05-25 06:44 . 2010-05-25 06:4414264----a-w-c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-25 06:41 . 2010-05-25 06:41--------d-----w-c:\documents and settings\Administrator\IETldCache 2010-05-25 06:40 . 2010-05-25 18:21--------d-----w-c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft 2010-05-25 06:40 . 2010-05-25 18:21--------d-s---w-c:\documents and settings\Administrator 2010-05-23 19:31 . 2010-05-25 17:57--------d-----w-C:\cache525 2010-05-23 16:12 . 2010-05-25 18:21--------d-----w-c:\documents and settings\All Users\Application Data\DivX . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-15 20:04 . 2010-01-25 19:46--------d-----w-c:\program files\Cheat Engine 2010-06-13 13:24 . 2010-01-08 20:341324----a-w-c:\windows\system32\d3d9caps.dat 2010-06-11 18:42 . 2010-04-19 17:14--------d-----w-c:\documents and settings\All Users\Application Data\Alwil Software 2010-05-26 21:36 . 2009-11-29 20:34--------d-----w-c:\documents and settings\Tom_2\Application Data\Orbit 2010-05-26 21:19 . 2009-12-09 19:2742----a-w-c:\documents and settings\Tom_2\jagex_runescape_preferences.dat 2010-05-26 21:11 . 2009-12-09 19:2881----a-w-c:\documents and settings\Tom_2\jagex_runescape_preferences2.dat 2010-05-03 12:43 . 2009-11-29 20:34--------d-----w-c:\program files\Orbitdownloader 2010-05-03 00:27 . 2010-05-03 00:27--------d-----w-c:\program files\Simple Shutdown Timer 2010-04-30 07:13 . 2010-04-30 07:13--------d-----w-c:\program files\Shutdown Timer 2010-04-27 18:32 . 2010-03-21 14:01--------d-----w-c:\documents and settings\Tom_2\Application Data\godzHell 2010-04-27 18:32 . 2010-04-27 18:3217----a-w-c:\documents and settings\Tom_2\Application Data\godzHell\jag2png.bat 2010-04-26 14:57 . 2005-11-06 00:49--------d-sh--r-c:\documents and settings\Tom_2\Application Data\systemm 2010-04-20 06:30 . 2010-01-15 18:26--------d-----w-c:\program files\Alwil Software 2010-04-02 10:46 . 2010-04-02 10:46503808----a-w-c:\documents and settings\Tom_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-46949b87-n\msvcp71.dll 2010-04-02 10:46 . 2010-04-02 10:46499712----a-w-c:\documents and settings\Tom_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-46949b87-n\jmc.dll 2010-04-02 10:46 . 2010-04-02 10:46348160----a-w-c:\documents and settings\Tom_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-46949b87-n\msvcr71.dll 2010-04-02 10:46 . 2010-04-02 10:4661440----a-w-c:\documents and settings\Tom_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-37a14481-n\decora-sse.dll 2010-04-02 10:46 . 2010-04-02 10:4612800----a-w-c:\documents and settings\Tom_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-37a14481-n\decora-d3d.dll 2010-03-24 17:15 . 2010-03-24 17:150----a-w-c:\documents and settings\Tom_2\jagex__preferences3.dat 2010-03-21 15:56 . 2010-03-21 15:5617----a-w-c:\documents and settings\Tom_2\Application Data\pkClient\jag2png.bat 2005-07-12 16:37 . 2010-01-09 16:46293376--sha-r-c:\windows\system32\winsnc\plugin.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-01-02 417792] "RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe" [2009-08-22 2781184] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "c:\\Program Files\\Steam\\steamapps\\sirtom125\\garrysmod\\hl2.exe"= "c:\\Program Files\\ijji\\ijji REACTOR\\REACTOR.exe"= "c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/27/2010 6:23 PM 162768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/27/2010 6:23 PM 19024] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 rak;rak;c:\windows\system32\rakion.sys [1/4/2010 6:37 PM 60928] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?] S3 XDva289;XDva289;\??\c:\windows\system32\XDva289.sys --> c:\windows\system32\XDva289.sys [?] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) HKCU-Run-winsnc - c:\windows\system32\winsnc\winsnc.bat HKLM-Run-nwiz - nwiz.exe HKLM-Explorer_Run-update - c:\windows\systemm\update.exe ActiveSetup-{0L4KN5M7-637R-M2Y3-RPX7-15WEYS2DU8AL} - c:\windows\systemm\update.exe AddRemove-BoxRune 525 Client V2 - c:\documents and settings\Tom_2\Desktop\BoxRune Client V2\Uninstal.exe AddRemove-BoxRune 562 - c:\documents and settings\Tom_2\Desktop\BoxRune 562 Client\Uninstal.exe AddRemove-UnityWebPlayer - c:\documents and settings\Tom_2\Local Settings\Application Data\Unity\WebPlayer\UNINSTALL.exe ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . Completion time: 2010-06-15 21:05:58 ComboFix-quarantined-files.txt 2010-06-15 20:05 Pre-Run: 58,685,923,328 bytes free Post-Run: 58,717,700,096 bytes free - - END Of File - - F8BC8389153462DDE52E7094D82FCA1C GMER Note about this tool:
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan. Double-click gmer.exe. The program will begin to run. **Caution** These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless ADVISED! If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
GMER 1.0.15.15281 - http://www.gmer.net Rootkit quick scan 2010-06-19 20:02:36 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\Tom_2\LOCALS~1\Temp\kgnorfod.sys ---- System - GMER 1.0.15 ---- Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB74C550A] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB74C532E] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB74C5468] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB6135347] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ---- EOF - GMER 1.0.15 ---- Please download MySystem-Search from here: Download mirror 2
Run on 06/20/2010 at 13:08:45 MSS v1.4 Basic System Information CD Emulation Drivers running? Peer-to-Peer applications? File associations .exe=exefile .scr=scrfile .pif=piffile .com=ComFile .bat=batfile .cmd=cmdfile .log=txtfile .txt=txtfile .reg=regfile .sys=sysfile .dll=dllfile Running processes Hidden objects PATH: C:\windows $hf_mig$ $MSI31Uninstall_KB893803v2$ $NtServicePackUninstall$ $NtUninstallKB888111WXPSP2$ $NtUninstallKB898461$ $NtUninstallKB923561$ $NtUninstallKB929399$ $NtUninstallKB939683$ $NtUninstallKB941569$ $NtUninstallKB946648$ $NtUninstallKB950762$ $NtUninstallKB950974$ $NtUninstallKB951066$ $NtUninstallKB951376-v2$ $NtUninstallKB951748$ $NtUninstallKB951978$ $NtUninstallKB952004$ $NtUninstallKB952069_WM9$ $NtUninstallKB952287$ $NtUninstallKB952954$ $NtUninstallKB954154_WM11$ $NtUninstallKB954155_WM9$ $NtUninstallKB955069$ $NtUninstallKB955759$ $NtUninstallKB956572$ $NtUninstallKB956744$ $NtUninstallKB956802$ $NtUninstallKB956803$ $NtUninstallKB956844$ $NtUninstallKB957097$ $NtUninstallKB958644$ $NtUninstallKB958687$ $NtUninstallKB958869$ $NtUninstallKB959426$ $NtUninstallKB960225$ $NtUninstallKB960803$ $NtUninstallKB960859$ $NtUninstallKB961118$ $NtUninstallKB961371-v2$ $NtUninstallKB961501$ $NtUninstallKB967715$ $NtUninstallKB968389$ $NtUninstallKB968816_WM9$ $NtUninstallKB969059$ $NtUninstallKB969947$ $NtUninstallKB970238$ $NtUninstallKB970430$ $NtUninstallKB971468$ $NtUninstallKB971486$ $NtUninstallKB971557$ $NtUninstallKB971633$ $NtUninstallKB971657$ $NtUninstallKB971737$ $NtUninstallKB972270$ $NtUninstallKB973354$ $NtUninstallKB973507$ $NtUninstallKB973525$ $NtUninstallKB973540_WM9$ $NtUninstallKB973687$ $NtUninstallKB973815$ $NtUninstallKB973869$ $NtUninstallKB973904$ $NtUninstallKB974112$ $NtUninstallKB974318$ $NtUninstallKB974392$ $NtUninstallKB974455$ $NtUninstallKB974571$ $NtUninstallKB975025$ $NtUninstallKB975467$ $NtUninstallKB975560$ $NtUninstallKB975561$ $NtUninstallKB975713$ $NtUninstallKB976098-v2$ $NtUninstallKB977165$ $NtUninstallKB977816$ $NtUninstallKB977914$ $NtUninstallKB978037$ $NtUninstallKB978251$ $NtUninstallKB978262$ $NtUninstallKB978338$ $NtUninstallKB978542$ $NtUninstallKB978601$ $NtUninstallKB978706$ $NtUninstallKB979306$ $NtUninstallKB979309$ $NtUninstallKB979683$ $NtUninstallKB980232$ $NtUninstallMSCompPackV1$ $NtUninstallWMFDist11$ $NtUninstallwmp11$ $NtUninstallWudf01000$ ie8 inf Installer msdownld.tmp sys32 systemm WindowsShell.Manifest winnt.bmp winnt256.bmp PATH: C:\windows\system32 cdplayer.exe.manifest dllcache logonui.exe.manifest Microsoft_MH2KU1 ncpa.cpl.manifest nwc.cpl.manifest sapi.cpl.manifest WindowsLogon.manifest winsnc wuaucpl.cpl.manifest PATH: C:\windows\system32\drivers PATH: C:\ boot.ini IO.SYS MSDOS.SYS NTDETECT.COM ntldr pagefile.sys System Volume Information User Profile check ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList ProfilesDirectoryREG_EXPAND_SZ%SystemDrive%\Documents and Settings DefaultUserProfileREG_SZDefault User AllUsersProfileREG_SZAll Users HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18 FlagsREG_DWORD0xc StateREG_DWORD0x0 RefCountREG_DWORD0x1 SidREG_BINARY010100000000000512000000 ProfileImagePathREG_EXPAND_SZ%systemroot%\system32\config\systemprofile HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19 ProfileImagePathREG_EXPAND_SZ%SystemDrive%\Documents and Settings\LocalService SidREG_BINARY010100000000000513000000 FlagsREG_DWORD0x9 StateREG_DWORD0x100 CentralProfileREG_SZ ProfileLoadTimeLowREG_DWORD0xb7a20b70 ProfileLoadTimeHighREG_DWORD0x1cb1066 RefCountREG_DWORD0x2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20 ProfileImagePathREG_EXPAND_SZ%SystemDrive%\Documents and Settings\NetworkService SidREG_BINARY010100000000000514000000 FlagsREG_DWORD0x9 StateREG_DWORD0x100 CentralProfileREG_SZ ProfileLoadTimeLowREG_DWORD0xb77e482a ProfileLoadTimeHighREG_DWORD0x1cb1066 RefCountREG_DWORD0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1935655697-688789844-725345543-1004 ProfileImagePathREG_EXPAND_SZ%SystemDrive%\Documents and Settings\Tom SidREG_BINARY01050000000000051500000011C35F7354190E2 907E53B2BEC030000 FlagsREG_DWORD0x0 StateREG_DWORD0x100 CentralProfileREG_SZ ProfileLoadTimeLowREG_DWORD0x58f65472 ProfileLoadTimeHighREG_DWORD0x1ca9614 RefCountREG_DWORD0x0 RunLogonScriptSyncREG_DWORD0x0 OptimizedLogonStatusREG_DWORD0xb HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1935655697-688789844-725345543-1005 ProfileImagePathREG_EXPAND_SZ%SystemDrive%\Documents and Settings\Tom_2 SidREG_BINARY01050000000000051500000011C35F7354190E2 907E53B2BED030000 FlagsREG_DWORD0x0 StateREG_DWORD0x100 CentralProfileREG_SZ ProfileLoadTimeLowREG_DWORD0xd1f3f9c0 ProfileLoadTimeHighREG_DWORD0x1cb1070 RefCountREG_DWORD0x1 RunLogonScriptSyncREG_DWORD0x0 OptimizedLogonStatusREG_DWORD0xb HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1935655697-688789844-725345543-500 ProfileImagePathREG_EXPAND_SZ%SystemDrive%\Documents and Settings\Administrator.TOM-2C5350163A3.000 SidREG_BINARY01050000000000051500000011C35F7354190E2 907E53B2BF4010000 FlagsREG_DWORD0x0 StateREG_DWORD0x100 CentralProfileREG_SZ ProfileLoadTimeLowREG_DWORD0x9c42c616 ProfileLoadTimeHighREG_DWORD0x1cafd66 RefCountREG_DWORD0x1 RunLogonScriptSyncREG_DWORD0x0 OptimizedLogonStatusREG_DWORD0xb Current Scheduled Tasks PATH: C:\Windows\Tasks desktop.ini SA.DAT Windows Drivers and NT-Services Volume in drive C has no label. Volume Serial Number is 5CAB-263F Directory of C:\Windows\System32\Drivers Volume in drive C has no label. Volume Serial Number is 5CAB-263F Directory of C:\Windows\System32\Drivers 08/17/2001 02:46 PM 6,400 enum1394.sys 08/17/2001 02:51 PM 3,328 pciide.sys 08/17/2001 02:59 PM 3,072 audstub.sys 07/17/2004 12:35 PM 67,866 netwlan5.img 07/17/2004 12:36 PM 64,352 ativmc20.cod 07/17/2004 11:55 PM 129,045 cxthsfs2.cty 08/03/2004 11:29 PM 701,440 ati2mtag.sys 08/03/2004 11:29 PM 327,040 ati2mtaa.sys 08/03/2004 11:29 PM 57,856 atinbtxx.sys 08/03/2004 11:29 PM 52,224 atinraxx.sys 08/03/2004 11:29 PM 12,047 ati1pdxx.sys 08/03/2004 11:29 PM 11,615 ati1mdxx.sys 08/03/2004 11:29 PM 56,623 ati1btxx.sys 08/03/2004 11:29 PM 13,824 atinmdxx.sys 08/03/2004 11:29 PM 14,336 atinpdxx.sys 08/03/2004 11:29 PM 13,824 atinttxx.sys 08/03/2004 11:29 PM 28,672 atinsnxx.sys 08/03/2004 11:29 PM 73,216 atintuxx.sys 08/03/2004 11:29 PM 34,735 ati1xsxx.sys 08/03/2004 11:29 PM 29,455 ati1xbxx.sys 08/03/2004 11:29 PM 36,463 ati1tuxx.sys 08/03/2004 11:29 PM 21,343 ati1ttxx.sys 08/03/2004 11:29 PM 26,367 ati1snxx.sys 08/03/2004 11:29 PM 31,744 atinxbxx.sys 08/03/2004 11:29 PM 63,663 ati1rvxx.sys 08/03/2004 11:29 PM 30,671 ati1raxx.sys 08/03/2004 11:29 PM 63,488 atinxsxx.sys 08/03/2004 11:29 PM 104,960 atinrvxx.sys 08/03/2004 11:29 PM 452,736 mtxparhm.sys 08/03/2004 11:29 PM 11,295 wadv08nt.sys 08/03/2004 11:29 PM 11,807 wadv07nt.sys 08/03/2004 11:29 PM 11,871 wadv09nt.sys 08/03/2004 11:29 PM 11,935 wadv11nt.sys 08/03/2004 11:29 PM 25,471 watv10nt.sys 08/03/2004 11:29 PM 22,271 watv06nt.sys 08/03/2004 11:29 PM 166,912 s3gnbm.sys 08/03/2004 11:41 PM 1,309,184 mtlstrm.sys 08/03/2004 11:41 PM 126,686 mtlmnt5.sys 08/03/2004 11:41 PM 180,360 ntmtlfax.sys 08/03/2004 11:41 PM 13,776 recagent.sys 08/03/2004 11:41 PM 129,535 slnt7554.sys 08/03/2004 11:41 PM 404,990 slntamr.sys 08/03/2004 11:41 PM 13,240 slwdmsup.sys 08/03/2004 11:41 PM 95,424 slnthal.sys 08/03/2004 11:41 PM 220,032 hsfbs2s2.sys 08/03/2004 11:41 PM 685,056 hsfcxts2.sys 08/03/2004 11:41 PM 11,868 mdmxsdk.sys 08/03/2004 11:41 PM 1,041,536 hsfdpsp2.sys 08/04/2004 01:00 PM 21,376 tsbvcap.sys 08/04/2004 01:00 PM 6,784 parvdm.sys 08/04/2004 01:00 PM 51,712 tosdvd.sys 08/04/2004 01:00 PM 17,792 ptilink.sys 08/04/2004 01:00 PM 8,832 rasacd.sys 08/04/2004 01:00 PM 16,512 raspti.sys 08/04/2004 01:00 PM 11,648 acpiec.sys 08/04/2004 01:00 PM 3,456 oprghdlr.sys 08/04/2004 01:00 PM 31,360 atmepvc.sys 08/04/2004 01:00 PM 55,936 nwlnkspx.sys 08/04/2004 01:00 PM 352,256 atmuni.sys 08/04/2004 01:00 PM 63,232 nwlnknb.sys 08/04/2004 01:00 PM 32,512 nwlnkfwd.sys 08/04/2004 01:00 PM 12,416 nwlnkflt.sys 08/04/2004 01:00 PM 2,944 null.sys 08/04/2004 01:00 PM 12,160 mouhid.sys 08/04/2004 01:00 PM 4,224 rdpcdd.sys 08/04/2004 01:00 PM 4,224 beep.sys 08/04/2004 01:00 PM 12,032 nikedrv.sys 08/04/2004 01:00 PM 4,352 wmilib.sys 08/04/2004 01:00 PM 12,032 rio8drv.sys 08/04/2004 01:00 PM 12,032 riodrv.sys 08/04/2004 01:00 PM 5,888 rootmdm.sys 08/04/2004 01:00 PM 10,496 dxapi.sys 08/04/2004 01:00 PM 12,160 fsvga.sys 08/04/2004 01:00 PM 13,952 cbidf2k.sys 08/04/2004 01:00 PM 18,688 cdaudio.sys 08/04/2004 01:00 PM 4,224 mnmdd.sys 08/04/2004 01:00 PM 4,736 usbd.sys 08/04/2004 01:00 PM 7,680 mcd.sys 08/04/2004 01:00 PM 262,528 cinemst2.sys 08/04/2004 01:00 PM 32,896 ipfltdrv.sys 08/04/2004 01:00 PM 11,776 cpqdap01.sys 08/04/2004 01:00 PM 34,432 rawwan.sys 08/04/2004 01:00 PM 12,032 ws2ifsl.sys 08/04/2004 01:00 PM 58,112 vdmindvd.sys 08/04/2004 01:00 PM 14,592 smclib.sys 08/04/2004 01:00 PM 7,936 fs_rec.sys 08/04/2004 01:00 PM 646 gmreadme.txt 08/04/2004 01:00 PM 3,440,660 gm.dls 08/04/2004 01:00 PM 5,888 dmload.sys 08/04/2004 01:00 PM 125,056 ftdisk.sys 08/04/2004 01:00 PM 3,328 dxgthk.sys 01/07/2005 06:07 PM 145,920 Hdaudio.sys 01/04/2006 08:41 AM 1,389,056 Monfilt.sys 09/28/2006 07:55 PM 77,568 WudfPf.sys 09/28/2006 08:00 PM 82,944 WudfRd.sys 10/18/2006 09:00 PM 38,528 wpdusb.sys 11/30/2006 09:50 AM 64,360 mfeapfk.sys 11/30/2006 09:50 AM 72,264 mfeavfk.sys 11/30/2006 09:50 AM 52,136 mfetdik.sys 11/30/2006 09:50 AM 168,776 mfehidk.sys 11/30/2006 09:50 AM 34,152 mfebopk.sys 09/17/2007 09:07 AM 6,853,088 nv4_mini.sys 04/13/2008 05:36 PM 144,384 hdaudbus.sys 04/13/2008 05:39 PM 20,480 secdrv.sys 04/13/2008 05:39 PM 142,592 aec.sys 04/13/2008 07:31 PM 35,840 processr.sys 04/13/2008 07:31 PM 42,752 p3.sys 04/13/2008 07:31 PM 37,376 amdk6.sys 04/13/2008 07:31 PM 36,736 crusoe.sys 04/13/2008 07:31 PM 36,352 intelppm.sys 04/13/2008 07:31 PM 37,760 amdk7.sys 04/13/2008 07:32 PM 66,048 udfs.sys 04/13/2008 07:32 PM 30,848 npfs.sys 04/13/2008 07:32 PM 19,072 msfs.sys 04/13/2008 07:32 PM 180,608 mrxdav.sys 04/13/2008 07:32 PM 196,224 rdpdr.sys 04/13/2008 07:32 PM 129,792 fltmgr.sys 04/13/2008 07:33 PM 44,544 fips.sys 04/13/2008 07:36 PM 5,888 smbali.sys 04/13/2008 07:36 PM 187,776 acpi.sys 04/13/2008 07:36 PM 42,368 agp440.sys 04/13/2008 07:36 PM 42,752 alim1541.sys 04/13/2008 07:36 PM 40,960 sisagp.sys 04/13/2008 07:36 PM 44,928 agpcpq.sys 04/13/2008 07:36 PM 43,008 amdagp.sys 04/13/2008 07:36 PM 42,240 viaagp.sys 04/13/2008 07:36 PM 46,464 gagp30kx.sys 04/13/2008 07:36 PM 44,672 uagp35.sys 04/13/2008 07:36 PM 37,248 isapnp.sys 04/13/2008 07:36 PM 63,744 mf.sys 04/13/2008 07:36 PM 120,192 pcmcia.sys 04/13/2008 07:36 PM 68,224 pci.sys 04/13/2008 07:36 PM 79,232 sdbus.sys 04/13/2008 07:36 PM 15,488 mssmbios.sys 04/13/2008 07:36 PM 73,472 sr.sys 04/13/2008 07:38 PM 71,168 dxg.sys 04/13/2008 07:39 PM 384,768 update.sys 04/13/2008 07:39 PM 42,368 mountmgr.sys 04/13/2008 07:39 PM 24,576 kbdclass.sys 04/13/2008 07:39 PM 23,040 mouclass.sys 04/13/2008 07:39 PM 14,592 kbdhid.sys 04/13/2008 07:39 PM 5,376 mspclock.sys 04/13/2008 07:39 PM 4,992 mspqm.sys 04/13/2008 07:39 PM 7,552 mskssrv.sys 04/13/2008 07:39 PM 4,352 swenum.sys 04/13/2008 07:40 PM 80,128 parport.sys 04/13/2008 07:40 PM 15,744 serenum.sys 04/13/2008 07:40 PM 27,392 fdc.sys 04/13/2008 07:40 PM 20,480 flpydisk.sys 04/13/2008 07:40 PM 57,600 redbook.sys 04/13/2008 07:40 PM 24,960 pciidex.sys 04/13/2008 07:40 PM 96,384 scsiport.sys 04/13/2008 07:40 PM 96,512 atapi.sys 04/13/2008 07:40 PM 14,208 diskdump.sys 04/13/2008 07:40 PM 62,976 cdrom.sys 04/13/2008 07:40 PM 11,904 sffdisk.sys 04/13/2008 07:40 PM 36,352 disk.sys 04/13/2008 07:40 PM 11,008 sffp_sd.sys 04/13/2008 07:40 PM 11,392 sfloppy.sys 04/13/2008 07:40 PM 10,240 sffp_mmc.sys 04/13/2008 07:40 PM 19,712 partmgr.sys 04/13/2008 07:40 PM 14,976 tape.sys 04/13/2008 07:40 PM 42,112 imapi.sys 04/13/2008 07:41 PM 52,352 volsnap.sys 04/13/2008 07:43 PM 14,208 wacompen.sys 04/13/2008 07:43 PM 12,672 mutohpen.sys 04/13/2008 07:44 PM 81,664 videoprt.sys 04/13/2008 07:44 PM 20,992 vga.sys 04/13/2008 07:44 PM 153,344 dmio.sys 04/13/2008 07:44 PM 799,744 dmboot.sys 04/13/2008 07:45 PM 52,864 dmusic.sys 04/13/2008 07:45 PM 6,272 splitter.sys 04/13/2008 07:45 PM 56,576 swmidi.sys 04/13/2008 07:45 PM 172,416 kmixer.sys 04/13/2008 07:45 PM 2,944 drmkaud.sys 04/13/2008 07:45 PM 60,160 drmk.sys 04/13/2008 07:45 PM 49,408 stream.sys 04/13/2008 07:45 PM 24,960 hidparse.sys 04/13/2008 07:45 PM 36,864 hidclass.sys 04/13/2008 07:45 PM 19,200 hidir.sys 04/13/2008 07:45 PM 10,368 hidusb.sys 04/13/2008 07:45 PM 15,104 usbscan.sys 04/13/2008 07:45 PM 30,208 usbehci.sys 04/13/2008 07:45 PM 20,608 usbuhci.sys 04/13/2008 07:45 PM 143,872 usbport.sys 04/13/2008 07:45 PM 59,520 usbhub.sys 04/13/2008 07:45 PM 26,368 usbstor.sys 04/13/2008 07:45 PM 25,600 usbcamd.sys 04/13/2008 07:45 PM 25,728 usbcamd2.sys 04/13/2008 07:45 PM 15,872 usbintel.sys 04/13/2008 07:46 PM 25,344 sonydcam.sys 04/13/2008 07:46 PM 53,376 1394bus.sys 04/13/2008 07:46 PM 61,696 ohci1394.sys 04/13/2008 07:46 PM 121,984 usbvideo.sys 04/13/2008 07:46 PM 18,944 bthusb.sys 04/13/2008 07:46 PM 25,600 hidbth.sys 04/13/2008 07:46 PM 36,480 bthprint.sys 04/13/2008 07:46 PM 59,136 rfcomm.sys 04/13/2008 07:46 PM 37,888 bthmodem.sys 04/13/2008 07:46 PM 17,024 bthenum.sys 04/13/2008 07:51 PM 61,824 nic1394.sys 04/13/2008 07:51 PM 59,904 atmarpc.sys 04/13/2008 07:51 PM 60,800 arp1394.sys 04/13/2008 07:51 PM 55,808 atmlane.sys 04/13/2008 07:51 PM 101,120 bthpan.sys 04/13/2008 07:53 PM 40,320 nmnt.sys 04/13/2008 07:53 PM 71,552 bridge.sys 04/13/2008 07:53 PM 36,608 ip6fw.sys 04/13/2008 07:54 PM 11,264 irenum.sys 04/13/2008 07:55 PM 14,592 ndisuio.sys 04/13/2008 07:56 PM 12,288 tunmp.sys 04/13/2008 07:56 PM 34,688 netbios.sys 04/13/2008 07:56 PM 88,320 nwlnkipx.sys 04/13/2008 07:56 PM 35,072 msgpc.sys 04/13/2008 07:56 PM 69,120 psched.sys 04/13/2008 07:56 PM 12,800 usb8023x.sys 04/13/2008 07:56 PM 12,800 usb8023.sys 04/13/2008 07:56 PM 30,592 rndismpx.sys 04/13/2008 07:56 PM 30,592 rndismp.sys 04/13/2008 07:57 PM 20,864 ipinip.sys 04/13/2008 07:57 PM 152,832 ipnat.sys 04/13/2008 07:57 PM 34,560 wanarp.sys 04/13/2008 07:57 PM 10,112 ndistapi.sys 04/13/2008 07:57 PM 14,336 asyncmac.sys 04/13/2008 07:57 PM 40,576 ndproxy.sys 04/13/2008 07:57 PM 41,472 raspppoe.sys 04/13/2008 08:00 PM 19,072 tdi.sys 04/13/2008 08:00 PM 30,080 modem.sys 04/13/2008 08:14 PM 63,744 cdfs.sys 04/13/2008 08:14 PM 143,744 fastfat.sys 04/13/2008 08:15 PM 64,512 serial.sys 04/13/2008 08:15 PM 574,976 ntfs.sys 04/13/2008 08:15 PM 60,800 sysaudio.sys 04/13/2008 08:16 PM 49,536 classpnp.sys 04/13/2008 08:16 PM 141,056 ks.sys 04/13/2008 08:17 PM 105,344 mup.sys 04/13/2008 08:17 PM 83,072 wdmaud.sys 04/13/2008 08:18 PM 52,480 i8042prt.sys 04/13/2008 08:19 PM 146,048 portcls.sys 04/13/2008 08:19 PM 51,328 rasl2tp.sys 04/13/2008 08:19 PM 48,384 raspptp.sys 04/13/2008 08:20 PM 182,656 ndis.sys 04/13/2008 08:20 PM 91,520 ndiswan.sys 04/13/2008 08:21 PM 162,816 netbt.sys 04/13/2008 08:28 PM 175,744 rdbss.sys 04/14/2008 01:11 AM 3,775 adv11nt5.dll 04/14/2008 01:11 AM 3,711 adv09nt5.dll 04/14/2008 01:11 AM 4,255 adv01nt5.dll 04/14/2008 01:11 AM 3,967 adv02nt5.dll 04/14/2008 01:11 AM 3,135 adv08nt5.dll 04/14/2008 01:11 AM 3,615 adv05nt5.dll 04/14/2008 01:11 AM 3,647 adv07nt5.dll 04/14/2008 01:11 AM 21,183 atv01nt5.dll 04/14/2008 01:11 AM 17,279 atv10nt5.dll 04/14/2008 01:11 AM 14,143 atv06nt5.dll 04/14/2008 01:11 AM 25,471 atv04nt5.dll 04/14/2008 01:11 AM 11,359 atv02nt5.dll 04/14/2008 01:11 AM 15,423 ch7xxnt5.dll 04/14/2008 01:12 AM 3,901 siint5.dll 04/14/2008 01:12 AM 11,325 vchnt5.dll 04/14/2008 01:13 AM 40,840 termdd.sys 04/14/2008 01:13 AM 12,040 tdpipe.sys 04/14/2008 01:13 AM 21,896 tdtcp.sys 04/14/2008 01:13 AM 139,656 rdpwd.sys 05/08/2008 03:02 PM 203,136 rmcast.sys 06/13/2008 12:05 PM 272,128 bthport.sys 06/20/2008 12:51 PM 361,600 tcpip.sys 08/05/2008 01:10 PM 1,684,736 Ambfilt.sys 08/14/2008 11:04 AM 138,496 afd.sys 10/30/2008 02:14 PM 117,888 Rtenicxp.sys 01/20/2009 11:53 AM 5,027,840 RtkHDAud.sys 06/24/2009 12:18 PM 92,928 ksecdd.sys 10/20/2009 05:20 PM 265,728 http.sys 11/05/2009 06:22 AM 9,984 scncap.sys 11/27/2009 11:31 PM 21,035 AegisP.sys 11/28/2009 06:43 AM disdn 12/31/2009 05:50 PM 353,792 srv.sys 02/11/2010 01:02 PM 226,880 tcpip6.sys 02/24/2010 02:11 PM 455,680 mrxsmb.sys 02/24/2010 09:49 PM UMDF 04/14/2010 05:30 PM 28,880 aavmker4.sys 04/14/2010 05:31 PM 19,024 aswFsBlk.sys 04/14/2010 05:31 PM 94,800 aswmon.sys 04/14/2010 05:31 PM 100,432 aswmon2.sys 04/14/2010 05:31 PM 23,376 aswRdr.sys 04/14/2010 05:35 PM 162,768 aswSP.sys 04/14/2010 05:35 PM 46,672 aswTdi.sys 06/15/2010 09:02 PM .. 06/15/2010 09:02 PM . 06/15/2010 09:05 PM etc 285 File(s) 40,196,416 bytes 5 Dir(s) 58,725,122,048 bytes free Virtual drives found? Environment variables ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Tom_2\Application Data CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=TOM-2C5350163A3 ComSpec=C:\WINDOWS\system32\cmd.exe DEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Tom_2 LOGONSERVER=\\TOM-2C5350163A3 NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\System32;GL;C:\Program Files\Java\jdk1.6.0_17\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f06 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Tom_2\LOCALS~1\Temp TMP=C:\DOCUME~1\Tom_2\LOCALS~1\Temp USERDOMAIN=TOM-2C5350163A3 USERNAME=Tom_2 USERPROFILE=C:\Documents and Settings\Tom_2 VSEDEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI Stealth malware? Internet Explorer ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main Default_Page_URLREG_SZhttp://go.microsoft.com/fwlink/?LinkId=69157 Default_Search_URLREG_SZhttp://go.microsoft.com/fwlink/?LinkId=54896 Search PageREG_SZhttp://go.microsoft.com/fwlink/?LinkId=54896 Enable_Disk_CacheREG_SZyes Cache_Percent_of_DiskREG_BINARY0A000000 Delete_Temp_Files_On_ExitREG_SZyes Local PageREG_SZC:\WINDOWS\system32\blank.htm Anchor_Visitation_HorizonREG_BINARY01000000 Use_Async_DNSREG_SZyes Placeholder_WidthREG_BINARY1A000000 Placeholder_HeightREG_BINARY1A000000 Start PageREG_SZhttp://go.microsoft.com/fwlink/?LinkId=69157 CompanyNameREG_SZMicrosoft Corporation Custom_KeyREG_SZMICROSO Wizard_VersionREG_SZ6.0.2600.0000 FullScreenREG_SZno Default_Secondary_Page_URLREG_MULTI_SZ\0 Extensions Off PageREG_SZabout:NoAdd-ons Security Risk PageREG_SZabout:SecurityRisk Check_AssociationsREG_SZyes StatusBarWebREG_DWORD0x1 SearchControlWidthREG_DWORD0x12c ForceGDIPlusREG_DWORD0x0 DEPOffREG_DWORD0x0 MaxRenderLineREG_DWORD0xfa0 UseClearTypeREG_SZyes Page_TransitionsREG_DWORD0x1 Use_DlgBox_ColorsREG_SZyes Anchor UnderlineREG_SZyes Display Inline ImagesREG_SZyes Display Inline VideosREG_DWORD0x1 Play_Background_SoundsREG_SZyes Play_AnimationsREG_SZyes Print_BackgroundREG_SZno SmoothScrollREG_DWORD0x1 XMLHTTPREG_DWORD0x1 Show image placeholdersREG_DWORD0x0 Disable Script DebuggerREG_SZyes Enable AutoImageResizeREG_SZyes XDomainRequestREG_DWORD0x1 DOMStorageREG_DWORD0x1 IE8RunOnceLastShownREG_DWORD0x0 IE8RunOncePerInstallCompletedREG_DWORD0x0 IE8TourNoShowREG_DWORD0x0 IE8TourShownREG_DWORD0x0 FrameTabWindowREG_DWORD0x1 AdminTabProcsREG_DWORD0x1 SessionMergingREG_DWORD0x1 FrameMergingREG_DWORD0x1 HangResistantFrameREG_DWORD0x0 TabShutdownDelayREG_DWORD0xea60 FrameShutdownDelayREG_DWORD0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings User AgentREG_SZMozilla/4.0 (compatible; MSIE 8.0; Win32) IE5_UA_Backup_FlagREG_SZ5.0 NoNetAutodialREG_DWORD0x0 MigrateProxyREG_DWORD0x1 EmailNameREG_SZ[emailprotected] AutoConfigProxyREG_SZwininet.dll MimeExclusionListForCacheREG_SZmultipart/mixed multipart/x-mixed-replace multipart/x-byteranges WarnOnPostREG_BINARY01000000 UseSchannelDirectlyREG_BINARY01000000 EnableHttp1_1REG_DWORD0x1 UrlEncodingREG_DWORD0x0 SecureProtocolsREG_DWORD0xa0 PrivDiscUiShownREG_DWORD0x1 PrivacyAdvancedREG_DWORD0x0 ZonesSecurityUpgradeREG_BINARYC808B2B401DCCA01 DisableCachingOfSSLPagesREG_DWORD0x0 WarnonZoneCrossingREG_DWORD0x1 EnableNegotiateREG_DWORD0x1 ProxyEnableREG_DWORD0x0 SyncMode5REG_DWORD0x3 GlobalUserOfflineREG_DWORD0x0 EnableAutodialREG_DWORD0x0 ProxyHttp1.1REG_DWORD0x1 EnablePunycodeREG_DWORD0x1 ShowPunycodeREG_DWORD0x0 CreateUriCacheSizeREG_DWORD0x50 CoInternetCombineIUriCacheSizeREG_DWORD0x50 SecurityIdIUriCacheSizeREG_DWORD0x1e SpecialFoldersCacheSizeREG_DWORD0x8 WarnOnIntranetREG_DWORD0x1 WarnonBadCertRecvingREG_DWORD0x1 WarnOnPostRedirectREG_DWORD0x0 WarnOnHTTPSToHTTPRedirectREG_DWORD0x1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CACHE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main NoUpdateCheckREG_DWORD0x1 Disable Script DebuggerREG_SZyes Anchor UnderlineREG_SZyes Cache_Update_FrequencyREG_SZOnce_Per_Session Display Inline ImagesREG_SZyes Do404SearchREG_BINARY01000000 Local PageREG_SZC:\WINDOWS\system32\blank.htm Save_Session_History_On_ExitREG_SZno Show_FullURLREG_SZno Show_StatusBarREG_SZyes Show_ToolBarREG_SZyes Show_URLinStatusBarREG_SZyes Show_URLToolBarREG_SZyes Use_DlgBox_ColorsREG_SZyes Search PageREG_SZhttp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch XMLHTTPREG_DWORD0x1 UseClearTypeREG_SZyes Enable Browser ExtensionsREG_SZyes Play_Background_SoundsREG_SZyes Play_AnimationsREG_SZyes IE8RunOnceLastShownREG_DWORD0x1 IE8RunOncePerInstallCompletedREG_DWORD0x0 IE8RunOnceCompletionTimeREG_BINARYFA96355738E2CA01 IE8TourShownREG_DWORD0x1 IE8TourShownTimeREG_BINARY98397CED9309CB01 StatusBarWebREG_DWORD0x1 SearchControlWidthREG_DWORD0x12c ForceGDIPlusREG_DWORD0x0 SuppressScriptDebuggerDialogREG_DWORD0x0 Page_TransitionsREG_DWORD0x1 CSS_CompatREG_SZdoctype Expand Alt TextREG_SZno Display Inline VideosREG_DWORD0x1 Print_BackgroundREG_SZno Use StylesheetsREG_DWORD0x1 SmoothScrollREG_DWORD0x1 Show image placeholdersREG_DWORD0x0 DisableScriptDebuggerIEREG_SZyes Move System CaretREG_SZno Force Offscreen CompositionREG_DWORD0x0 Enable AutoImageResizeREG_SZyes UseThemesREG_DWORD0x1 UseHRREG_DWORD0x0 Q300829REG_DWORD0x0 Cleanup HTCsREG_DWORD0x0 XDomainRequestREG_DWORD0x1 DOMStorageREG_DWORD0x1 IE8TourNoShowREG_DWORD0x0 FrameTabWindowREG_DWORD0x1 AdminTabProcsREG_DWORD0x1 SessionMergingREG_DWORD0x1 FrameMergingREG_DWORD0x1 HangResistantFrameREG_DWORD0x0 TabShutdownDelayREG_DWORD0xea60 FrameShutdownDelayREG_DWORD0x0 CompatibilityFlagsREG_DWORD0x0 FullScreenREG_SZno Window_PlacementREG_BINARY2C0000000200000003000000FFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFF2700000027000000470300 00A7020000 IE8RunOnceLastShown_TIMESTAMPREG_BINARYC4C87FE1C40CCB01 RunOnceHasShownREG_DWORD0x1 RunOnceCompleteREG_DWORD0x1 Check_AssociationsREG_SZyes HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Touch HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search SearchAssistantREG_SZhttp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm CustomizeSearchREG_SZhttp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks {CFBFAE00-17A6-11D0-99CB-00C04FD64497}REG_SZ ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\QuickComplete ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt Security Center ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center FirstRunDisabledREG_DWORD0x1 AntiVirusOverrideREG_DWORD0x0 FirewallOverrideREG_DWORD0x0 AntiVirusDisableNotifyREG_DWORD0x0 FirewallDisableNotifyREG_DWORD0x0 UpdatesDisableNotifyREG_DWORD0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile EnableFirewallREG_DWORD0x0 DoNotAllowExceptionsREG_DWORD0x0 DisableNotificationsREG_DWORD0x1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile EnableFirewallREG_DWORD0x1 DoNotAllowExceptionsREG_DWORD0x0 DisableNotificationsREG_DWORD0x0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List %windir%\system32\sessmgr.exeREG_SZ%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 %windir%\Network Diagnostic\xpnetdiag.exeREG_SZ%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 C:\Program Files\McAfee\Common Framework\FrameworkService.exeREG_SZC:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service C:\Program Files\Orbitdownloader\orbitdm.exeREG_SZC:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit C:\Program Files\Orbitdownloader\orbitnet.exeREG_SZC:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit C:\Program Files\Steam\steamapps\sirtom125\garrysmod\hl2.exeREG_SZC:\Program Files\Steam\steamapps\sirtom125\garrysmod\hl2.exe:*:Enabled:hl2 C:\Program Files\ijji\ijji REACTOR\REACTOR.exeREG_SZC:\Program Files\ijji\ijji REACTOR\REACTOR.exe:*:Enabled:Reactor Application C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exeREG_SZC:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe C:\Program Files\Java\jre6\bin\java.exeREG_SZC:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary Uninstall List ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\avast5 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Branding HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cheat Engine 5.5_is1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICW HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IDNMitigationAPIs HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie7 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie8 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ijjiSetup HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884016 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884267 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885353 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB886612 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887078 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887626 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888111WXPSP2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888656 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB889858 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB891122 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892130 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892313 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893240 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893241 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895181 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895316 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895572 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB897586 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898549 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900399 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB902344 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB907658 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911565 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911854 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923561 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923789 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB929399 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB939683 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB941569 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB946648 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950762 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950974 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951066 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951376-v2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951748 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951978 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952004 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952069_WM9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952287 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952954 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954154_WM11 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954155_WM9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954550-v5 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955069 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955759 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956572 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956744 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956802 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956803 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956844 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB957097 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958644 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958687 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958869 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB959426 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960225 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960803 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960859 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961118 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961371-v2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961501 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB967715 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968389 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968816_WM9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969059 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969947 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970238 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970430 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971468 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971486 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971557 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971633 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971657 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971737 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971961-IE8 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB972270 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973354 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973507 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973525 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973540_WM9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973687 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973815 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973869 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973904 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974112 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974318 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974392 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974455 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974571 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975025 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975467 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975560 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975561 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975713 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976002-v5 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976098-v2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976662-IE8 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977165 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977816 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977914 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978037 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978251 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978262 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978338 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978542 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978601 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978706 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979306 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979309 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979683 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980182-IE8 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980232 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980302-IE8 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981332-IE8 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KOIELangPack HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\M953297 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 3.5 SP1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSCompPackV1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1 HKEY_LOPlease run a free online scan with the ESET Online Scanner
Note: please close all other applications running on your system. Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue. Click the Settings button. Set the slider to Maximum. IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports. On the General tab, make sure all of the boxes are checked. On the Misc tab, make sure all the checkboxes are checked. Then, click OK on the windows that you launched. Click Create Report to run it. It will begin scanning. It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. It should automatically upload it to http://www.getsysteminfo.com. If it does not, then please submit it manually by going to the site and doing the upload process. It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.Sorry my late reply I was away at grandparents. GetSystemInfo version 4.0.1.243: Time[:]6/30/2010 10:04:17 PM BuildNumber[:] InstallDate[:] Manufacturer[:]Award Software International, Inc. Name[:]Award Modular BIOS v6.00PG PrimaryBIOS[:]True ReleaseDate[:]20090409000000.000000+000 SerialNumber[:] SMBIOSBIOSVersion[:]F2 SMBIOSMajorVersion[:]2 SMBIOSMinorVersion[:]4 SMBIOSPresent[:]True SoftwareElementID[:]Award Modular BIOS v6.00PG SoftwareElementState[:]3 Status[:]OK TargetOperatingSystem[:]0 version[:]GBT - 42302e31 AddressWidth[:]32 Architecture[:]0 Availability[:]3 Caption[:]x86 Family 6 Model 15 Stepping 6 CpuStatus[:]1 CurrentClockSpeed[:]2666 CurrentVoltage[:]10 DataWidth[:]32 Description[:]x86 Family 6 Model 15 Stepping 6 DeviceID[:]CPU0 Family[:]2 LastErrorCode[:] Level[:]6 LoadPercentage[:]4 Manufacturer[:]GenuineIntel MaxClockSpeed[:]2666 Name[:]Intel(R) Core(TM)2 CPU 6700 @ 2.66GHz NumberOfCores[:] NumberOfLogicalProcessors[:] ProcessorType[:]3 Role[:]CPU SocketDesignation[:]Socket 775 Status[:]OK StatusInfo[:]3 Stepping[:]6 SystemName[:]TOM-2C5350163A3 UpgradeMethod[:]15 version[:]Model 15, Stepping 6 VoltageCaps[:] BootDevice[:]\Device\HarddiskVolume1 BuildNumber[:]2600 BuildType[:]Multiprocessor Free Caption[:]Microsoft Windows XP Home Edition CountryCode[:]1 CSDVersion[:]Service Pack 3 Description[:] FreePhysicalMemory[:]1544976 FreeSpaceInPagingFiles[:]3136948 FreeVirtualMemory[:]2053876 InstallDate[:]20091127220618.000000+000 LastBootUpTime[:]20100630171809.375000+060 LocalDateTime[:]20100630220419.140000+060 Manufacturer[:]Microsoft Corporation NumberOfProcesses[:]32 NumberOfUsers[:]2 OSLanguage[:]1033 ServicePackMajorVersion[:]3 ServicePackMinorVersion[:]0 SizeStoredInPagingFiles[:]3477284 SystemDevice[:]\Device\HarddiskVolume1 SystemDirectory[:]C:\WINDOWS\system32 TotalVirtualMemorySize[:]2097024 TotalVisibleMemorySize[:]2060716 version[:]5.1.2600 WindowsDirectory[:]C:\WINDOWS BootupState[:]Normal boot DNSHostName[:] Domain[:]MSHOME DomainRole[:]0 Manufacturer[:]Gigabyte Technology Co., Ltd. Model[:]EG41MF-US2H NetworkServerModeEnabled[:]True PartOfDomain[:] PCSystemType[:] Status[:]OK SupportContactDescription[:] SystemType[:]X86-based PC UserName[:]TOM-2C5350163A3\Tom_2 Workgroup[:] [][:]ComSpec => %SystemRoot%\system32\cmd.exe [][:]DEFLOGDIR => C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection [][:]FP_NO_HOST_CHECK => NO [][:]NUMBER_OF_PROCESSORS => 2 [][:]OS => Windows_NT [][:]PATHEXT => .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH [][:]PROCESSOR_ARCHITECTURE => x86 [][:]PROCESSOR_IDENTIFIER => x86 Family 6 Model 15 Stepping 6, GenuineIntel [][:]PROCESSOR_LEVEL => 6 [][:]PROCESSOR_REVISION => 0f06 [][:]TEMP => %SystemRoot%\TEMP [][:]TMP => %SystemRoot%\TEMP [][:]VSEDEFLOGDIR => C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection [][:]windir => %SystemRoot% [NT AUTHORITY\SYSTEM][:]TEMP => %USERPROFILE%\Local Settings\Temp [NT AUTHORITY\SYSTEM][:]TMP => %USERPROFILE%\Local Settings\Temp [NT AUTHORITY\LOCAL SERVICE][:]TEMP => %USERPROFILE%\Local Settings\Temp [NT AUTHORITY\LOCAL SERVICE][:]TMP => %USERPROFILE%\Local Settings\Temp [NT AUTHORITY\NETWORK SERVICE][:]TEMP => %USERPROFILE%\Local Settings\Temp [NT AUTHORITY\NETWORK SERVICE][:]TMP => %USERPROFILE%\Local Settings\Temp [TOM-2C5350163A3\Tom_2][:]Path => GL;C:\Program Files\Java\jdk1.6.0_17\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM [TOM-2C5350163A3\Tom_2][:]TEMP => %USERPROFILE%\Local Settings\Temp [TOM-2C5350163A3\Tom_2][:]TMP => %USERPROFILE%\Local Settings\Temp Name[:]Microsoft XPS Document Writer Default[:]True HorizontalResolution[:]600 JobCountSinceLastReset[:]0 Local[:]True Network[:]False PortName[:]XPSPort: PrinterState[:]0 PrintProcessor[:]WinPrint Priority[:]1 Published[:]False Queued[:]False RawOnly[:]False ServerName[:] Shared[:]False ShareName[:] SpoolEnabled[:]True Status[:]Unknown VerticalResolution[:]600 WorkOffline[:]False ConfigManagerErrorCode[:]0 DeviceID[:]HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_1458A002&REV_1000\4&2F790C35&0&0201 Manufacturer[:]Realtek Name[:]Realtek High Definition Audio ProductName[:]Realtek High Definition Audio Status[:]OK StatusInfo[:]3 Category[:]0 CategoryString[:] EventCode[:]258 EventIdentifier[:]-2147483390 EventType[:]2 Logfile[:]Application Message[:]The update failed; see event log. RecordNumber[:]2408 SourceName[:]McLogEvent TimeGenerated[:]20100628214007.000000+060 TimeWritten[:]20100628214007.000000+060 Type[:]warning User[:]NT AUTHORITY\SYSTEM Category[:]0 CategoryString[:] EventCode[:]1802 EventIdentifier[:]-1073740022 EventType[:]1 Logfile[:]Application Message[:]The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall. RecordNumber[:]2405 SourceName[:]SecurityCenter TimeGenerated[:]20100628080609.000000+060 TimeWritten[:]20100628080609.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]1 EventIdentifier[:]1073741825 EventType[:]1 Logfile[:]Application Message[:] RecordNumber[:]2404 SourceName[:]JavaQuickStarterService TimeGenerated[:]20100628080556.000000+060 TimeWritten[:]20100628080556.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]1802 EventIdentifier[:]-1073740022 EventType[:]1 Logfile[:]Application Message[:]The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall. RecordNumber[:]2401 SourceName[:]SecurityCenter TimeGenerated[:]20100628072100.000000+060 TimeWritten[:]20100628072100.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]1 EventIdentifier[:]1073741825 EventType[:]1 Logfile[:]Application Message[:] RecordNumber[:]2400 SourceName[:]JavaQuickStarterService TimeGenerated[:]20100628072043.000000+060 TimeWritten[:]20100628072043.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]1 EventIdentifier[:]1073741825 EventType[:]1 Logfile[:]Application Message[:] RecordNumber[:]2409 SourceName[:]JavaQuickStarterService TimeGenerated[:]20100629175909.000000+060 TimeWritten[:]20100629175909.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]1802 EventIdentifier[:]-1073740022 EventType[:]1 Logfile[:]Application Message[:]The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall. RecordNumber[:]2410 SourceName[:]SecurityCenter TimeGenerated[:]20100629175925.000000+060 TimeWritten[:]20100629175925.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]258 EventIdentifier[:]-2147483390 EventType[:]2 Logfile[:]Application Message[:]The update failed; see event log. RecordNumber[:]2413 SourceName[:]McLogEvent TimeGenerated[:]20100629215505.000000+060 TimeWritten[:]20100629215505.000000+060 Type[:]warning User[:]NT AUTHORITY\SYSTEM Category[:]0 CategoryString[:] EventCode[:]1 EventIdentifier[:]1073741825 EventType[:]1 Logfile[:]Application Message[:] RecordNumber[:]2414 SourceName[:]JavaQuickStarterService TimeGenerated[:]20100630073651.000000+060 TimeWritten[:]20100630073651.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]1802 EventIdentifier[:]-1073740022 EventType[:]1 Logfile[:]Application Message[:]The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall. RecordNumber[:]2415 SourceName[:]SecurityCenter TimeGenerated[:]20100630073705.000000+060 TimeWritten[:]20100630073705.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]1 EventIdentifier[:]1073741825 EventType[:]1 Logfile[:]Application Message[:] RecordNumber[:]2418 SourceName[:]JavaQuickStarterService TimeGenerated[:]20100630172038.000000+060 TimeWritten[:]20100630172038.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]1802 EventIdentifier[:]-1073740022 EventType[:]1 Logfile[:]Application Message[:]The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall. RecordNumber[:]2419 SourceName[:]SecurityCenter TimeGenerated[:]20100630172054.000000+060 TimeWritten[:]20100630172054.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]258 EventIdentifier[:]-2147483390 EventType[:]2 Logfile[:]Application Message[:]The update failed; see event log. RecordNumber[:]2422 SourceName[:]McLogEvent TimeGenerated[:]20100630214105.000000+060 TimeWritten[:]20100630214105.000000+060 Type[:]warning User[:]NT AUTHORITY\SYSTEM Category[:]0 CategoryString[:] EventCode[:]7001 EventIdentifier[:]-1073734823 EventType[:]1 Logfile[:]System Message[:]The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. RecordNumber[:]6782 SourceName[:]Service Control Manager TimeGenerated[:]20100630181720.000000+060 TimeWritten[:]20100630181720.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7003 EventIdentifier[:]-1073734821 EventType[:]1 Logfile[:]System Message[:]The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec RecordNumber[:]6781 SourceName[:]Service Control Manager TimeGenerated[:]20100630181720.000000+060 TimeWritten[:]20100630181720.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7001 EventIdentifier[:]-1073734823 EventType[:]1 Logfile[:]System Message[:]The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. RecordNumber[:]6668 SourceName[:]Service Control Manager TimeGenerated[:]20100630181712.000000+060 TimeWritten[:]20100630181712.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7003 EventIdentifier[:]-1073734821 EventType[:]1 Logfile[:]System Message[:]The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec RecordNumber[:]6667 SourceName[:]Service Control Manager TimeGenerated[:]20100630181712.000000+060 TimeWritten[:]20100630181712.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7026 EventIdentifier[:]-1073734798 EventType[:]1 Logfile[:]System Message[:]The following boot-start or system-start driver(s) failed to load: mfetdik Tcpip RecordNumber[:]6658 SourceName[:]Service Control Manager TimeGenerated[:]20100630172155.000000+060 TimeWritten[:]20100630172155.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7023 EventIdentifier[:]-1073734801 EventType[:]1 Logfile[:]System Message[:]The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified. RecordNumber[:]6657 SourceName[:]Service Control Manager TimeGenerated[:]20100630172155.000000+060 TimeWritten[:]20100630172155.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7003 EventIdentifier[:]-1073734821 EventType[:]1 Logfile[:]System Message[:]The IPSEC Services service depends on the following nonexistent service: IPSec RecordNumber[:]6656 SourceName[:]Service Control Manager TimeGenerated[:]20100630172155.000000+060 TimeWritten[:]20100630172155.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7001 EventIdentifier[:]-1073734823 EventType[:]1 Logfile[:]System Message[:]The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. RecordNumber[:]6655 SourceName[:]Service Control Manager TimeGenerated[:]20100630172155.000000+060 TimeWritten[:]20100630172155.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7001 EventIdentifier[:]-1073734823 EventType[:]1 Logfile[:]System Message[:]The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. RecordNumber[:]6654 SourceName[:]Service Control Manager TimeGenerated[:]20100630172155.000000+060 TimeWritten[:]20100630172155.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]39 EventIdentifier[:]-2108030937 EventType[:]2 Logfile[:]System Message[:]The time service is unable to register for network configuration change events. This may occur when TCP/IP is not correctly configured. The time service will be unable to sync time from network providers, but will still use locally installed hardware provdiers, if any are available. RecordNumber[:]6653 SourceName[:]W32Time TimeGenerated[:]20100630172050.000000+060 TimeWritten[:]20100630172050.000000+060 Type[:]warning User[:] Category[:]0 CategoryString[:] EventCode[:]4311 EventIdentifier[:]-1073737513 EventType[:]1 Logfile[:]System Message[:]Initialization failed because the driver device could not be created. RecordNumber[:]6652 SourceName[:]NetBT TimeGenerated[:]20100630171814.000000+060 TimeWritten[:]20100630171844.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7026 EventIdentifier[:]-1073734798 EventType[:]1 Logfile[:]System Message[:]The following boot-start or system-start driver(s) failed to load: mfetdik Tcpip RecordNumber[:]6644 SourceName[:]Service Control Manager TimeGenerated[:]20100630073806.000000+060 TimeWritten[:]20100630073806.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7023 EventIdentifier[:]-1073734801 EventType[:]1 Logfile[:]System Message[:]The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified. RecordNumber[:]6643 SourceName[:]Service Control Manager TimeGenerated[:]20100630073806.000000+060 TimeWritten[:]20100630073806.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7003 EventIdentifier[:]-1073734821 EventType[:]1 Logfile[:]System Message[:]The IPSEC Services service depends on the following nonexistent service: IPSec RecordNumber[:]6642 SourceName[:]Service Control Manager TimeGenerated[:]20100630073806.000000+060 TimeWritten[:]20100630073806.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7001 EventIdentifier[:]-1073734823 EventType[:]1 Logfile[:]System Message[:]The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. RecordNumber[:]6641 SourceName[:]Service Control Manager TimeGenerated[:]20100630073806.000000+060 TimeWritten[:]20100630073806.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7001 EventIdentifier[:]-1073734823 EventType[:]1 Logfile[:]System Message[:]The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. RecordNumber[:]6640 SourceName[:]Service Control Manager TimeGenerated[:]20100630073806.000000+060 TimeWritten[:]20100630073806.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]39 EventIdentifier[:]-2108030937 EventType[:]2 Logfile[:]System Message[:]The time service is unable to register for network configuration change events. This may occur when TCP/IP is not correctly configured. The time service will be unable to sync time from network providers, but will still use locally installed hardware provdiers, if any are available. RecordNumber[:]6639 SourceName[:]W32Time TimeGenerated[:]20100630073701.000000+060 TimeWritten[:]20100630073701.000000+060 Type[:]warning User[:] Category[:]0 CategoryString[:] EventCode[:]4311 EventIdentifier[:]-1073737513 EventType[:]1 Logfile[:]System Message[:]Initialization failed because the driver device could not be created. RecordNumber[:]6638 SourceName[:]NetBT TimeGenerated[:]20100630073427.000000+060 TimeWritten[:]20100630073457.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7001 EventIdentifier[:]-1073734823 EventType[:]1 Logfile[:]System Message[:]The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. RecordNumber[:]6634 SourceName[:]Service Control Manager TimeGenerated[:]20100629215502.000000+060 TimeWritten[:]20100629215502.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7003 EventIdentifier[:]-1073734821 EventType[:]1 Logfile[:]System Message[:]The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec RecordNumber[:]6633 SourceName[:]Service Control Manager TimeGenerated[:]20100629215502.000000+060 TimeWritten[:]20100629215502.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7026 EventIdentifier[:]-1073734798 EventType[:]1 Logfile[:]System Message[:]The following boot-start or system-start driver(s) failed to load: mfetdik Tcpip RecordNumber[:]6627 SourceName[:]Service Control Manager TimeGenerated[:]20100629180025.000000+060 TimeWritten[:]20100629180025.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7023 EventIdentifier[:]-1073734801 EventType[:]1 Logfile[:]System Message[:]The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified. RecordNumber[:]6626 SourceName[:]Service Control Manager TimeGenerated[:]20100629180025.000000+060 TimeWritten[:]20100629180025.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7003 EventIdentifier[:]-1073734821 EventType[:]1 Logfile[:]System Message[:]The IPSEC Services service depends on the following nonexistent service: IPSec RecordNumber[:]6625 SourceName[:]Service Control Manager TimeGenerated[:]20100629180025.000000+060 TimeWritten[:]20100629180025.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7001 EventIdentifier[:]-1073734823 EventType[:]1 Logfile[:]System Message[:]The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. RecordNumber[:]6624 SourceName[:]Service Control Manager TimeGenerated[:]20100629180025.000000+060 TimeWritten[:]20100629180025.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7001 EventIdentifier[:]-1073734823 EventType[:]1 Logfile[:]System Message[:]The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. RecordNumber[:]6623 SourceName[:]Service Control Manager TimeGenerated[:]20100629180025.000000+060 TimeWritten[:]20100629180025.000000+060 Type[:]error User[:] Category[:]6 CategoryString[:]Software Sync EventCode[:]16 EventIdentifier[:]16 EventType[:]1 Logfile[:]System Message[:]Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection. RecordNumber[:]6622 SourceName[:]Windows Update Agent TimeGenerated[:]20100629180023.000000+060 TimeWritten[:]20100629180023.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]39 EventIdentifier[:]-2108030937 EventType[:]2 Logfile[:]System Message[:]The time service is unable to register for network configuration change events. This may occur when TCP/IP is not correctly configured. The time service will be unable to sync time from network providers, but will still use locally installed hardware provdiers, if any are available. RecordNumber[:]6621 SourceName[:]W32Time TimeGenerated[:]20100629175920.000000+060 TimeWritten[:]20100629175920.000000+060 Type[:]warning User[:] Category[:]0 CategoryString[:] EventCode[:]4311 EventIdentifier[:]-1073737513 EventType[:]1 Logfile[:]System Message[:]Initialization failed because the driver device could not be created. RecordNumber[:]6620 SourceName[:]NetBT TimeGenerated[:]20100629175645.000000+060 TimeWritten[:]20100629175715.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]36 EventIdentifier[:]-2108030940 EventType[:]2 Logfile[:]System Message[:]The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. RecordNumber[:]6617 SourceName[:]W32Time TimeGenerated[:]20100628214521.000000+060 TimeWritten[:]20100628214521.000000+060 Type[:]warning User[:] Category[:]0 CategoryString[:] EventCode[:]7001 EventIdentifier[:]-1073734823 EventType[:]1 Logfile[:]System Message[:]The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. RecordNumber[:]6616 SourceName[:]Service Control Manager TimeGenerated[:]20100628214004.000000+060 TimeWritten[:]20100628214004.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7003 EventIdentifier[:]-1073734821 EventType[:]1 Logfile[:]System Message[:]The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec RecordNumber[:]6615 SourceName[:]Service Control Manager TimeGenerated[:]20100628214004.000000+060 TimeWritten[:]20100628214004.000000+060 Type[:]error User[:] Category[:]6 CategoryString[:]Software Sync EventCode[:]16 EventIdentifier[:]16 EventType[:]1 Logfile[:]System Message[:]Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection. RecordNumber[:]6614 SourceName[:]Windows Update Agent TimeGenerated[:]20100628174812.000000+060 TimeWritten[:]20100628174812.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7026 EventIdentifier[:]-1073734798 EventType[:]1 Logfile[:]System Message[:]The following boot-start or system-start driver(s) failed to load: mfetdik Tcpip RecordNumber[:]6608 SourceName[:]Service Control Manager TimeGenerated[:]20100628080710.000000+060 TimeWritten[:]20100628080710.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7023 EventIdentifier[:]-1073734801 EventType[:]1 Logfile[:]System Message[:]The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified. RecordNumber[:]6607 SourceName[:]Service Control Manager TimeGenerated[:]20100628080710.000000+060 TimeWritten[:]20100628080710.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7003 EventIdentifier[:]-1073734821 EventType[:]1 Logfile[:]System Message[:]The IPSEC Services service depends on the following nonexistent service: IPSec RecordNumber[:]6606 SourceName[:]Service Control Manager TimeGenerated[:]20100628080710.000000+060 TimeWritten[:]20100628080710.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7001 EventIdentifier[:]-1073734823 EventType[:]1 Logfile[:]System Message[:]The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. RecordNumber[:]6605 SourceName[:]Service Control Manager TimeGenerated[:]20100628080710.000000+060 TimeWritten[:]20100628080710.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7001 EventIdentifier[:]-1073734823 EventType[:]1 Logfile[:]System Message[:]The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. RecordNumber[:]6604 SourceName[:]Service Control Manager TimeGenerated[:]20100628080710.000000+060 TimeWritten[:]20100628080710.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]39 EventIdentifier[:]-2108030937 EventType[:]2 Logfile[:]System Message[:]The time service is unable to register for network configuration change events. This may occur when TCP/IP is not correctly configured. The time service will be unable to sync time from network providers, but will still use locally installed hardware provdiers, if any are available. RecordNumber[:]6603 SourceName[:]W32Time TimeGenerated[:]20100628080605.000000+060 TimeWritten[:]20100628080606.000000+060 Type[:]warning User[:] Category[:]0 CategoryString[:] EventCode[:]4311 EventIdentifier[:]-1073737513 EventType[:]1 Logfile[:]System Message[:]Initialization failed because the driver device could not be created. RecordNumber[:]6602 SourceName[:]NetBT TimeGenerated[:]20100628080332.000000+060 TimeWritten[:]20100628080402.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7026 EventIdentifier[:]-1073734798 EventType[:]1 Logfile[:]System Message[:]The following boot-start or system-start driver(s) failed to load: mfetdik Tcpip RecordNumber[:]6594 SourceName[:]Service Control Manager TimeGenerated[:]20100628072200.000000+060 TimeWritten[:]20100628072200.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7023 EventIdentifier[:]-1073734801 EventType[:]1 Logfile[:]System Message[:]The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified. RecordNumber[:]6593 SourceName[:]Service Control Manager TimeGenerated[:]20100628072200.000000+060 TimeWritten[:]20100628072200.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7003 EventIdentifier[:]-1073734821 EventType[:]1 Logfile[:]System Message[:]The IPSEC Services service depends on the following nonexistent service: IPSec RecordNumber[:]6592 SourceName[:]Service Control Manager TimeGenerated[:]20100628072200.000000+060 TimeWritten[:]20100628072200.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7001 EventIdentifier[:]-1073734823 EventType[:]1 Logfile[:]System Message[:]The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. RecordNumber[:]6591 SourceName[:]Service Control Manager TimeGenerated[:]20100628072200.000000+060 TimeWritten[:]20100628072200.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7001 EventIdentifier[:]-1073734823 EventType[:]1 Logfile[:]System Message[:]The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. RecordNumber[:]6590 SourceName[:]Service Control Manager TimeGenerated[:]20100628072200.000000+060 TimeWritten[:]20100628072200.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]39 EventIdentifier[:]-2108030937 EventType[:]2 Logfile[:]System Message[:]The time service is unable to register for network configuration change events. This may occur when TCP/IP is not correctly configured. The time service will be unable to sync time from network providers, but will still use locally installed hardware provdiers, if any are available. RecordNumber[:]6589 SourceName[:]W32Time TimeGenerated[:]20100628072055.000000+060 TimeWritten[:]20100628072055.000000+060 Type[:]warning User[:] Category[:]0 CategoryString[:] EventCode[:]4311 EventIdentifier[:]-1073737513 EventType[:]1 Logfile[:]System Message[:]Initialization failed because the driver device could not be created. RecordNumber[:]6588 SourceName[:]NetBT TimeGenerated[:]20100628071819.000000+060 TimeWritten[:]20100628071849.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7003 EventIdentifier[:]-1073734821 EventType[:]1 Logfile[:]System Message[:]The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec RecordNumber[:]7122 SourceName[:]Service Control Manager TimeGenerated[:]20100630182214.000000+060 TimeWritten[:]20100630182214.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7001 EventIdentifier[:]-1073734823 EventType[:]1 Logfile[:]System Message[:]The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. RecordNumber[:]7123 SourceName[:]Service Control Manager TimeGenerated[:]20100630182214.000000+060 TimeWritten[:]20100630182214.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7003 EventIdentifier[:]-1073734821 EventType[:]1 Logfile[:]System Message[:]The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec RecordNumber[:]7124 SourceName[:]Service Control Manager TimeGenerated[:]20100630183431.000000+060 TimeWritten[:]20100630183431.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7001 EventIdentifier[:]-1073734823 EventType[:]1 Logfile[:]System Message[:]The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. RecordNumber[:]7125 SourceName[:]Service Control Manager TimeGenerated[:]20100630183431.000000+060 TimeWritten[:]20100630183431.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7003 EventIdentifier[:]-1073734821 EventType[:]1 Logfile[:]System Message[:]The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec RecordNumber[:]7126 SourceName[:]Service Control Manager TimeGenerated[:]20100630183511.000000+060 TimeWritten[:]20100630183511.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7001 EventIdentifier[:]-1073734823 EventType[:]1 Logfile[:]System Message[:]The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. RecordNumber[:]7127 SourceName[:]Service Control Manager TimeGenerated[:]20100630183511.000000+060 TimeWritten[:]20100630183511.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7003 EventIdentifier[:]-1073734821 EventType[:]1 Logfile[:]System Message[:]The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec RecordNumber[:]7130 SourceName[:]Service Control Manager TimeGenerated[:]20100630192433.000000+060 TimeWritten[:]20100630192433.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7001 EventIdentifier[:]-1073734823 EventType[:]1 Logfile[:]System Message[:]The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. RecordNumber[:]7131 SourceName[:]Service Control Manager TimeGenerated[:]20100630192433.000000+060 TimeWritten[:]20100630192433.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7003 EventIdentifier[:]-1073734821 EventType[:]1 Logfile[:]System Message[:]The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec RecordNumber[:]7132 SourceName[:]Service Control Manager TimeGenerated[:]20100630214101.000000+060 TimeWritten[:]20100630214101.000000+060 Type[:]error User[:] Category[:]0 CategoryString[:] EventCode[:]7001 EventIdentifier[:]-1073734823 EventType[:]1 Logfile[:]System Message[:]The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. RecordNumber[:]7133 SourceName[:]Service Control Manager TimeGenerated[:]20100630214101.000000+060 TimeWritten[:]20100630214101.000000+060 Type[:]error User[:] Caption[:]A: CreationClassName[:]Win32_LogicalDisk Description[:]3 1/2 Inch Floppy Drive DeviceID[:]A: DriveType[:]2 FileSystem[:] FreeSpace[:] MediaType[:]5 Name[:]A: SIZE[:] VolumeName[:] VolumeSerialNumber[:] Caption[:]C: CreationClassName[:]Win32_LogicalDisk Description[:]Local Fixed Disk DeviceID[:]C: DriveType[:]3 FileSystem[:]NTFS FreeSpace[:]58629591040 MediaType[:]12 Name[:]C: SIZE[:]79982587904 VolumeName[:] VolumeSerialNumber[:]5CAB263F Caption[:]D: CreationClassName[:]Win32_LogicalDisk Description[:]CD-ROM Disc DeviceID[:]D: DriveType[:]5 FileSystem[:] FreeSpace[:] MediaType[:]11 Name[:]D: SIZE[:] VolumeName[:] VolumeSerialNumber[:] Caption[:]E: CreationClassName[:]Win32_LogicalDisk Description[:]Removable Disk DeviceID[:]E: DriveType[:]2 FileSystem[:]FAT32 FreeSpace[:]5837455360 MediaType[:] Name[:]E: SIZE[:]7939817472 VolumeName[:] VolumeSerialNumber[:]65386131 Name[:]Adobe Flash Player 10 ActiveX Uninstall[:]C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Vendor[:]Adobe Systems Incorporated Version[:]10.0.32.18 InstallDate[:] InstallLocation[:] Language[:] Name[:]avast! Free Antivirus Uninstall[:]C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup Vendor[:]Alwil Software Version[:]5.0.507.0 InstallDate[:] InstallLocation[:]C:\PROGRA~1\ALWILS~1\Avast5 Language[:] Name[:]avast! Free Antivirus Uninstall[:]C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup Vendor[:]Alwil Software Version[:]5.0.507.0 InstallDate[:] InstallLocation[:]C:\PROGRA~1\ALWILS~1\Avast5 Language[:] Name[:]Cheat Engine 5.5 Uninstall[:]"C:\Program Files\Cheat Engine\unins000.exe" Vendor[:]Dark Byte Version[:] InstallDate[:]20100125 InstallLocation[:]C:\Program Files\Cheat Engine\ Language[:] Name[:]Cheat Engine 5.5 Uninstall[:]"C:\Program Files\Cheat Engine\unins000.exe" Vendor[:]Dark Byte Version[:] InstallDate[:]20100125 InstallLocation[:]C:\Program Files\Cheat Engine\ Language[:] Name[:]Cheat Engine 5.5 Uninstall[:]"C:\Program Files\Cheat Engine\unins000.exe" Vendor[:]Dark Byte Version[:] InstallDate[:]20100125 InstallLocation[:]C:\Program Files\Cheat Engine\ Language[:] Name[:]Cheat Engine 5.5 Uninstall[:]"C:\Program Files\Cheat Engine\unins000.exe" Vendor[:]Dark Byte Version[:] InstallDate[:]20100125 InstallLocation[:]C:\Program Files\Cheat Engine\ Language[:] Name[:]Cheat Engine 5.5 Uninstall[:]"C:\Program Files\Cheat Engine\unins000.exe" Vendor[:]Dark Byte Version[:] InstallDate[:]20100125 InstallLocation[:]C:\Program Files\Cheat Engine\ Language[:] Name[:]Cheat Engine 5.5 Uninstall[:]"C:\Program Files\Cheat Engine\unins000.exe" Vendor[:]Dark Byte Version[:] InstallDate[:]20100125 InstallLocation[:]C:\Program Files\Cheat Engine\ Language[:] Name[:]Cheat Engine 5.5 Uninstall[:]"C:\Program Files\Cheat Engine\unins000.exe" Vendor[:]Dark Byte Version[:] InstallDate[:]20100125 InstallLocation[:]C:\Program Files\Cheat Engine\ Language[:] Name[:]Cheat Engine 5.5 Uninstall[:]"C:\Program Files\Cheat Engine\unins000.exe" Vendor[:]Dark Byte Version[:] InstallDate[:]20100125 InstallLocation[:]C:\Program Files\Cheat Engine\ Language[:] Name[:]Cheat Engine 5.5 Uninstall[:]"C:\Program Files\Cheat Engine\unins000.exe" Vendor[:]Dark Byte Version[:] InstallDate[:]20100125 InstallLocation[:]C:\Program Files\Cheat Engine\ Language[:] Name[:]Cheat Engine 5.5 Uninstall[:]"C:\Program Files\Cheat Engine\unins000.exe" Vendor[:]Dark Byte Version[:] InstallDate[:]20100125 InstallLocation[:]C:\Program Files\Cheat Engine\ Language[:] Name[:]Cheat Engine 5.5 Uninstall[:]"C:\Program Files\Cheat Engine\unins000.exe" Vendor[:]Dark Byte Version[:] InstallDate[:]20100125 InstallLocation[:]C:\Program Files\Cheat Engine\ Language[:] Name[:]Cheat Engine 5.5 Uninstall[:]"C:\Program Files\Cheat Engine\unins000.exe" Vendor[:]Dark Byte Version[:] InstallDate[:]20100125 InstallLocation[:]C:\Program Files\Cheat Engine\ Language[:] Name[:]Windows Internet Explorer 8 Uninstall[:]"C:\WINDOWS\ie8\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]20090308.140743 InstallDate[:]20100414 InstallLocation[:] Language[:] Name[:]Windows Internet Explorer 8 Uninstall[:]"C:\WINDOWS\ie8\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]20090308.140743 InstallDate[:]20100414 InstallLocation[:] Language[:] Name[:]Windows Internet Explorer 8 Uninstall[:]"C:\WINDOWS\ie8\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]20090308.140743 InstallDate[:]20100414 InstallLocation[:] Language[:] Name[:]Windows Internet Explorer 8 Uninstall[:]"C:\WINDOWS\ie8\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]20090308.140743 InstallDate[:]20100414 InstallLocation[:] Language[:] Name[:]Windows Internet Explorer 8 Uninstall[:]"C:\WINDOWS\ie8\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]20090308.140743 InstallDate[:]20100414 InstallLocation[:] Language[:] Name[:]Windows Internet Explorer 8 Uninstall[:]"C:\WINDOWS\ie8\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]20090308.140743 InstallDate[:]20100414 InstallLocation[:] Language[:] Name[:]Windows Internet Explorer 8 Uninstall[:]"C:\WINDOWS\ie8\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]20090308.140743 InstallDate[:]20100414 InstallLocation[:] Language[:] Name[:]Windows Internet Explorer 8 Uninstall[:]"C:\WINDOWS\ie8\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]20090308.140743 InstallDate[:]20100414 InstallLocation[:] Language[:] Name[:]Windows Internet Explorer 8 Uninstall[:]"C:\WINDOWS\ie8\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]20090308.140743 InstallDate[:]20100414 InstallLocation[:] Language[:] Name[:]High Definition Audio Driver Package - KB888111 Uninstall[:]"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]20040219.000000 InstallDate[:] InstallLocation[:] Language[:] Name[:]High Definition Audio Driver Package - KB888111 Uninstall[:]"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]20040219.000000 InstallDate[:] InstallLocation[:] Language[:] Name[:]High Definition Audio Driver Package - KB888111 Uninstall[:]"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]20040219.000000 InstallDate[:] InstallLocation[:] Language[:] Name[:]High Definition Audio Driver Package - KB888111 Uninstall[:]"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]20040219.000000 InstallDate[:] InstallLocation[:] Language[:] Name[:]Windows Genuine Advantage Validation Tool (KB892130) Uninstall[:] Vendor[:]Microsoft Corporation Version[:] InstallDate[:]20091127 InstallLocation[:] Language[:] Name[:]Windows Genuine Advantage Validation Tool (KB892130) Uninstall[:] Vendor[:]Microsoft Corporation Version[:] InstallDate[:]20091127 InstallLocation[:] Language[:] Name[:]Windows Genuine Advantage Validation Tool (KB892130) Uninstall[:] Vendor[:]Microsoft Corporation Version[:] InstallDate[:]20091127 InstallLocation[:] Language[:] Name[:]Windows Genuine Advantage Validation Tool (KB892130) Uninstall[:] Vendor[:]Microsoft Corporation Version[:] InstallDate[:]20091127 InstallLocation[:] Language[:] Name[:]Windows Genuine Advantage Validation Tool (KB892130) Uninstall[:] Vendor[:]Microsoft Corporation Version[:] InstallDate[:]20091127 InstallLocation[:] Language[:] Name[:]Windows Genuine Advantage Validation Tool (KB892130) Uninstall[:] Vendor[:]Microsoft Corporation Version[:] InstallDate[:]20091127 InstallLocation[:] Language[:] Name[:]Windows Genuine Advantage Validation Tool (KB892130) Uninstall[:] Vendor[:]Microsoft Corporation Version[:] InstallDate[:]20091127 InstallLocation[:] Language[:] Name[:]Windows Genuine Advantage Validation Tool (KB892130) Uninstall[:] Vendor[:]Microsoft Corporation Version[:] InstallDate[:]20091127 InstallLocation[:] Language[:] Name[:]Windows Genuine Advantage Validation Tool (KB892130) Uninstall[:] Vendor[:]Microsoft Corporation Version[:] InstallDate[:]20091127 InstallLocation[:] Language[:] Name[:]Windows Genuine Advantage Validation Tool (KB892130) Uninstall[:] Vendor[:]Microsoft Corporation Version[:] InstallDate[:]20091127 InstallLocation[:] Language[:] Name[:]Windows Genuine Advantage Validation Tool (KB892130) Uninstall[:] Vendor[:]Microsoft Corporation Version[:] InstallDate[:]20091127 InstallLocation[:] Language[:] Name[:]Windows Genuine Advantage Validation Tool (KB892130) Uninstall[:] Vendor[:]Microsoft Corporation Version[:] InstallDate[:]20091127 InstallLocation[:] Language[:] Name[:]Windows Genuine Advantage Validation Tool (KB892130) Uninstall[:] Vendor[:]Microsoft Corporation Version[:] InstallDate[:]20091127 InstallLocation[:] Language[:] Name[:]Windows Genuine Advantage Validation Tool (KB892130) Uninstall[:] Vendor[:]Microsoft Corporation Version[:] InstallDate[:]20091127 InstallLocation[:] Language[:] Name[:]Windows Genuine Advantage Validation Tool (KB892130) Uninstall[:] Vendor[:]Microsoft Corporation Version[:] InstallDate[:]20091127 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB923561) Uninstall[:]"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB923789) Uninstall[:]C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Vendor[:]Microsoft Corporation Version[:] InstallDate[:] InstallLocation[:] Language[:] Name[:]Hotfix for Windows Media Format 11 SDK (KB929399) Uninstall[:]"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:] InstallDate[:]20100226 InstallLocation[:] Language[:] Name[:]Hotfix for Windows Media Player 11 (KB939683) Uninstall[:]"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:] InstallDate[:]20100226 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB941569) Uninstall[:]"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:] InstallDate[:]20091202 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB946648) Uninstall[:]"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB950762) Uninstall[:]"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB950974) Uninstall[:]"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB951066) Uninstall[:]"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB951376-v2) Uninstall[:]"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]2 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB951748) Uninstall[:]"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Update for Windows XP (KB951978) Uninstall[:]"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB952004) Uninstall[:]"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows Media Player (KB952069) Uninstall[:]"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:] InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Hotfix for Windows XP (KB952287) Uninstall[:]"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB952954) Uninstall[:]"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows Media Player 11 (KB954154) Uninstall[:]"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:] InstallDate[:]20100226 InstallLocation[:] Language[:] Name[:]Security Update for Windows Media Player (KB954155) Uninstall[:]"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:] InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Hotfix for Windows XP (KB954550-v5) Uninstall[:] Vendor[:]Microsoft Corporation Version[:]5 InstallDate[:]20091218 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB955069) Uninstall[:]"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Update for Windows XP (KB955759) Uninstall[:]"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20100109 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB956572) Uninstall[:]"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB956744) Uninstall[:]"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB956802) Uninstall[:]"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB956803) Uninstall[:]"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB956844) Uninstall[:]"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB957097) Uninstall[:]"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB958644) Uninstall[:]"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB958687) Uninstall[:]"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB958869) Uninstall[:]"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB959426) Uninstall[:]"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB960225) Uninstall[:]"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB960803) Uninstall[:]"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB960859) Uninstall[:]"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Hotfix for Windows XP (KB961118) Uninstall[:]"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091220 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB961371-v2) Uninstall[:]"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]2 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB961501) Uninstall[:]"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Update for Windows XP (KB967715) Uninstall[:]"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Update for Windows XP (KB968389) Uninstall[:]"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows Media Player (KB968816) Uninstall[:]"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:] InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB969059) Uninstall[:]"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB969947) Uninstall[:]"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB970238) Uninstall[:]"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB970430) Uninstall[:]"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091210 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB971468) Uninstall[:]"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20100219 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB971486) Uninstall[:]"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB971557) Uninstall[:]"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Vendor[:]Microsoft Corporation Version[:]1 InstallDate[:]20091128 InstallLocation[:] Language[:] Name[:]Security Update for Windows XP (KB971633) Uninstall[:]"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Vendor[:]Microsoft CPlease download MySystem-Search from here: Download mirror
|
|
| 3136. |
Solve : bsod/screensaver/backround virus alert? |
|
Answer» Hey guys I think I have a virus or malware no sure. I'm not on the infected COMPUTER since I'm on my laptop and at COLLEGE waiting to go to class. But I have a background saying that I NEED a anti-virus program and that I'm infected. I have a avira anti-virus program and I did a scan on this morning but I didn't see the results since I had to leave for work. I plan on getting the logs and everything done tomorrow. I just curious on what kind of virus this could be since I had anti-virus and it did ask me if I wanted to remove it right away and when I did that it went all to heck. I have a compaq presario amd 1.8 1gig of ram and windows xp home sp3. I MIGHT be able to get the logs done in the morning I'm not sure and post them then but if not it will be sometime in the afternoon.Quote just curious on what kind of virus this could be since I had anti-virus and it did ask me if I wanted to remove it right away Thats how they are designed, to trick your security for long enough to install themselves.Yeah tell me about it:) anyways I'll try and get the logs to you as soon as I can and pretty much all my scans and log should be done in safe mode or can I do it in normal mode I usually do my antivirus scans in normal modeDo everything in normal mode unless the instructions call for safe mode.okay sounds good i have 2 of the logs done so far [recovering disk space -- attachment deleted by admin]You didn't update Java or add the MBAM log. HijackThis should be done last.here's my mbam log I'm going to update java [recovering disk space -- attachment deleted by admin]updated java and here's my Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:34:35 PM, on 9/3/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe C:\windows\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\windows\system32\RUNDLL32.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\windows\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Google\Common\Google UPDATER\GoogleUpdaterService.exe C:\windows\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\windows\System32\svchost.exe C:\WINDOWS\system32\msiexec.exe C:\windows\system32\wuauclt.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\windows\system32\guard32.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 8103 bytes new hijack this logi've run cc cleaner and i'm doing a another sas scan and if you want me to I will do another hijack this log and malware bytes scan.Looks fine, how is everything now?everything seems to be okay I just got done with a virus scan and it found 3 more but I had them quarantined but other than that I think it's pretty much fixed. Thanks alot for your help Evil. Use the Kaspersky Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon and choose Run as Administrator. Click on SCAN NOW Click on the Accept button and install any components it needs.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%. |
|
| 3137. |
Solve : Keyboard and mouse freeze when I touch any keyboard key? |
|
Answer» I have two different versions of Windows XP on my system. I am able to SELECT which one I want with the enter key. But after Windows comes up with my family's usernames, the keyboard and MOUSE freeze whenever a key is touched. I am able to use the mouse, open documents and files, surf the WEB, etc., just can't type. I think I have CONTACTED a virus, but AVG doesn't find anything. Anybody familiar with a virus that behaves this way?How long has this been happening? |
|
| 3138. |
Solve : AVG version 8 ?? |
|
Answer» Is it just me or is this newest version of AVG a pain in the &*$% ? |
|
| 3139. |
Solve : plss....open this topic!? |
|
Answer» can someone help me to UNBLOCK blocked websites??? |
|
| 3140. |
Solve : avg 8.0 issues? |
|
Answer» I have been using AVG for years now; and installed 8.0 about 2-3 months ago. It has worked great up until lately; every once in a while I will get a message that a .bin file is missing, and in the last COUPLE of days I get pop ups stating that my update connection is inactive................anybody got any ideas? my system is XP home and works real good, except for this annoying issueUpdate it and the error should go away. This happened with an update a few weeks back and has been fixed.I have it updated and this keeps coming back........I don't know...Reinstall. http://free.avg.com/ww.download-avg-anti-virus-free-editionThanks, Evilfantasy, that is what I am doing; I deleted it TODAY and tried Avira; and it looks pretty good, but I like the AVG format better so I am going to reinstall it. Incidently, it did a good job of identifying some "MALWARE" similarities for some games my wife downloaded from Big Fish Games. I contacted BFG the other day and was told that some of the AV programs sometimes RECOGNIZE them as virus prone because of similar coding. I contacted BFG the other day and was told that some of the AV programs sometimes recognize them as virus prone because of similar coding. That's a nice spin to put on it. Gig Fish Games are ad supported so yes some antimalware software see them as adware, because it is. Not dangerous, just ad supported.You know, I said that I was going to reinstall the AVG 8.0; well, I have not done this yet, I thought I would watch the Avira for a few days..............and you know what?....we just might have a new friend here. It's really a pretty good program. It's kind of like the dog we own....she just showed up about 6 months ago, and just "fit RIGHT in" with the family. gator |
|
| 3141. |
Solve : Bio hazard virus logs for review.? |
|
Answer» I had the biohazard screen virus on my computer. I followed all the steps to remove it as instructed, except the first one of installing the antivirus software, (everytime I tried it told me the file was corrupted). The logs of everything should be attached to this POST(I hope)! Thanks for all your help and patience, it is greatly appreciated!!
Folders to delete: C:\x
---------- Also, now run a new HijackThis scan and post the log. Let me know how the PC is doing as well.Here are the logs, it seems that the pop ups have stopped and that it is running ok for now. Do I need to save the old logs for anything, I just have them on my desktop but I didn't know if I should delete them or not? [recovering disk space -- attachment deleted by admin]We will do some cleanup now. If any logs are left over then they can be deleted. Did you add this to the Desktop yourself? If so it's OK. O24 - Desktop Component 0: (no name) - C:\Documents and Settings\eric\My Documents\limehead2.gif These are final steps. If you have any questions then just ask. ----------
. The above procedure will:
---------- Download OTCleanIt.exe and save it to your Desktop.
---------- Now run CCleaner. ---------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all CRITICAL updates. ---------- To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.I'm working on all the updates right now. If I have any other questions before I get everything done, should I ask you here, or post a new thread on the forum? Again, I can't say thank you enough for all of your help and patience, I really do appreciate it!Go ahead and ask here. No problem on the help....it's why we're here.I did forget to ask about all of the antispyware and antimalware programs that I downloaded, do I delete those now, or do they need to stay on my computer? Also, the antivirus software that I have is from 2003 and may be outdated, should I download something new or leave it as is? |
|
| 3142. |
Solve : Computers running slow? |
|
Answer» Hey everyone , was wondering if anyone could TAKE a look at my log . |
|
| 3143. |
Solve : Possibly infected with Win 2008 virus? |
|
Answer» Dell Dimension 8400, Windows XP SP 3, Norton Internet Security 2008. Everything is current and updated. Could you look over these files and see if i'm clean. I thought i may have opened a bad email inerror and got infected but the scans didn't find anything. I trust the malware FOLKS in this forum, as i've followed many threads and you guys do excellent work. Logs are too big to fit here, so i'll add them to next post or two.alwarebytes' Anti-Malware 1.25 |
|
| 3144. |
Solve : Safety of NetFxUpdate? |
|
Answer» I don't know if my having upgraded my ancient Windows XP Home Edition laptop to Service PACK 2 on Sunday night is relevant but I want to mention it. |
|
| 3145. |
Solve : UPS trojan? |
|
Answer» Sorry I haven't had much input, you seem to have some of the most unique cases EVER. *Not ENVIOUS |
|
| 3146. |
Solve : www.Actualkeylogger.com (monitor.win32.actualspy)? |
|
Answer» I tried to install this program but my virus scanner PICKED it up and SUGGEST i delet the file. The options were to either Quarantine, delete the INFECTED file, exclude from scan or do nothing. Does anyone use it and if so is it safe to install?um well its a keylogger it loggs keystrokes so i DONT think that should be discussed hereIt's not that kind of Keylogger computerruler. It's the type you use on your computer to monitor your families use. So you can know what they're visiting, etc. It's not that kind of Keylogger computerruler. It's the type you use on your computer to monitor your families use. So you can know what they're visiting, etc. Where's the family trust? |
|
| 3147. |
Solve : Malware help PLEASE....? |
|
Answer» I'm running my computer on Windows XP SP2. I plugged in a pendrive that I got from my friend and my computer got infected. Explorer was shutting down, and even if I check the "Show Hidden files and Folder" radio button in Tools->Folder Options, hidden files were not being shown. From M Computer, when I clicked on drives, they were being opened from a new Explorer window. I formatted my C: and reinstalled the OS. However, the problem has persisted. I installed AVAST and right now, it is giving me a "Malware Was FOUND" warning for mnl6on3.com for drives C, D, E, F, G, H (all my drives) as Malware name Win32:Rootkit-gen [Rtk] and classification Rootkit.
---------- Run this Disable/Remove Windows Messenger to the Desktop to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups. Unzip the file on the Desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply. Exit out of MessengerDisable then delete the two files that were put on the Desktop. ---------- Let me know how things are now.The content of the daft log: DAFT Log saved on 2008-09-03 02:16:47 ----------------------------------------------------------------------- All associations okay! Everything seems to be fine now. I deleted autorun files on each drive that were point to mnl6on3.com. Thanks a lot, Man!! Windows Explorer association is also okay now.No problem, LOOKS like your associations got messed up somehow. Here are a few things you MAY want to do. Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. |
|
| 3148. |
Solve : Help the broken Tosh!?!? :-) Trojan.Packed.Execryptor on Windows XP SP3? |
|
Answer» kdfmgr is not malware. It's part of your Trend Micro Internet Security.OMG so he has no idea what he is on about then?
File has already been analysed: MD5: dfc27f9e103c5203538cc7741251949b First received: 11.15.2007 18:03:28 (CET) Date: 08.21.2008 17:32:00 (CET) [>9D] Results: 5/36 Permalink: analisis/dc033d3dec7f506d6e70b3c251d8d2c2 Antivirus Version Last Update Result AhnLab-V3 2008.8.29.0 2008.08.29 - AntiVir 7.8.1.23 2008.08.30 - Authentium 5.1.0.4 2008.08.30 - Avast 4.8.1195.0 2008.08.30 - AVG 8.0.0.161 2008.08.30 - BitDefender 7.2 2008.08.30 - CAT-QuickHeal 9.50 2008.08.29 (Suspicious) - DNAScan ClamAV 0.93.1 2008.08.30 - DrWeb 4.44.0.09170 2008.08.30 - eSafe 7.0.17.0 2008.08.28 Suspicious File eTrust-Vet 31.6.6057 2008.08.29 - Ewido 4.0 2008.08.30 - F-Prot 4.4.4.56 2008.08.29 - F-Secure 7.60.13501.0 2008.08.30 Suspicious:W32/Malware!Gemini Fortinet 3.14.0.0 2008.08.30 - GData 19 2008.08.30 - Ikarus T3.1.1.34.0 2008.08.30 - K7AntiVirus 7.10.433 2008.08.30 - Kaspersky 7.0.0.125 2008.08.30 - MCAFEE 5373 2008.08.29 - Microsoft 1.3807 2008.08.25 - NOD32v2 3401 2008.08.30 - Norman 5.80.02 2008.08.29 - Panda 9.0.0.4 2008.08.30 - PCTools 4.4.2.0 2008.08.30 - Prevx1 V2 2008.08.30 - Rising 20.59.51.00 2008.08.30 - Sophos 4.33.0 2008.08.30 Sus/ComPack Sunbelt 3.1.1592.1 2008.08.30 - Symantec 10 2008.08.30 - TheHacker 6.3.0.6.068 2008.08.30 - TrendMicro 8.700.0.1004 2008.08.29 - VBA32 3.12.8.4 2008.08.30 - ViRobot 2008.8.30.1357 2008.08.30 - VirusBuster 4.5.11.0 2008.08.30 - Webwasher-Gateway 6.6.2 2008.08.30 Virus.Win32.FileInfector.gen (suspicious) Additional information File size: 722472 BYTES MD5...: dfc27f9e103c5203538cc7741251949b SHA1..: d6e03094b38e0643f02a58bdda391a0b7b6f70a 9 SHA256: 3915f3c01a941306a65cf6280a0cb7363dcd69d 9e7a954a3d74a37e871c3b46e SHA512: 19bc1c09075ff8948f4223c71bd574de8912a4f fdffa71abc33f136547e89454 cb61c4139c24fee9fe46e7ddd9bb5601c3c0e34 6396747980a658210e48e7296 PEiD..: UPX v1.03 - v1.04 TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x49e573 timedatestamp.....: 0x46df868c (Thu Sep 06 04:48:12 2007) machinetype.......: 0x14c (I386) ( 7 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x19000 0x19000 6.71 528b410618f8507d929805b1051f1a6f .rdata 0x1a000 0x5000 0x5000 4.96 276806fd758f7dd1b20540bc5185d149 .data 0x1f000 0x6000 0x3000 4.23 3cda64e68fdebf5af68177249a223466 .rsrc 0x25000 0x69000 0x69000 5.76 e1c8154f2bbe78b1ec042e5b783eaf86 13c2q.c. 0x8e000 0x3000 0x3000 4.60 9ef52caf3b18b14a916a1b735df7160e 8o42fxd9 0x91000 0x21000 0x20ba2 6.67 a48c6accf5ee4afb376a07acc039bc4d 0si31ee8 0xb2000 0x1000 0x1000 7.96 8c479de81d17284f4a4ffd9302de8849 ( 6 IMPORTS ) > VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA > KERNEL32.dll: DeviceIoControl, GetPrivateProfileStringA, ExitThread, SleepEx, SetEvent, Sleep, SetThreadPriority, CreateThread, CreateEventA, WaitForSingleObject, ReleaseMutex, GetTickCount, LocalFree, CreateMutexA, MapViewOfFile, CreateFileMappingA, UnmapViewOfFile, GetHandleInformation, GlobalMemoryStatus, WriteConsoleA, SetEnvironmentVariableA, CompareStringW, CompareStringA, SetFilePointer, InitializeCriticalSection, ReadFile, FlushFileBuffers, GetConsoleMode, GetConsoleCP, SetStdHandle, GetTimeZoneInformation, GetLocaleInfoA, GetVersion, GetStringTypeA, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetModuleFileNameA, HeapReAlloc, HeapCreate, HeapDestroy, HeapSize, ExitProcess, DeleteCriticalSection, GetFileType, GetStdHandle, SetHandleCount, LeaveCriticalSection, EnterCriticalSection, GetCurrentDirectoryA, GetFullPathNameA, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, LCMapStringW, MultiByteToWideChar, WideCharToMultiByte, LCMapStringA, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, IsValidCodePage, GetOEMCP, GetACP, InterlockedDecrement, GetSystemInfo, GetModuleHandleA, GetCurrentProcess, GetVersionExA, GetCurrentProcessId, GetCurrentThreadId, GetSystemDefaultLangID, GetUserDefaultLangID, OpenMutexA, GetLastError, GetWindowsDirectoryA, GetSystemDirectoryA, LoadLibraryA, GetProcAddress, DeleteFileA, FindResourceA, LoadResource, LockResource, GetFileAttributesA, SetFileAttributesA, CreateFileA, SizeofResource, WriteFile, CloseHandle, FreeLibrary, GetConsoleOutputCP, WriteConsoleW, SetEndOfFile, GetStringTypeW, InterlockedIncrement, GetCPInfo, GetStartupInfoA, GetProcessHeap, ResumeThread, GetPriorityClass, OpenProcess, VirtualAlloc, VirtualFree, SetLastError, CreateRemoteThread, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, GetDriveTypeA, FindFirstFileA, RtlUnwind, GetSystemTimeAsFileTime, HeapFree, HeapAlloc, RaiseException, GetCommandLineA > USER32.dll: FindWindowExA, GetWindowRect, SetWindowPos, GetDC, BeginPaint, EndPaint, RELEASEDC, DestroyWindow, UnregisterClassA, GetWindowTextA, GetWindow, GetKeyboardState, ToAscii, SendInput, MapVirtualKeyExA, GetKeyboardLayout, MapVirtualKeyA, MessageBoxA, GetKeyState, LoadStringA, GetMessageA, TranslateMessage, DispatchMessageA, LoadIconA, LoadCursorA, RegisterClassExA, GetFocus, InSendMessage, ReplyMessage, PostQuitMessage, DefWindowProcA, IsWindow, CreateDialogParamA, EndDialog, GetCursorPos, GetForegroundWindow, SetForegroundWindow, PostMessageA, KillTimer, EnumWindows, GetClassNameA, AttachThreadInput, SetTimer, CreateWindowExA, ShowWindow, UpdateWindow, FindWindowA, GetWindowThreadProcessId, LoadImageA, wsprintfA, OpenInputDesktop, GetUserObjectInformationA, CloseDesktop > GDI32.dll: GetObjectA, GetDeviceCaps, CreateCompatibleDC, BitBlt, SelectObject, DeleteDC, DeleteObject, CreateCompatibleBitmap > ADVAPI32.dll: OpenSCManagerA, StartServiceA, CreateServiceA, OpenServiceA, ChangeServiceConfigA, CloseServiceHandle, RegCloseKey, RegQueryValueExA, RegOpenKeyExA, GetSecurityDescriptorSacl, GetCurrentHwProfileA > SHELL32.dll: ShellExecuteA, SHGetSpecialFolderPathA, Shell_NotifyIconA ( 0 exports ) ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=dfc27f9e103c5203538cc7741251949b packers (Kaspersky): PE_Patch packers (F-Prot): EXECryptor Quote TrendMicro 8.700.0.1004 2008.08.29 - Not a malicious file.Hey Kevin Im done with my poor Tosh performing like this hey and have no patience left to try and work out what is wrong with it. been reading online (even others you guys are helping) and there sounds like quite a number of ppl experiencing similar probs to what i am, no one appears to know WHAT the issue is or how to reslove it - unless you are an IT Guru. If someone told me 3 wks ago to do thise 20 step process that is around the place and that would fix it i would have given it a shot but since downloading a thousand different antivirus programs. installing/unistalling restarting, have run check disc on startup 3 TIMES, attempted to restore 6 times that all failed. Im over it. Can I just reinstall Windows? Will that fix this? You think it will work? Cheers M You might consider a reinstall. That is usually the only guaranteed way to get things back to normal. It might be a Hard Drive issue or something like that. You can look through and try any of the suggestions found here > Slow Computer? It May Not Be Malware |
|
| 3149. |
Solve : How to uninstall CA Internet Security Suite?? |
|
Answer» Hello-
1) From safe mode, I tried to Add/Remove CA ISS. The screens look like what is shown in the link you provided. It said it couldn't remove the anti-virus part or the firewall part but it did remove the anti-spamware part. Still got BSOD after logging in in normal mode. I'm wondering if it couldn't uninstall those components because it was in safe mode. 2) Looking at the Add/Remove list, I saw that Malwarebytes Anti-Malware installed itself. I had thought that it was a standalone run once sort of program that didn't install itself. So I uninstalled that. Still got BSOD after logging in in normal mode. 3) What about Windows Firewall? It is there but not enabled (and hasn't been for a while). Does that have to be actually uninstalled? 4) I can't download HiJack This because the computer will only run in safe mode. The BSOD happens as all the drivers and little icons in the lower right are filling in before I can get a chance to do anything. The most recent time I tried to boot it to normal mode, instead of logging in, I clicked turn computer off. Somehow Windows snuck in and said there were a bunch of updates that it said it was going to do before TURNING off. So those ran their course. Then I tried going back to normal mode again, still the same BSOD. So essentially the computer is currently unusable. Thanks. Can you do a System Restore?If you mean the selection "Last Known Good Configuration (your most recent settings that worked)" from the F8 boot up screen, no. That doesn't fix it.Try going in and deleting the CA folder in Program Files. Honestly I'm sort of baffled at the moment on what's going on.Well very strange. This lap top has 3 accounts on it. One has administrator privileges, and the other 2 have the lowest level of privileges. I had always been using the administrator because that's were you can control everything from. But I figured what the hey, and tried to log into one of the other accounts to see what would happen. Lo and behold it booted up fine. Applications ran fine and I could go to websites with Firefox. No BSOD. And the parts of CA ISS that remained (anti-spyware and firewall) after I tried to uninstall it in safe mode were still there and actually running. The firewall was blocking all sorts of things and giving notifications. So, from the CA ISS main screen I selected help and there was a CA support web address given (I didn't write it down). I went there and one of the choices is uninstall. I clicked it and it downloaded something to the desk top and ran. Judging by the things that flashed by, it modified stuff in the registry. Then it said to shut down and restart for the uninstall changes to take effect. I did this and logged into the administrator account instead. The CA firewall logo was still up and it now popped up the firewall notifications. And it didn't crash to the BSOD here either. Again I could go to the Internet, and applications worked. But it appeared that ISS had not been fully removed. So I went to Control Panel add/remove programs and it showed as still being there so I selected to uninstall and it cleanly uninstalled all of it. So now it is gone and the computer seems to be working. Next I'm going to get XP Sp3 loaded. Windows Update is now causing problems, not finishing and giving "error code: 0xD0000005" Google for this doesn't turn up much useful. So I am going to try the Microsoft Support for that. They say live help is free for Update issues. Then I will clean up the hard drive, get rid of all the temp stuff, and maybe re-run Malwarebytes again just to be sure. It seemed to have been the most effective at getting rid of the the associated junk that VirusHeat and XP Antivirus 2008 dumped on the system. The Malwarebytes log included the following classifications of nastiness that it found and deleted: rogue.virusheat rogue.multiple rogue.antivirus2008 rogue.link trojan.fakealert trojan.zlob hijack.wallpaper hijack.displayproperties spyware.passwords rootkit.dnschanger.h The last two are obviously the most troubling. Luckily I never use this computer for accessing bank information and the like. And the filename that was the rogue.link was called "online security test.url". Hah. It must have been all the different things that I did while trying to remove this stuff that broke CA ISS and also the Windows Update. The saga is not done yet. After I can get XP Sp3 installed, I may give the CA another try. Or maybe AVG. It's amazing to me that the most popular operating system in the world is the one that is the most vulnerable to exploits like this. I also have a W98 SE machine that I've used for over 8 years and it has never gotten anything like this. I HOPE all this detail that I have written might help someone else in this situation. Thanks for the suggestions. There have been some different variations of virus lately that are COMPLETELY crippling systems laving reinstalling the only option. Hopefully MS will help you get the updates fixed. Be sure you are 100% free of malware before installing SP3. If not it will cause big problems. MalwareBytes is a very good application. That along with your antivirus is all most will ever need. |
|
| 3150. |
Solve : A quick check of HJT please guys?!...? |
|
Answer» Hey guys, could SOMEONE please run over this:
Scan saved at 13:11:23, on 29/08/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.avfc.premiumtv.co.uk/page/Home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.thetechguys.com/welcome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [UpdateP2GShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe "C:\Program Files\CyberLink\Power2Go" update "SOFTWARE\CyberLink\Power2Go\5.0" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O13 - Gopher Prefix: O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 5561 bytes No I didint add them, I just did a quick Google Search of 'Mirar' though and it appears to be somesort of Ad-ware. Thanks alot Peace ChrisOpen HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) IMPORTANT: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis and restart the computer to register the changes MADE by HijackThis. ---------- Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Download JavaRa and unzip it to your desktop.
Follow this link to download and install Java Runtime Environment (JRE) 6 Update 7 ---------- Everything OK now? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:11:23, on 29/08/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.avfc.premiumtv.co.uk/page/Home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.thetechguys.com/welcome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [UpdateP2GShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe "C:\Program Files\CyberLink\Power2Go" update "SOFTWARE\CyberLink\Power2Go\5.0" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O13 - Gopher Prefix: O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 5561 bytes Yea everything seems fine now, laptop boots up much quicker and all now. Thanks alot!!!! Much appreciates Bless Chris |
|
