IE/AVG issues - from Downloader.Generic3.SZP, Generic12.LHS, Vundo.AV?

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

IE/AVG issues - from Downloader.Generic3.SZP, Generic12.LHS, Vundo.AV?, Found viruses, cleaned them with AVG, still have IE and AVG issues

Options

Kelvin in Oregon View Member Profile	Nov 27 2008, 06:31 PM Post #1
Member Group: Members Posts: 29 Joined: 27-November 08 Member No.: 261,378	I'm a first-time poster, so I apologize in advance for any mistakes I make. Problems started when AVG Free 8.0 found Downloader.Generic3.SZP and Generic12.LHS. I used AVG to remove them. My AVG scan that night found 18 infections (multiples of several): SHeur2.CRJ SHeur2.HK SHeur.CRBJ Vundo.AV Generic12.LHS IUpd721 (reference to) AVG cleaned them, but said 2 instaces of Vundo.AV (in lsass.exe and hlJDwTLD.dll) would be fixed on the next reboot. My next reboot failed. Tried to restore to recovery point, but that failed (nothing happened when I clicked on Next to do the restore). Eventually was able to run HijackThis (with a friend's help) and clean up enough things that my reboots now work (at least most of the time). Eventually ran Vundo Fix and VirtumundoBegoneand at that point AVG scans (when they worked) showed no issues. It appears that there's still leftover issues because of the following: IE (7.0) gets "cannot display the webpage" at many websites, especially those for AntiVirus/AntiSpyware, including AVG, Kaspersky, BleepingComputer (I'm running this on another computer) AVG Update fails with either "Update Manager: control file is missing" or "Connection failed" Running an AVG scan gets Avgwdsvc.exe encountered a problem. Sometimes the scan continues, sometimes it doesn't. I'm still getting some popups, including www.registrydefender.com, Searchme, Scan.scannerantispyware.com and 85.12.43.70 Google Results page shows larger font than it used to. Clicking on Google Result link often goes to a completely different page. I've gotten "Windows Explorer has encounted a problem (then shuts down)" a couple of times. I tried to follow your recommended steps as much as possible. This included: Clearing IE Temporary Files Renamed C:windows\system32\drivers\etc\hosts to hosts.spybot Installed WindowsDefender. Removed prunnet.exe (2), gadcom.exe, and several less-signifcant items. Several of the less-significant items have come back. Validated Firewall was turned on. Installed current JRE (6 Update 10) Your instructions said to remove my oder JRE, but the names were dissimilar, so I wanted to make sure that was correct before I did. Add/Remove programs shows my old Java as Java 2 Runtime Environment SE 1.3.1. As mentioned above, I installed JRE 6 Update 10. Is that the right update, so I should remove my old 1.3.1 version? I was then ready to collect the information you requested. Unfortunately, I can't run Kaspersky's Online Scan, because I get IE cannot display the webpage. I then downloaded RSIT from this computer, copied it to the failing computer and ran it. The first time I got AutoIt Error Line -1: Error: Variable used without being declared. I tried it again and I got a log.txt, but no info.txt. log.txt has: Logfile of random's system information tool 1.04 (written by random/random) Run by Kelvin Romrell at 2008-11-27 14:46:44 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 25 GB (42%) free of 59 GB Total RAM: 479 MB (26% free) HijackThis download failed ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1041827745.job C:\WINDOWS\tasks\MP Scheduled Scan.job C:\WINDOWS\tasks\User_Feed_Synchronization-{9C45F3F9-82C9-43B6-A419-EDD06286B92E}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{001CB64B-74E4-45A9-B897-9F1D9A2EE901}] C:\WINDOWS\system32\mlJDwTLD.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-27 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-03 2055960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-04-12 2554944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-27 652784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}] PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-27 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-27 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-04-12 2554944] {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-03 2055960] {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "CPQEASYACC"=C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe [2001-12-14 32768] "WCOLOREAL"=C:\Program Files\COMPAQ\Coloreal\coloreal.exe [2002-02-20 143360] "srmclean"=C:\Cpqs\Scom\srmclean.exe [2001-07-24 36864] "IPInSightLAN 01"=C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe [2002-03-18 364544] "IPInSightMonitor 01"=C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe [2002-03-18 102400] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-01 1234712] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-27 136600] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Compaq_RBA"=C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe [2002-05-16 262144] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-07 68856] C:\Documents and Settings\All Users\Start Menu\Programs\Startup HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe C:\Documents and Settings\Kelvin Romrell\Start Menu\Programs\Startup Internet Explorer.lnk - ToDo List.lnk - C:\Documents and Settings\Kelvin Romrell\My Documents\ToDo List.doc Windows Explorer.lnk - C:\WINDOWS\explorer.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="avgrsstx.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128] "{73259091-9574-4ED8-A40F-7F65AFC28634}"= [] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 C:\WINDOWS\system32\mlJDwTLD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\Palm\HOTSYNC.EXE"="C:\Program Files\Palm\HOTSYNC.EXE::Enabled:HotSync® Manager Application" "C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe::Enabled:Microsoft Fax Console" "C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe::Enabled:Microsoft DirectPlay Helper" "C:\Program Files\Netscape\Netscape 6\Netscp.exe"="C:\Program Files\Netscape\Netscape 6\Netscp.exe::Enabled:Netscape" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe::Enabled:Microsoft DirectPlay Voice Test" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe::Enabled:Run a DLL as an App" "C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe::Enabled:Windows Media Player" "C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe::Enabled:Kodak Software Updater" "C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe::Enabled:EasyShare" "C:\Program Files\Real\RealOne Player\realplay.exe"="C:\Program Files\Real\RealOne Player\realplay.exe::Enabled:RealPlayer" "C:\Program Files\Yahoo! Games\Yahoo! Ten Pin Championship Bowling\Yahoo Ten Pin Championship Bowling.exe"="C:\Program Files\Yahoo! Games\Yahoo! Ten Pin Championship Bowling\Yahoo Ten Pin Championship Bowling.exe::Enabled:Skyworks Ten Pin Championship Bowling" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Replay AV 8\Tuner.exe"="C:\Program Files\Replay AV 8\Tuner.exe::Enabled:Replay Tuner" "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe::Enabled:avgupd.exe" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe::Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe::Enabled:Skype" "C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD::Disabled:Age of Empires II" "C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD::Disabled:Age of Empires II Expansion" "C:\Sierra\Empire Earth\Empire Earth.exe"="C:\Sierra\Empire Earth\Empire Earth.exe::Disabled:Empire Earth" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7653464-9639-11db-9048-0010dc79a17c}] shell\AutoRun\command - F:\LaunchU3.exe -a ======List of files/folders created in the last 1 months====== 2008-11-27 14:17:31 ----D---- C:\Program Files\trend micro 2008-11-27 14:17:29 ----D---- C:\rsit 2008-11-27 14:04:58 ----A---- C:\WINDOWS\system32\javaws.exe 2008-11-27 14:04:58 ----A---- C:\WINDOWS\system32\javaw.exe 2008-11-27 14:04:58 ----A---- C:\WINDOWS\system32\java.exe 2008-11-27 14:04:58 ----A---- C:\WINDOWS\system32\deploytk.dll 2008-11-27 14:04:19 ----D---- C:\Program Files\Java 2008-11-27 14:03:57 ----D---- C:\Documents and Settings\Kelvin Romrell\Application Data\Sun 2008-11-27 10:47:32 ----D---- C:\Program Files\Windows Defender 2008-11-27 00:05:36 ----D---- C:\WINDOWS\pss 2008-11-25 20:51:01 ----A---- C:\WINDOWS\system32\mcrh.tmp 2008-11-25 19:58:00 ----D---- C:\VundoFix Backups 2008-11-25 19:58:00 ----A---- C:\VundoFix.txt 2008-11-25 17:16:32 ----D---- C:\Program Files\HijackThis 2008-11-25 16:54:17 ----D---- C:\Program Files\XoftSpySE 2008-11-25 16:18:21 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2008-11-24 18:13:19 ----A---- C:\WINDOWS\ntbtlog.txt 2008-11-24 17:20:02 ----SH---- C:\WINDOWS\system32\wigbiwnx.ini 2008-11-23 21:47:03 ----D---- C:\Documents and Settings\Kelvin Romrell\Application Data\IUpd721 2008-11-23 20:57:06 ----ASH---- C:\WINDOWS\system32\YJkRqBeg.ini2 2008-11-23 20:57:01 ----ASH---- C:\WINDOWS\system32\YJkRqBeg.ini 2008-11-23 17:21:43 ----SH---- C:\WINDOWS\system32\efaipknj.ini 2008-11-23 17:16:37 ----A---- C:\WINDOWS\system32\a77327a0-.txt 2008-11-23 17:15:32 ----ASH---- C:\WINDOWS\system32\DLTwDJlm.ini2 2008-11-23 17:15:32 ----ASH---- C:\WINDOWS\system32\DLTwDJlm.ini 2008-11-23 16:46:46 ----A---- C:\WINDOWS\system32\prunnet.exe 2008-11-21 22:22:21 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2008-11-21 22:17:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2008-11-07 17:02:18 ----A---- C:\WINDOWS\system32\wuapi.dll.mui 2008-11-05 18:06:20 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL ======List of files/folders modified in the last 1 months====== 2008-11-27 14:27:58 ----AD---- C:\WINDOWS 2008-11-27 14:27:58 ----A---- C:\WINDOWS\.compaq.bak 2008-11-27 14:17:31 ----AD---- C:\Program Files 2008-11-27 14:05:17 ----SHD---- C:\WINDOWS\Installer 2008-11-27 14:04:58 ----D---- C:\WINDOWS\system32 2008-11-27 14:03:39 ----D---- C:\My Temp 2008-11-27 13:24:08 ----D---- C:\Documents and Settings\Kelvin Romrell\Application Data\U3 2008-11-27 12:28:43 ----SD---- C:\WINDOWS\Tasks 2008-11-27 12:27:33 ----D---- C:\WINDOWS\Temp 2008-11-27 12:27:26 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-27 12:26:28 ----A---- C:\WINDOWS\ModemLog_Conexant HSFi V90 V92 56K PCI Modem.txt 2008-11-27 12:23:32 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-27 12:15:40 ----D---- C:\Program Files\Replay AV 8 2008-11-27 10:49:04 ----D---- C:\WINDOWS\Prefetch 2008-11-27 10:47:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-11-27 10:47:32 ----HD---- C:\WINDOWS\inf 2008-11-27 00:33:58 ----D---- C:\Documents and Settings\Kelvin Romrell\Application Data\Skype 2008-11-26 23:45:59 ----HD---- C:\$AVG8.VAULT$ 2008-11-26 22:34:19 ----D---- C:\WINDOWS\Help 2008-11-26 06:39:26 ----D---- C:\WINDOWS\Minidump 2008-11-25 17:37:28 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-11-25 17:37:24 ----D---- C:\Program Files\Virtools Web Player 3.5 2008-11-25 17:37:21 ----HD---- C:\Documents and Settings\All Users\Application Data\Move Networks 2008-11-24 18:30:16 ----D---- C:\WINDOWS\system32\drivers 2008-11-24 18:29:30 ----D---- C:\Documents and Settings\All Users\Application Data\avg8 2008-11-24 18:17:17 ----D---- C:\Documents and Settings 2008-11-23 17:06:56 ----D---- C:\Temp 2008-11-23 16:40:49 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-11-21 22:22:30 ----RSHD---- C:\WINDOWS\system32\dllcache 2008-11-21 22:21:07 ----HD---- C:\WINDOWS\$hf_mig$ 2008-11-21 22:19:17 ----A---- C:\WINDOWS\imsins.BAK 2008-11-21 22:09:03 ----D---- C:\WINDOWS\WinSxS 2008-11-05 18:09:36 ----D---- C:\WINDOWS\system32\FxsTmp 2008-11-05 18:09:30 ----D---- C:\Program Files\PDFCreator 2008-11-05 17:24:42 ----D---- C:\Documents and Settings\Kelvin Romrell\Application Data\PDFcreator 2008-11-04 19:22:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-11-04 19:14:23 ----D---- C:\WINDOWS\system32\Macromed 2008-11-04 16:58:50 ----D---- C:\Program Files\Musicnotes 2008-11-04 16:58:42 ----RSD---- C:\WINDOWS\Fonts 2008-11-03 16:10:25 ----A---- C:\WINDOWS\system32\MRT.exe 2008-10-31 17:26:24 ----D---- C:\Program Files\QUICKENW 2008-10-31 17:26:24 ----A---- C:\WINDOWS\Quicken.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840] R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-28 97928] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-03 26824] R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2008-05-17 66992] R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2008-05-17 24698] R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-06-19 237568] R1 EAWDMFD;EAWDMFD; C:\WINDOWS\system32\drivers\EAWDMFD.sys [1999-10-29 24348] R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2002-06-19 127026] R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2002-06-19 206336] R2 Fallback;Fallback; C:\WINDOWS\system32\DRIVERS\C4C_FALL.sys [2002-07-08 303171] R2 Fsks;Fsks; C:\WINDOWS\system32\DRIVERS\C4C_FSKS.sys [2002-07-08 124703] R2 K56;K56; C:\WINDOWS\system32\DRIVERS\C4C_K56K.sys [2002-07-08 428578] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-09-17 17744] R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2001-08-18 63232] R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2001-08-18 55936] R2 SoftFax;SoftFax; C:\WINDOWS\system32\DRIVERS\C4C_FAXX.sys [2002-07-08 212494] R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [2002-07-08 33548] R2 Tones;Tones; C:\WINDOWS\system32\DRIVERS\C4C_TONE.sys [2002-07-08 59664] R2 V124;V124; C:\WINDOWS\system32\DRIVERS\C4C_V124.sys [2002-07-08 542223] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800] R3 C4C_BSC2;C4C_BSC2; C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 84788] R3 eaps2kbd;Compaq Easy Access PS2 Internet Keyboard (Win2K); C:\WINDOWS\System32\DRIVERS\eaps2kbd.sys [2001-12-28 24035] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2002-06-19 29446] R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624] R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-03-19 96768] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248] R3 Rksample;Rksample; C:\WINDOWS\system32\DRIVERS\C4C_SAMP.sys [2002-07-08 62422] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-01-16 415400] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2002-07-08 591520] S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496] S2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2004-08-03 88448] S3 APLMp50;APLMp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\APLMp50.sys [2006-11-28 28224] S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\basic2.sys [2002-01-02 84786] S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552] S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552] S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2002-06-19 25226] S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760] S3 gbalink;GBA Link Driver (gbalink.sys); C:\WINDOWS\System32\Drivers\gbalink.sys [2001-03-08 19677] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2002-02-15 50960] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2002-03-21 16112] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2002-03-08 22512] S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020] S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415] S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127] S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775] S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063] S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455] S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311] S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551] S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys [] S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599] S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615] S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2004-08-03 40320] S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000] S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2006-12-27 16694] S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2004-08-03 12672] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [] S3 wandrv;WAN Network Driver; C:\WINDOWS\System32\DRIVERS\wandrv.sys [2001-08-09 22608] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-03 5504] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-03 611664] R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-28 231704] R2 Compaq_RBA;Compaq Advisor; C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe [2002-05-16 262144] R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-03 267776] R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-27 168432] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-27 152984] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810] R2 StatusAgent4;Epson Printer Status Agent4; C:\WINDOWS\system32\SAgent4.exe [2004-04-29 122880] R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336] S2 NwSapAgent;SAP Agent; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048] S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040] S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264] S4 msCMTSrvc;Content Monitoring Tool; C:\WINDOWS\system32\msCMTSrvc.exe [] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2002-03-15 81920] S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] -----------------EOF----------------- Let me know what additional information you need.

3 Pages

< 1 2 3 >

Replies (15 - 29)

farbar View Member Profile	Dec 7 2008, 03:13 PM Post #16
Bleeping Curious Group: HJT Team Posts: 7,103 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	Click OK to error and yes to updating. If you get another error again just delete your Combofix from desktop, download a fresh copy and proceed with the fix. Whenever Combofix asked for update just let it happen. Is is good asking and making sure. -------------------- This is a voluntary free service. However, if you would like to donate click on

Kelvin in Oregon View Member Profile	Dec 7 2008, 04:24 PM Post #17
Member Group: Members Posts: 29 Joined: 27-November 08 Member No.: 261,378	Here is the log from ComboFix: ComboFix 08-12-06.06 - Kelvin Romrell 2008-12-07 12:23:05.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.120 [GMT -8:00] Running from: c:\documents and settings\Kelvin Romrell\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Kelvin Romrell\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\System32\efaipknj.ini c:\windows\System32\wigbiwnx.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_oroc ((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 ))))))))))))))))))))))))))))))) . 2008-12-03 19:34 . 2008-12-03 19:34 <DIR> d-------- c:\documents and settings\Kelvin Romrell\Application Data\Malwarebytes 2008-12-03 18:13 . 2008-12-03 18:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-03 18:13 . 2008-12-03 18:13 <DIR> d-------- c:\documents and settings\Work\Application Data\Malwarebytes 2008-12-03 18:13 . 2008-12-03 18:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-03 18:13 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-03 18:13 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-03 17:11 . 2008-12-03 17:11 <DIR> d-------- c:\windows\ERUNT 2008-12-03 16:59 . 2008-12-03 17:43 <DIR> d-------- C:\SDFix 2008-11-29 14:23 . 2008-11-29 14:26 <DIR> d-------- c:\program files\ERUNT 2008-11-27 14:17 . 2008-11-27 14:17 <DIR> d-------- C:\rsit 2008-11-27 14:17 . 2008-11-27 14:17 <DIR> d-------- c:\program files\trend micro 2008-11-27 14:04 . 2008-11-27 14:04 <DIR> d-------- c:\program files\Java 2008-11-27 14:04 . 2008-11-27 14:04 410,976 --a------ c:\windows\system32\deploytk.dll 2008-11-27 14:04 . 2008-11-27 14:04 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-11-27 10:47 . 2008-11-27 10:47 <DIR> d-------- c:\program files\Windows Defender 2008-11-25 20:50 . 2008-12-03 18:00 <DIR> d-------- c:\documents and settings\Work\Application Data\U3 2008-11-25 19:58 . 2008-11-25 19:58 <DIR> d-------- C:\VundoFix Backups 2008-11-25 16:54 . 2008-11-25 16:54 <DIR> d-------- c:\program files\XoftSpySE 2008-11-25 16:26 . 2008-11-25 16:26 <DIR> d-------- c:\documents and settings\Work\Application Data\Windows Desktop Search 2008-11-25 16:23 . 2008-11-25 16:23 <DIR> d-------- c:\documents and settings\Work\Application Data\Windows Search 2008-11-25 16:18 . 2008-11-25 16:18 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2008-11-24 18:17 . 2008-11-25 22:05 <DIR> d-------- c:\documents and settings\Administrator 2008-11-23 16:46 . 2008-11-23 16:46 29,184 --a------ c:\windows\system32\MSINET.oca 2008-11-23 16:46 . 2008-11-23 16:46 2,407 --a------ c:\windows\system32\MSINET.DEP 2008-11-15 09:43 . 2008-11-15 09:43 <DIR> d-------- c:\documents and settings\Camille Romrell\Application Data\Snapfish 2008-11-07 17:02 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-07 20:58 5,068 ----a-w c:\windows\compaq.reg 2008-12-07 16:52 --------- d-----w c:\program files\Replay AV 8 2008-12-07 08:42 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2008-11-29 22:06 --------- d-----w c:\documents and settings\Kelvin Romrell\Application Data\U3 2008-11-27 08:33 --------- d-----w c:\documents and settings\Kelvin Romrell\Application Data\Skype 2008-11-26 01:37 --------- d--h--w c:\documents and settings\All Users\Application Data\Move Networks 2008-11-26 01:37 --------- d-----w c:\program files\Virtools Web Player 3.5 2008-11-25 02:29 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2008-11-24 04:37 --------- d-----w c:\documents and settings\Camille Romrell\Application Data\Skype 2008-11-06 02:09 --------- d-----w c:\program files\PDFCreator 2008-11-06 01:24 --------- d-----w c:\documents and settings\Kelvin Romrell\Application Data\PDFcreator 2008-11-06 00:32 --------- d-----w c:\documents and settings\Work\Application Data\PDFcreator 2008-11-05 00:59 --------- d-----w c:\documents and settings\Camille Romrell\Application Data\Sibelius Software 2008-11-05 00:58 --------- d-----w c:\program files\Musicnotes 2008-11-01 01:26 --------- d-----w c:\program files\QUICKENW 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-06-13 03:01 124,568 ----a-w c:\documents and settings\Kelvin Romrell\Application Data\GDIPFONTCACHEV1.DAT 2008-05-15 18:07 124,568 ----a-w c:\documents and settings\Camille Romrell\Application Data\GDIPFONTCACHEV1.DAT 2007-01-05 02:46 60,928 ----a-w c:\documents and settings\Camille Romrell\jbfmod.dll 2007-01-05 02:46 161,280 ----a-w c:\documents and settings\Camille Romrell\fmod.dll 2005-02-11 01:26 118,496 ----a-w c:\documents and settings\Guest\Application Data\GDIPFONTCACHEV1.DAT 2007-03-09 08:12 27,648 --sha-w c:\windows\system32\AVSredirect.dll . ((((((((((((((((((((((((((((( snapshot@2008-12-05_21.57.16.44 ))))))))))))))))))))))))))))))))))))))))) . + 2008-12-07 20:33:13 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_464.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 68856] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CPQEASYACC"="c:\program files\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-14 32768] "WCOLOREAL"="c:\program files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 143360] "srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864] "IPInSightLAN 01"="c:\program files\Verizon Online\Visual IP InSight\IPClient.exe" [2002-03-18 364544] "IPInSightMonitor 01"="c:\program files\Verizon Online\Visual IP InSight\IPMon32.exe" [2002-03-18 102400] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-03 1261336] "nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe] c:\documents and settings\Camille Romrell\Start Menu\Programs\Startup\ Monitor.lnk - c:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2006-11-11 114688] officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-06-11 147456] Replay AV 8.lnk - c:\program files\Replay AV 8\ReplayAV.exe [2007-08-19 789504] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2004-06-09 471040] Windows Media Player.lnk - c:\program files\Windows Media Player\wmplayer.exe [2004-08-11 64000] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.iac2"= c:\progra~1\REPLAY~1\iac25_32.ax [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "DDCM"="c:\program files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" "NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize "Smapp"=c:\program files\Analog Devices\SoundMAX\Smtray.exe "Share-to-Web Namespace Daemon"=c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Palm\\HOTSYNC.EXE"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Netscape\\Netscape 6\\Netscp.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"= "c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Real\\RealOne Player\\realplay.exe"= "c:\\Program Files\\Yahoo! Games\\Yahoo! Ten Pin Championship Bowling\\Yahoo Ten Pin Championship Bowling.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Replay AV 8\\Tuner.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Sierra\\Empire Earth\\Empire Earth.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-17 97928] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-17 231704] R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592] R3 C4C_BSC2;C4C_BSC2;c:\windows\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 84788] S2 NwSapAgent;SAP Agent;c:\windows\System32\svchost.exe -k netsvcs [2001-08-18 14336] S3 gbalink;GBA Link Driver (gbalink.sys);c:\windows\system32\Drivers\gbalink.sys [2004-12-06 19677] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000] S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;c:\windows\system32\DRIVERS\usb8023.sys [2001-08-18 12672] S4 msCMTSrvc;Content Monitoring Tool;c:\windows\system32\msCMTSrvc.exe [] S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652] . Contents of the 'Scheduled Tasks' folder 2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2003-04-16 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1041827745.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-11 10:56] 2008-12-07 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] 2008-12-07 c:\windows\Tasks\User_Feed_Synchronization-{9C45F3F9-82C9-43B6-A419-EDD06286B92E}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 11:58] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = 127.0.0.1;localhost uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 TCP: {9EF00D4C-1C17-49BD-B291-43BF07F3779F} = 139.126.16.128 139.126.16.198 O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd c:\windows\Downloaded Program Files\DIGHardwareControl.ocx - O16 -: {352797A0-EFD0-4FA6-B229-145120EA4B8A} hxxps://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab c:\windows\Downloaded Program Files\DIGHardwareControl.inf O16 -: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxp://esis6.nwpartnership.org:7777/forms/jinitiator/jinit.exe . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-07 12:58:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\SAgent4.exe c:\windows\system32\fxssvc.exe c:\windows\system32\searchindexer.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\program files\COMPAQ\Easy Access Button Support\CPQEADM.exe c:\compaq\eakdrv\EAUSBKBD.exe c:\progra~1\COMPAQ\EASYAC~1\BttnServ.exe c:\windows\system32\rundll32.exe c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe c:\program files\Internet Explorer\iexplore.exe c:\program files\Microsoft Office\Office10\WINWORD.EXE . ************************************************************************ . Completion time: 2008-12-07 13:07:56 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-07 21:07:52 ComboFix2.txt 2008-12-06 05:58:09 Pre-Run: 30,671,196,160 bytes free Post-Run: 30,726,156,288 bytes free 209 --- E O F --- 2008-11-22 07:02:47 Your initial instructions also asked me to re-download and rerun RSIT. Here is the log (you told me you didn't need the info.txt): Logfile of random's system information tool 1.04 (written by random/random) Run by Kelvin Romrell at 2008-12-07 13:22:35 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 29 GB (50%) free of 59 GB Total RAM: 479 MB (10% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:22:49 PM, on 12/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\SAgent4.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE C:\Compaq\EAKDRV\EAUSBKBD.EXE C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Palm\Hotsync.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\Documents and Settings\Kelvin Romrell\Desktop\RSIT.exe C:\My Temp\Kelvin Romrell.exe C:\WINDOWS\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 N3 - Netscape 7: # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the browser is running, * the changes will be overwritten when the browser exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see http://www.mozilla.org/unix/customizing.html#prefs / user_pref("__000.aim.general.im.enterCR", false); user_pref("__000.aim.general.im.tabKey", false); user_pref("__000.aim.general.im.timeStamp", false); user_pref("__sys.aim.filexfer.location", ""); user_pref("__sys.aim.general.im.enterCR", false); user_pref("__sys.aim.general.im.smilies", false); user_pref("__sys.aim.general.im.tabKey", false); user_pref("__sys.aim.general.im.timeStamp", false); user_pref("__sys.aim.general.snsautosignon", false); user_pref("__sys.aim.general.today", false); user_pref("aim.session.firsttime", false); user_pref("browser.activation.checkedNNFlag", true); user_pref("browser.bookmarks.added_static_root", true); user_pref(" N3 - Netscape 7: # Mozilla User Preferences / Do not edit this file. * * If you make changes to this file while the browser is running, * the changes will be overwritten when the browser exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see http://www.mozilla.org/unix/customizing.html#prefs / user_pref("__000.aim.general.im.enterCR", false); user_pref("__000.aim.general.im.tabKey", false); user_pref("__000.aim.general.im.timeStamp", false); user_pref("__sys.aim.filexfer.location", ""); user_pref("__sys.aim.general.im.enterCR", false); user_pref("__sys.aim.general.im.smilies", false); user_pref("__sys.aim.general.im.tabKey", false); user_pref("__sys.aim.general.im.timeStamp", false); user_pref("__sys.aim.general.snsautosignon", false); user_pref("__sys.aim.general.today", false); user_pref("aim.session.firsttime", false); user_pref("browser.activation.checkedNNFlag", true); user_pref("browser.bookmarks.added_static_root", true); user_pref(" O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll (file missing) O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Internet Explorer.lnk = ? O4 - Startup: ToDo List.lnk = C:\Documents and Settings\Kelvin Romrell\My Documents\ToDo List.doc O4 - Startup: Windows Explorer.lnk = C:\WINDOWS\explorer.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe O4 - Global Startup: Windows Media Player.lnk = C:\Program Files\Windows Media Player\wmplayer.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409 O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bl118fd.blu118.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134239353984 O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.20.19/ttinst.cab O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) - http://esis6.nwpartnership.org:7777/forms/...iator/jinit.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...352/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9EF00D4C-1C17-49BD-B291-43BF07F3779F}: NameServer = 139.126.16.128 139.126.16.198 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = plaza.ds.adp.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = plaza.ds.adp.com O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe -- End of file - 12121 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1041827745.job C:\WINDOWS\tasks\MP Scheduled Scan.job C:\WINDOWS\tasks\User_Feed_Synchronization-{9C45F3F9-82C9-43B6-A419-EDD06286B92E}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-03 2055960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-04-12 2554944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-27 652784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}] PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-04-12 2554944] {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-03 2055960] {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "CPQEASYACC"=C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe [2001-12-14 32768] "WCOLOREAL"=C:\Program Files\COMPAQ\Coloreal\coloreal.exe [2002-02-20 143360] "srmclean"=C:\Cpqs\Scom\srmclean.exe [2001-07-24 36864] "IPInSightLAN 01"=C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe [2002-03-18 364544] "IPInSightMonitor 01"=C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe [2002-03-18 102400] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-03 1261336] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-07 68856] "ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288] C:\Documents and Settings\All Users\Start Menu\Programs\Startup HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe C:\Documents and Settings\Kelvin Romrell\Start Menu\Programs\Startup Internet Explorer.lnk - ToDo List.lnk - C:\Documents and Settings\Kelvin Romrell\My Documents\ToDo List.doc Windows Explorer.lnk - C:\WINDOWS\explorer.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="avgrsstx.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDrives"=0 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\Palm\HOTSYNC.EXE"="C:\Program Files\Palm\HOTSYNC.EXE::Enabled:HotSync® Manager Application" "C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe::Enabled:Microsoft Fax Console" "C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe::Enabled:Microsoft DirectPlay Helper" "C:\Program Files\Netscape\Netscape 6\Netscp.exe"="C:\Program Files\Netscape\Netscape 6\Netscp.exe::Enabled:Netscape" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe::Enabled:Microsoft DirectPlay Voice Test" "C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe::Enabled:Windows Media Player" "C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe::Enabled:Kodak Software Updater" "C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe::Enabled:EasyShare" "C:\Program Files\Real\RealOne Player\realplay.exe"="C:\Program Files\Real\RealOne Player\realplay.exe::Enabled:RealPlayer" "C:\Program Files\Yahoo! Games\Yahoo! Ten Pin Championship Bowling\Yahoo Ten Pin Championship Bowling.exe"="C:\Program Files\Yahoo! Games\Yahoo! Ten Pin Championship Bowling\Yahoo Ten Pin Championship Bowling.exe::Enabled:Skyworks Ten Pin Championship Bowling" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Replay AV 8\Tuner.exe"="C:\Program Files\Replay AV 8\Tuner.exe::Enabled:Replay Tuner" "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe::Enabled:avgupd.exe" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe::Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe::Enabled:Skype" "C:\Sierra\Empire Earth\Empire Earth.exe"="C:\Sierra\Empire Earth\Empire Earth.exe::Disabled:Empire Earth" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2008-12-07 13:13:17 ----SHD---- C:\RECYCLER 2008-12-07 13:07:58 ----A---- C:\ComboFix.txt 2008-12-05 17:30:27 ----A---- C:\Boot.bak 2008-12-05 17:29:48 ----RASHD---- C:\cmdcons 2008-12-05 17:25:41 ----A---- C:\WINDOWS\zip.exe 2008-12-05 17:25:41 ----A---- C:\WINDOWS\VFIND.exe 2008-12-05 17:25:41 ----A---- C:\WINDOWS\SWXCACLS.exe 2008-12-05 17:25:41 ----A---- C:\WINDOWS\SWSC.exe 2008-12-05 17:25:41 ----A---- C:\WINDOWS\SWREG.exe 2008-12-05 17:25:41 ----A---- C:\WINDOWS\sed.exe 2008-12-05 17:25:41 ----A---- C:\WINDOWS\NIRCMD.exe 2008-12-05 17:25:41 ----A---- C:\WINDOWS\grep.exe 2008-12-05 17:25:41 ----A---- C:\WINDOWS\fdsv.exe 2008-12-05 17:25:29 ----D---- C:\Qoobox 2008-12-03 19:34:38 ----D---- C:\Documents and Settings\Kelvin Romrell\Application Data\Malwarebytes 2008-12-03 18:13:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-12-03 18:13:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-12-03 17:11:31 ----D---- C:\WINDOWS\ERUNT 2008-12-03 16:59:26 ----D---- C:\SDFix 2008-11-29 14:27:24 ----D---- C:\WINDOWS\ERDNT 2008-11-29 14:23:43 ----D---- C:\Program Files\ERUNT 2008-11-27 14:17:31 ----D---- C:\Program Files\trend micro 2008-11-27 14:17:29 ----D---- C:\rsit 2008-11-27 14:04:58 ----A---- C:\WINDOWS\system32\javaws.exe 2008-11-27 14:04:58 ----A---- C:\WINDOWS\system32\javaw.exe 2008-11-27 14:04:58 ----A---- C:\WINDOWS\system32\java.exe 2008-11-27 14:04:58 ----A---- C:\WINDOWS\system32\deploytk.dll 2008-11-27 14:04:19 ----D---- C:\Program Files\Java 2008-11-27 14:03:57 ----D---- C:\Documents and Settings\Kelvin Romrell\Application Data\Sun 2008-11-27 10:47:32 ----D---- C:\Program Files\Windows Defender 2008-11-27 00:05:36 ----D---- C:\WINDOWS\pss 2008-11-25 19:58:00 ----D---- C:\VundoFix Backups 2008-11-25 19:58:00 ----A---- C:\VundoFix.txt 2008-11-25 17:16:32 ----D---- C:\Program Files\HijackThis 2008-11-25 16:54:17 ----D---- C:\Program Files\XoftSpySE 2008-11-25 16:18:21 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2008-11-24 18:13:19 ----A---- C:\WINDOWS\ntbtlog.txt 2008-11-23 17:16:37 ----A---- C:\WINDOWS\system32\a77327a0-.txt 2008-11-21 22:22:21 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2008-11-21 22:17:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ ======List of files/folders modified in the last 1 months====== 2008-12-07 13:22:37 ----D---- C:\My Temp 2008-12-07 13:08:26 ----D---- C:\WINDOWS\Temp 2008-12-07 13:08:12 ----D---- C:\WINDOWS\system32 2008-12-07 13:08:08 ----D---- C:\WINDOWS\Prefetch 2008-12-07 13:08:03 ----AD---- C:\WINDOWS 2008-12-07 13:03:22 ----D---- C:\WINDOWS\system32\CatRoot2 2008-12-07 12:58:58 ----A---- C:\WINDOWS\system.ini 2008-12-07 12:35:24 ----SD---- C:\WINDOWS\Tasks 2008-12-07 12:33:35 ----A---- C:\WINDOWS\ModemLog_Conexant HSFi V90 V92 56K PCI Modem.txt 2008-12-07 12:33:12 ----A---- C:\WINDOWS\.compaq.bak 2008-12-07 12:32:26 ----D---- C:\WINDOWS\system32\drivers 2008-12-07 12:29:48 ----D---- C:\WINDOWS\system32\config 2008-12-07 12:26:10 ----D---- C:\Program Files\Common Files 2008-12-07 12:26:09 ----D---- C:\WINDOWS\AppPatch 2008-12-07 12:21:41 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-12-07 08:52:25 ----D---- C:\Program Files\Replay AV 8 2008-12-07 00:42:23 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-12-05 21:35:52 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-12-05 17:30:28 ----RASH---- C:\boot.ini 2008-12-05 16:15:48 ----HD---- C:\$AVG8.VAULT$ 2008-12-03 18:13:21 ----AD---- C:\Program Files 2008-11-29 14:06:45 ----D---- C:\Documents and Settings\Kelvin Romrell\Application Data\U3 2008-11-27 14:05:17 ----SHD---- C:\WINDOWS\Installer 2008-11-27 10:47:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-11-27 10:47:32 ----HD---- C:\WINDOWS\inf 2008-11-27 00:33:58 ----D---- C:\Documents and Settings\Kelvin Romrell\Application Data\Skype 2008-11-26 22:34:19 ----D---- C:\WINDOWS\Help 2008-11-26 06:39:26 ----D---- C:\WINDOWS\Minidump 2008-11-25 17:37:24 ----D---- C:\Program Files\Virtools Web Player 3.5 2008-11-25 17:37:21 ----HD---- C:\Documents and Settings\All Users\Application Data\Move Networks 2008-11-24 18:29:30 ----D---- C:\Documents and Settings\All Users\Application Data\avg8 2008-11-24 18:17:17 ----D---- C:\Documents and Settings 2008-11-23 17:06:56 ----D---- C:\Temp 2008-11-21 22:22:30 ----RSHD---- C:\WINDOWS\system32\dllcache 2008-11-21 22:21:07 ----HD---- C:\WINDOWS\$hf_mig$ 2008-11-21 22:19:17 ----A---- C:\WINDOWS\imsins.BAK 2008-11-21 22:09:03 ----D---- C:\WINDOWS\WinSxS ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840] R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-28 97928] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-03 26824] R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2008-05-17 66992] R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2008-05-17 24698] R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-06-19 237568] R1 EAWDMFD;EAWDMFD; C:\WINDOWS\system32\drivers\EAWDMFD.sys [1999-10-29 24348] R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2002-06-19 127026] R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2002-06-19 206336] R2 Fallback;Fallback; C:\WINDOWS\system32\DRIVERS\C4C_FALL.sys [2002-07-08 303171] R2 Fsks;Fsks; C:\WINDOWS\system32\DRIVERS\C4C_FSKS.sys [2002-07-08 124703] R2 K56;K56; C:\WINDOWS\system32\DRIVERS\C4C_K56K.sys [2002-07-08 428578] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-09-17 17744] R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2001-08-18 63232] R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2001-08-18 55936] R2 SoftFax;SoftFax; C:\WINDOWS\system32\DRIVERS\C4C_FAXX.sys [2002-07-08 212494] R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [2002-07-08 33548] R2 Tones;Tones; C:\WINDOWS\system32\DRIVERS\C4C_TONE.sys [2002-07-08 59664] R2 V124;V124; C:\WINDOWS\system32\DRIVERS\C4C_V124.sys [2002-07-08 542223] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800] R3 C4C_BSC2;C4C_BSC2; C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 84788] R3 eaps2kbd;Compaq Easy Access PS2 Internet Keyboard (Win2K); C:\WINDOWS\System32\DRIVERS\eaps2kbd.sys [2001-12-28 24035] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2002-06-19 29446] R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624] R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-03-19 96768] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248] R3 Rksample;Rksample; C:\WINDOWS\system32\DRIVERS\C4C_SAMP.sys [2002-07-08 62422] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-01-16 415400] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104] R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2002-07-08 591520] S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496] S2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2004-08-03 88448] S3 APLMp50;APLMp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\APLMp50.sys [2006-11-28 28224] S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\basic2.sys [2002-01-02 84786] S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552] S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2002-06-19 25226] S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760] S3 gbalink;GBA Link Driver (gbalink.sys); C:\WINDOWS\System32\Drivers\gbalink.sys [2001-03-08 19677] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2002-02-15 50960] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2002-03-21 16112] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2002-03-08 22512] S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020] S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415] S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127] S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775] S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063] S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455] S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311] S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551] S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys [] S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599] S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615] S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2004-08-03 40320] S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000] S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2006-12-27 16694] S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2004-08-03 12672] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [] S3 wandrv;WAN Network Driver; C:\WINDOWS\System32\DRIVERS\wandrv.sys [2001-08-09 22608] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-03 5504] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-03 611664] R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-28 231704] R2 Compaq_RBA;Compaq Advisor; C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe [2002-05-16 262144] R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-03 267776] R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-27 168432] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-27 152984] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810] R2 StatusAgent4;Epson Printer Status Agent4; C:\WINDOWS\system32\SAgent4.exe [2004-04-29 122880] R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336] S2 NwSapAgent;SAP Agent; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048] S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040] S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264] S4 msCMTSrvc;Content Monitoring Tool; C:\WINDOWS\system32\msCMTSrvc.exe [] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2002-03-15 81920] S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] -----------------EOF----------------- Thanks!

farbar View Member Profile	Dec 7 2008, 05:51 PM Post #18
Bleeping Curious Group: HJT Team Posts: 7,103 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	Well done! Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546 I suggest you remove the program if you are not using it. If you decided to uninstall it click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following: Viewpoint Manager. Also remove the folder in bold: C:\Program Files\Viewpoint Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present): O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll (file missing) O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll (file missing) Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis. I see the following lines on the log: O17 - HKLM\System\CCS\Services\Tcpip\..\{9EF00D4C-1C17-49BD-B291-43BF07F3779F}: NameServer = 139.126.16.128 139.126.16.198 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = plaza.ds.adp.com I couldn't find any information on this server: 39.126.16.128 139.126.16.198 It seams to come with plaza.ds.adp.com. Tell me if you have a Dial up or a LAN connection, if you now this server? The following entry shows that Internet Explorer and Windows Explorer are set to run after Windows start up: O4 - Startup: Internet Explorer.lnk = ? O4 - Startup: Windows Explorer.lnk = C:\WINDOWS\explorer.exe What do you know about them? Have you chosen to do that? They are not needed to be there. Windows explorer starts ups even without putting a shortcut there in the startup folder and Internet Explorer could be run manually. Please run RSIT, set the list of Files/Folders created to 1 Months and copy/paste the content of log.txt to your reply (this time RSIT creates just one log). -------------------- This is a voluntary free service. However, if you would like to donate click on

Kelvin in Oregon View Member Profile	Dec 7 2008, 06:58 PM Post #19
Member Group: Members Posts: 29 Joined: 27-November 08 Member No.: 261,378	1. I removed ViewManager. 2. I used HijackThis to remove PDFCreator. 3. plaza.ds.adp.com is my work. I have a VPN connection for it. I use it several times each week. 4. I do intentionally start up Internet Explorer and Windows Explorer as part of the Startup on my Kelvin Romrell account. The other two accounts on this computer (Camille Romrell and Work) do not start them up. 5. RSIT log: Logfile of random's system information tool 1.04 (written by random/random) Run by Kelvin Romrell at 2008-12-07 15:57:04 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 29 GB (50%) free of 59 GB Total RAM: 479 MB (31% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:57:09 PM, on 12/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\SAgent4.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE C:\Compaq\EAKDRV\EAUSBKBD.EXE C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Palm\Hotsync.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\Documents and Settings\Kelvin Romrell\Desktop\RSIT.exe C:\Documents and Settings\Kelvin Romrell\Desktop\Kelvin Romrell.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 N3 - Netscape 7: # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the browser is running, * the changes will be overwritten when the browser exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see http://www.mozilla.org/unix/customizing.html#prefs / user_pref("__000.aim.general.im.enterCR", false); user_pref("__000.aim.general.im.tabKey", false); user_pref("__000.aim.general.im.timeStamp", false); user_pref("__sys.aim.filexfer.location", ""); user_pref("__sys.aim.general.im.enterCR", false); user_pref("__sys.aim.general.im.smilies", false); user_pref("__sys.aim.general.im.tabKey", false); user_pref("__sys.aim.general.im.timeStamp", false); user_pref("__sys.aim.general.snsautosignon", false); user_pref("__sys.aim.general.today", false); user_pref("aim.session.firsttime", false); user_pref("browser.activation.checkedNNFlag", true); user_pref("browser.bookmarks.added_static_root", true); user_pref(" N3 - Netscape 7: # Mozilla User Preferences / Do not edit this file. * * If you make changes to this file while the browser is running, * the changes will be overwritten when the browser exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see http://www.mozilla.org/unix/customizing.html#prefs / user_pref("__000.aim.general.im.enterCR", false); user_pref("__000.aim.general.im.tabKey", false); user_pref("__000.aim.general.im.timeStamp", false); user_pref("__sys.aim.filexfer.location", ""); user_pref("__sys.aim.general.im.enterCR", false); user_pref("__sys.aim.general.im.smilies", false); user_pref("__sys.aim.general.im.tabKey", false); user_pref("__sys.aim.general.im.timeStamp", false); user_pref("__sys.aim.general.snsautosignon", false); user_pref("__sys.aim.general.today", false); user_pref("aim.session.firsttime", false); user_pref("browser.activation.checkedNNFlag", true); user_pref("browser.bookmarks.added_static_root", true); user_pref(" O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Internet Explorer.lnk = ? O4 - Startup: ToDo List.lnk = C:\Documents and Settings\Kelvin Romrell\My Documents\ToDo List.doc O4 - Startup: Windows Explorer.lnk = C:\WINDOWS\explorer.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe O4 - Global Startup: Windows Media Player.lnk = C:\Program Files\Windows Media Player\wmplayer.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409 O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bl118fd.blu118.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134239353984 O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.20.19/ttinst.cab O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) - http://esis6.nwpartnership.org:7777/forms/...iator/jinit.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...352/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9EF00D4C-1C17-49BD-B291-43BF07F3779F}: NameServer = 139.126.16.128 139.126.16.198 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = plaza.ds.adp.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = plaza.ds.adp.com O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe -- End of file - 11747 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1041827745.job C:\WINDOWS\tasks\MP Scheduled Scan.job C:\WINDOWS\tasks\User_Feed_Synchronization-{9C45F3F9-82C9-43B6-A419-EDD06286B92E}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-03 2055960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-04-12 2554944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-27 652784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-04-12 2554944] {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-03 2055960] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "CPQEASYACC"=C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe [2001-12-14 32768] "WCOLOREAL"=C:\Program Files\COMPAQ\Coloreal\coloreal.exe [2002-02-20 143360] "srmclean"=C:\Cpqs\Scom\srmclean.exe [2001-07-24 36864] "IPInSightLAN 01"=C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe [2002-03-18 364544] "IPInSightMonitor 01"=C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe [2002-03-18 102400] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-03 1261336] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-07 68856] "ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288] C:\Documents and Settings\All Users\Start Menu\Programs\Startup HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe C:\Documents and Settings\Kelvin Romrell\Start Menu\Programs\Startup Internet Explorer.lnk - ToDo List.lnk - C:\Documents and Settings\Kelvin Romrell\My Documents\ToDo List.doc Windows Explorer.lnk - C:\WINDOWS\explorer.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="avgrsstx.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDrives"=0 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\Palm\HOTSYNC.EXE"="C:\Program Files\Palm\HOTSYNC.EXE::Enabled:HotSync® Manager Application" "C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe::Enabled:Microsoft Fax Console" "C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe::Enabled:Microsoft DirectPlay Helper" "C:\Program Files\Netscape\Netscape 6\Netscp.exe"="C:\Program Files\Netscape\Netscape 6\Netscp.exe::Enabled:Netscape" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe::Enabled:Microsoft DirectPlay Voice Test" "C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe::Enabled:Windows Media Player" "C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe::Enabled:Kodak Software Updater" "C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe::Enabled:EasyShare" "C:\Program Files\Real\RealOne Player\realplay.exe"="C:\Program Files\Real\RealOne Player\realplay.exe::Enabled:RealPlayer" "C:\Program Files\Yahoo! Games\Yahoo! Ten Pin Championship Bowling\Yahoo Ten Pin Championship Bowling.exe"="C:\Program Files\Yahoo! Games\Yahoo! Ten Pin Championship Bowling\Yahoo Ten Pin Championship Bowling.exe::Enabled:Skyworks Ten Pin Championship Bowling" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Replay AV 8\Tuner.exe"="C:\Program Files\Replay AV 8\Tuner.exe::Enabled:Replay Tuner" "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe::Enabled:avgupd.exe" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe::Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe::Enabled:Skype" "C:\Sierra\Empire Earth\Empire Earth.exe"="C:\Sierra\Empire Earth\Empire Earth.exe::Disabled:Empire Earth" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2008-12-07 13:13:17 ----SHD---- C:\RECYCLER 2008-12-07 13:07:58 ----A---- C:\ComboFix.txt 2008-12-05 17:30:27 ----A---- C:\Boot.bak 2008-12-05 17:29:48 ----RASHD---- C:\cmdcons 2008-12-05 17:25:41 ----A---- C:\WINDOWS\zip.exe 2008-12-05 17:25:41 ----A---- C:\WINDOWS\VFIND.exe 2008-12-05 17:25:41 ----A---- C:\WINDOWS\SWXCACLS.exe 2008-12-05 17:25:41 ----A---- C:\WINDOWS\SWSC.exe 2008-12-05 17:25:41 ----A---- C:\WINDOWS\SWREG.exe 2008-12-05 17:25:41 ----A---- C:\WINDOWS\sed.exe 2008-12-05 17:25:41 ----A---- C:\WINDOWS\NIRCMD.exe 2008-12-05 17:25:41 ----A---- C:\WINDOWS\grep.exe 2008-12-05 17:25:41 ----A---- C:\WINDOWS\fdsv.exe 2008-12-05 17:25:29 ----D---- C:\Qoobox 2008-12-03 19:34:38 ----D---- C:\Documents and Settings\Kelvin Romrell\Application Data\Malwarebytes 2008-12-03 18:13:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-12-03 18:13:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-12-03 17:11:31 ----D---- C:\WINDOWS\ERUNT 2008-12-03 16:59:26 ----D---- C:\SDFix 2008-11-29 14:27:24 ----D---- C:\WINDOWS\ERDNT 2008-11-29 14:23:43 ----D---- C:\Program Files\ERUNT 2008-11-27 14:17:31 ----D---- C:\Program Files\trend micro 2008-11-27 14:17:29 ----D---- C:\rsit 2008-11-27 14:04:58 ----A---- C:\WINDOWS\system32\javaws.exe 2008-11-27 14:04:58 ----A---- C:\WINDOWS\system32\javaw.exe 2008-11-27 14:04:58 ----A---- C:\WINDOWS\system32\java.exe 2008-11-27 14:04:58 ----A---- C:\WINDOWS\system32\deploytk.dll 2008-11-27 14:04:19 ----D---- C:\Program Files\Java 2008-11-27 14:03:57 ----D---- C:\Documents and Settings\Kelvin Romrell\Application Data\Sun 2008-11-27 10:47:32 ----D---- C:\Program Files\Windows Defender 2008-11-27 00:05:36 ----D---- C:\WINDOWS\pss 2008-11-25 19:58:00 ----D---- C:\VundoFix Backups 2008-11-25 19:58:00 ----A---- C:\VundoFix.txt 2008-11-25 17:16:32 ----D---- C:\Program Files\HijackThis 2008-11-25 16:54:17 ----D---- C:\Program Files\XoftSpySE 2008-11-25 16:18:21 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2008-11-24 18:13:19 ----A---- C:\WINDOWS\ntbtlog.txt 2008-11-23 17:16:37 ----A---- C:\WINDOWS\system32\a77327a0-.txt 2008-11-21 22:22:21 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2008-11-21 22:17:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ ======List of files/folders modified in the last 1 months====== 2008-12-07 15:57:08 ----D---- C:\WINDOWS\Prefetch 2008-12-07 15:48:12 ----AD---- C:\Program Files 2008-12-07 15:47:07 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-12-07 14:36:13 ----AD---- C:\WINDOWS 2008-12-07 14:36:13 ----A---- C:\WINDOWS\.compaq.bak 2008-12-07 13:34:09 ----A---- C:\WINDOWS\ModemLog_Conexant HSFi V90 V92 56K PCI Modem.txt 2008-12-07 13:22:37 ----D---- C:\My Temp 2008-12-07 13:08:26 ----D---- C:\WINDOWS\Temp 2008-12-07 13:08:12 ----D---- C:\WINDOWS\system32\drivers 2008-12-07 13:08:12 ----D---- C:\WINDOWS\system32 2008-12-07 13:03:22 ----D---- C:\WINDOWS\system32\CatRoot2 2008-12-07 12:58:58 ----A---- C:\WINDOWS\system.ini 2008-12-07 12:35:24 ----SD---- C:\WINDOWS\Tasks 2008-12-07 12:29:48 ----D---- C:\WINDOWS\system32\config 2008-12-07 12:26:10 ----D---- C:\Program Files\Common Files 2008-12-07 12:26:09 ----D---- C:\WINDOWS\AppPatch 2008-12-07 12:21:41 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-12-07 08:52:25 ----D---- C:\Program Files\Replay AV 8 2008-12-07 00:42:23 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-12-05 21:35:52 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-12-05 17:30:28 ----RASH---- C:\boot.ini 2008-12-05 16:15:48 ----HD---- C:\$AVG8.VAULT$ 2008-11-29 14:06:45 ----D---- C:\Documents and Settings\Kelvin Romrell\Application Data\U3 2008-11-27 14:05:17 ----SHD---- C:\WINDOWS\Installer 2008-11-27 10:47:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-11-27 10:47:32 ----HD---- C:\WINDOWS\inf 2008-11-27 00:33:58 ----D---- C:\Documents and Settings\Kelvin Romrell\Application Data\Skype 2008-11-26 22:34:19 ----D---- C:\WINDOWS\Help 2008-11-26 06:39:26 ----D---- C:\WINDOWS\Minidump 2008-11-25 17:37:24 ----D---- C:\Program Files\Virtools Web Player 3.5 2008-11-25 17:37:21 ----HD---- C:\Documents and Settings\All Users\Application Data\Move Networks 2008-11-24 18:29:30 ----D---- C:\Documents and Settings\All Users\Application Data\avg8 2008-11-24 18:17:17 ----D---- C:\Documents and Settings 2008-11-23 17:06:56 ----D---- C:\Temp 2008-11-21 22:22:30 ----RSHD---- C:\WINDOWS\system32\dllcache 2008-11-21 22:21:07 ----HD---- C:\WINDOWS\$hf_mig$ 2008-11-21 22:19:17 ----A---- C:\WINDOWS\imsins.BAK 2008-11-21 22:09:03 ----D---- C:\WINDOWS\WinSxS ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840] R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-28 97928] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-03 26824] R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2008-05-17 66992] R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2008-05-17 24698] R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-06-19 237568] R1 EAWDMFD;EAWDMFD; C:\WINDOWS\system32\drivers\EAWDMFD.sys [1999-10-29 24348] R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2002-06-19 127026] R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2002-06-19 206336] R2 Fallback;Fallback; C:\WINDOWS\system32\DRIVERS\C4C_FALL.sys [2002-07-08 303171] R2 Fsks;Fsks; C:\WINDOWS\system32\DRIVERS\C4C_FSKS.sys [2002-07-08 124703] R2 K56;K56; C:\WINDOWS\system32\DRIVERS\C4C_K56K.sys [2002-07-08 428578] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-09-17 17744] R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2001-08-18 63232] R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2001-08-18 55936] R2 SoftFax;SoftFax; C:\WINDOWS\system32\DRIVERS\C4C_FAXX.sys [2002-07-08 212494] R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [2002-07-08 33548] R2 Tones;Tones; C:\WINDOWS\system32\DRIVERS\C4C_TONE.sys [2002-07-08 59664] R2 V124;V124; C:\WINDOWS\system32\DRIVERS\C4C_V124.sys [2002-07-08 542223] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800] R3 C4C_BSC2;C4C_BSC2; C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 84788] R3 eaps2kbd;Compaq Easy Access PS2 Internet Keyboard (Win2K); C:\WINDOWS\System32\DRIVERS\eaps2kbd.sys [2001-12-28 24035] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2002-06-19 29446] R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624] R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-03-19 96768] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248] R3 Rksample;Rksample; C:\WINDOWS\system32\DRIVERS\C4C_SAMP.sys [2002-07-08 62422] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-01-16 415400] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104] R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2002-07-08 591520] S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496] S2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2004-08-03 88448] S3 APLMp50;APLMp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\APLMp50.sys [2006-11-28 28224] S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\basic2.sys [2002-01-02 84786] S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552] S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2002-06-19 25226] S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760] S3 gbalink;GBA Link Driver (gbalink.sys); C:\WINDOWS\System32\Drivers\gbalink.sys [2001-03-08 19677] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2002-02-15 50960] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2002-03-21 16112] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2002-03-08 22512] S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020] S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415] S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127] S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775] S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063] S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455] S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311] S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551] S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys [] S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599] S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615] S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2004-08-03 40320] S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000] S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2006-12-27 16694] S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2004-08-03 12672] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [] S3 wandrv;WAN Network Driver; C:\WINDOWS\System32\DRIVERS\wandrv.sys [2001-08-09 22608] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-03 5504] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-03 611664] R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-28 231704] R2 Compaq_RBA;Compaq Advisor; C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe [2002-05-16 262144] R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-03 267776] R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-27 168432] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-27 152984] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810] R2 StatusAgent4;Epson Printer Status Agent4; C:\WINDOWS\system32\SAgent4.exe [2004-04-29 122880] R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336] S2 NwSapAgent;SAP Agent; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048] S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040] S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264] S4 msCMTSrvc;Content Monitoring Tool; C:\WINDOWS\system32\msCMTSrvc.exe [] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2002-03-15 81920] -----------------EOF----------------- Thanks!!!

farbar View Member Profile	Dec 7 2008, 07:12 PM Post #20
Bleeping Curious Group: HJT Team Posts: 7,103 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	Thanks for the precise feedback. We are almost there. This one is going to be a long session due to F-secure scan but after that we might be done. So please take your time as it might take a couple of hours. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop. Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11". Click the "Download" button to the right. Select your Platform: "Windows". Select your Language: "Multi-language". Read the License Agreement, and then check the box that says: "Accept License Agreement". Click Continue and the page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version. Open your Malwarebytes' Anti-Malware, first update it, run a "quick scan", let reboot if needed and copy/paste the log to your reply. Please run the F-Secure Online Scanner Note: This Scanner is for Internet Explorer Only! Follow the Instruction here for installation. Accept the License Agreement. Once the ActiveX installs,Click Full System Scan Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient. When the scan completes, click the Automatic cleaning (recommended) button. Click the Show Report button and Copy&Paste the entire report in your next reply. Please run RSIT, set the list of Files/Folders created to 1 Months and copy/paste the content of log.txt to your reply (this time RSIT creates just one log). Please copy/paste in your next reply: The log of MBAM. The scan results of F-Secure. The RSIT log. Any comment or feedback about how it went. -------------------- This is a voluntary free service. However, if you would like to donate click on

Kelvin in Oregon View Member Profile	Dec 7 2008, 10:13 PM Post #21
Member Group: Members Posts: 29 Joined: 27-November 08 Member No.: 261,378	Farbar, I tried to update my Java. The download appeared to work fine (name was actually “Java SE Runtime Environment (JRE) 6 Update 11”, if that makes any difference. The checkbox actually said “I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement”). The uninstall worked fairly well. It told me there was one directory that needed to be deleted manually (I believe it was C:\Program Files\JavaSoft). I was able to delete it just fine. Then I rebooted. After the reboot, I shut down all the programs that start up automatically. I then double-clicked on jre-6u11... on my desktop. I accepted the License Agreement. It validated the install, copied the new files, but when it was extracting the installer, it got: Java Setup Error 25099. Unzipping core files failed. Should I continue on with the other steps, or does this need to be taken care of first?

farbar View Member Profile	Dec 8 2008, 07:29 AM Post #22
Bleeping Curious Group: HJT Team Posts: 7,103 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	To make sure the downloaded zip file is not corrupted, you may download Java SE Runtime Environment (JRE) 6 Update 11"" again. Install and see how it goes. I'm not sure if F-Secure need Java installed, some scanners need it and some not. You may try it if installing Java didn't worked. -------------------- This is a voluntary free service. However, if you would like to donate click on

Kelvin in Oregon View Member Profile	Dec 8 2008, 10:27 AM Post #23
Member Group: Members Posts: 29 Joined: 27-November 08 Member No.: 261,378	I tried re-downloading JRE 6, update 11 and got the same problem. I will try to continue with the next steps and let you know what happens.

Kelvin in Oregon View Member Profile	Dec 8 2008, 10:47 AM Post #24
Member Group: Members Posts: 29 Joined: 27-November 08 Member No.: 261,378	Here is the MBAM log. It reported no objects infected. I will try the F-Secure next (but thought I should post this in case it reboots): Malwarebytes' Anti-Malware 1.31 Database version: 1474 Windows 5.1.2600 Service Pack 2 12/8/2008 7:44:40 AM mbam-log-2008-12-08 (07-44-40).txt Scan type: Quick Scan Objects scanned: 68947 Time elapsed: 12 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Kelvin in Oregon View Member Profile	Dec 8 2008, 11:58 AM Post #25
Member Group: Members Posts: 29 Joined: 27-November 08 Member No.: 261,378	I tried the F-Secure Online Scanner, but couldn't get it to work. Whenever I click on the "Start scanning" button it pops up an "F-Secure Online Virus Scanner 3.3.0" window, but never finishes painting it. I see a heading area that says F-Secure Online Scanner, a language pull-down, horizontal and vertical slide bars (both inactive) and two buttons without labels. The instructions say it works with default IE settings (Internet zone - Medium security level). I checked and my default is Medium-High. I tried it the first time with this setting and had the issue above. I've set it to Medium now and still get the same issue. What should I do next?

farbar View Member Profile	Dec 8 2008, 12:13 PM Post #26
Bleeping Curious Group: HJT Team Posts: 7,103 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	Please go to the following folder C:\rsit. Remove info.txt. Run RSIT and post both logs. -------------------- This is a voluntary free service. However, if you would like to donate click on

Kelvin in Oregon View Member Profile	Dec 8 2008, 12:51 PM Post #27
Member Group: Members Posts: 29 Joined: 27-November 08 Member No.: 261,378	Farbar, I was guessing that F-Secure was failing because I was not able to install JRE 6. I had one other idea. I went to the Java web site and clicked on previous releases. I found JRE 5 Update 17 there. I figured that would be better than nothing, and was worth a try. I was able to install it OK. I then rebooted and retried F-Secure. I had the same problem (screen never fully painted). I eventually got a Java popup in my System Tray letting me know there was an update available. I tried that and it looked like it was trying to install JRE 6. It got Error 25099 (Unzipping core files failed) again. I don't know whether F-Secure should be able to run with JRE 5. If it should, the only other thing I could think of would be the Internet Security options (e.g. if my Medium is different than their Medium, and I need to manually enable ActiveX and JavaScript). I looked through those options, but it wasn't clear to me which options may need to be changed. If we want to pursue this further, let me know which options to set to which values, or I can post all of my current settings. If loading JRE 5 is a problem, let me know and I can remove it from Add/Remove programs. FYI, in post #11 I referenced turning AVG Resident Shield back on. Even though I checked the "Resident Shield active" box, I still got messages that Resident Shield was inactive. Since you had referenced disabling it for these final steps, I unchecked the box. So I have been running with AVG Resident Shield disabled for the last few days. I believe that's what you were requesting anyway, and presume that we will somehow be able to turn it back on once everything is finished. I did think it weird that when I had checked the "Resident Shield active" box, that it still showed as Inactive. I thought I would mention that now, in case that means anything to you, and affects anything else we should be looking at. For now I will proceed with the instructions from your last post. RSIT log: Logfile of random's system information tool 1.04 (written by random/random) Run by Kelvin Romrell at 2008-12-08 09:48:50 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 29 GB (49%) free of 59 GB Total RAM: 479 MB (9% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:49:08 AM, on 12/8/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\SAgent4.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe C:\Compaq\EAKDRV\EAUSBKBD.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\Program Files\Palm\Hotsync.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Kelvin Romrell\Desktop\RSIT.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Kelvin Romrell\Desktop\Kelvin Romrell.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 N3 - Netscape 7: # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the browser is running, * the changes will be overwritten when the browser exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see http://www.mozilla.org/unix/customizing.html#prefs / user_pref("__000.aim.general.im.enterCR", false); user_pref("__000.aim.general.im.tabKey", false); user_pref("__000.aim.general.im.timeStamp", false); user_pref("__sys.aim.filexfer.location", ""); user_pref("__sys.aim.general.im.enterCR", false); user_pref("__sys.aim.general.im.smilies", false); user_pref("__sys.aim.general.im.tabKey", false); user_pref("__sys.aim.general.im.timeStamp", false); user_pref("__sys.aim.general.snsautosignon", false); user_pref("__sys.aim.general.today", false); user_pref("aim.session.firsttime", false); user_pref("browser.activation.checkedNNFlag", true); user_pref("browser.bookmarks.added_static_root", true); user_pref(" N3 - Netscape 7: # Mozilla User Preferences / Do not edit this file. * * If you make changes to this file while the browser is running, * the changes will be overwritten when the browser exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see http://www.mozilla.org/unix/customizing.html#prefs / user_pref("__000.aim.general.im.enterCR", false); user_pref("__000.aim.general.im.tabKey", false); user_pref("__000.aim.general.im.timeStamp", false); user_pref("__sys.aim.filexfer.location", ""); user_pref("__sys.aim.general.im.enterCR", false); user_pref("__sys.aim.general.im.smilies", false); user_pref("__sys.aim.general.im.tabKey", false); user_pref("__sys.aim.general.im.timeStamp", false); user_pref("__sys.aim.general.snsautosignon", false); user_pref("__sys.aim.general.today", false); user_pref("aim.session.firsttime", false); user_pref("browser.activation.checkedNNFlag", true); user_pref("browser.bookmarks.added_static_root", true); user_pref(" O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Internet Explorer.lnk = ? O4 - Startup: ToDo List.lnk = C:\Documents and Settings\Kelvin Romrell\My Documents\ToDo List.doc O4 - Startup: Windows Explorer.lnk = C:\WINDOWS\explorer.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe O4 - Global Startup: Windows Media Player.lnk = C:\Program Files\Windows Media Player\wmplayer.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409 O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bl118fd.blu118.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134239353984 O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.20.19/ttinst.cab O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) - http://esis6.nwpartnership.org:7777/forms/...iator/jinit.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...352/mcfscan.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = plaza.ds.adp.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = plaza.ds.adp.com O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe -- End of file - 12160 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1041827745.job C:\WINDOWS\tasks\MP Scheduled Scan.job C:\WINDOWS\tasks\User_Feed_Synchronization-{9C45F3F9-82C9-43B6-A419-EDD06286B92E}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll [2008-11-10 452088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-03 2055960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-04-12 2554944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-27 652784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-04-12 2554944] {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-03 2055960] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "CPQEASYACC"=C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe [2001-12-14 32768] "WCOLOREAL"=C:\Program Files\COMPAQ\Coloreal\coloreal.exe [2002-02-20 143360] "srmclean"=C:\Cpqs\Scom\srmclean.exe [2001-07-24 36864] "IPInSightLAN 01"=C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe [2002-03-18 364544] "IPInSightMonitor 01"=C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe [2002-03-18 102400] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-03 1261336] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe [2008-11-10 75264] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-07 68856] "ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288] C:\Documents and Settings\All Users\Start Menu\Programs\Startup HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe C:\Documents and Settings\Kelvin Romrell\Start Menu\Programs\Startup Internet Explorer.lnk - ToDo List.lnk - C:\Documents and Settings\Kelvin Romrell\My Documents\ToDo List.doc Windows Explorer.lnk - C:\WINDOWS\explorer.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="avgrsstx.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDrives"=0 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\Palm\HOTSYNC.EXE"="C:\Program Files\Palm\HOTSYNC.EXE::Enabled:HotSync® Manager Application" "C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe::Enabled:Microsoft Fax Console" "C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe::Enabled:Microsoft DirectPlay Helper" "C:\Program Files\Netscape\Netscape 6\Netscp.exe"="C:\Program Files\Netscape\Netscape 6\Netscp.exe::Enabled:Netscape" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe::Enabled:Microsoft DirectPlay Voice Test" "C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe::Enabled:Windows Media Player" "C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe::Enabled:Kodak Software Updater" "C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe::Enabled:EasyShare" "C:\Program Files\Real\RealOne Player\realplay.exe"="C:\Program Files\Real\RealOne Player\realplay.exe::Enabled:RealPlayer" "C:\Program Files\Yahoo! Games\Yahoo! Ten Pin Championship Bowling\Yahoo Ten Pin Championship Bowling.exe"="C:\Program Files\Yahoo! Games\Yahoo! Ten Pin Championship Bowling\Yahoo Ten Pin Championship Bowling.exe::Enabled:Skyworks Ten Pin Championship Bowling" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Replay AV 8\Tuner.exe"="C:\Program Files\Replay AV 8\Tuner.exe::Enabled:Replay Tuner" "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe::Enabled:avgupd.exe" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe::Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe::Enabled:Skype" "C:\Sierra\Empire Earth\Empire Earth.exe"="C:\Sierra\Empire Earth\Empire Earth.exe::Disabled:Empire Earth" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2008-12-08 09:02:48 ----D---- C:\Program Files\Common Files\Java 2008-12-07 13:13:17 ----SHD---- C:\RECYCLER 2008-12-07 13:07:58 ----A---- C:\ComboFix.txt 2008-12-05 17:30:27 ----A---- C:\Boot.bak 2008-12-05 17:29:48 ----RASHD---- C:\cmdcons 2008-12-05 17:25:41 ----A---- C:\WINDOWS\zip.exe 2008-12-05 17:25:41 ----A---- C:\WINDOWS\VFIND.exe 2008-12-05 17:25:41 ----A---- C:\WINDOWS\SWXCACLS.exe 2008-12-05 17:25:41 ----A---- C:\WINDOWS\SWSC.exe 2008-12-05 17:25:41 ----A---- C:\WINDOWS\SWREG.exe 2008-12-05 17:25:41 ----A---- C:\WINDOWS\sed.exe 2008-12-05 17:25:41 ----A---- C:\WINDOWS\NIRCMD.exe 2008-12-05 17:25:41 ----A---- C:\WINDOWS\grep.exe 2008-12-05 17:25:41 ----A---- C:\WINDOWS\fdsv.exe 2008-12-05 17:25:29 ----D---- C:\Qoobox 2008-12-03 19:34:38 ----D---- C:\Documents and Settings\Kelvin Romrell\Application Data\Malwarebytes 2008-12-03 18:13:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-12-03 18:13:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-12-03 17:11:31 ----D---- C:\WINDOWS\ERUNT 2008-12-03 16:59:26 ----D---- C:\SDFix 2008-11-29 14:27:24 ----D---- C:\WINDOWS\ERDNT 2008-11-29 14:23:43 ----D---- C:\Program Files\ERUNT 2008-11-27 14:17:31 ----D---- C:\Program Files\trend micro 2008-11-27 14:17:29 ----D---- C:\rsit 2008-11-27 14:04:58 ----A---- C:\WINDOWS\system32\deploytk.dll 2008-11-27 14:04:19 ----D---- C:\Program Files\Java 2008-11-27 14:03:57 ----D---- C:\Documents and Settings\Kelvin Romrell\Application Data\Sun 2008-11-27 10:47:32 ----D---- C:\Program Files\Windows Defender 2008-11-27 00:05:36 ----D---- C:\WINDOWS\pss 2008-11-25 19:58:00 ----D---- C:\VundoFix Backups 2008-11-25 19:58:00 ----A---- C:\VundoFix.txt 2008-11-25 17:16:32 ----D---- C:\Program Files\HijackThis 2008-11-25 16:54:17 ----D---- C:\Program Files\XoftSpySE 2008-11-25 16:18:21 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2008-11-24 18:13:19 ----A---- C:\WINDOWS\ntbtlog.txt 2008-11-23 17:16:37 ----A---- C:\WINDOWS\system32\a77327a0-.txt 2008-11-21 22:22:21 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2008-11-21 22:17:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2008-11-10 03:32:26 ----A---- C:\WINDOWS\system32\javaws.exe 2008-11-10 01:52:26 ----A---- C:\WINDOWS\system32\javaw.exe 2008-11-10 01:52:16 ----A---- C:\WINDOWS\system32\java.exe ======List of files/folders modified in the last 1 months====== 2008-12-08 09:43:35 ----D---- C:\WINDOWS\Prefetch 2008-12-08 09:43:07 ----A---- C:\WINDOWS\ModemLog_Conexant HSFi V90 V92 56K PCI Modem.txt 2008-12-08 09:39:05 ----D---- C:\My Temp 2008-12-08 09:26:13 ----SHD---- C:\WINDOWS\Installer 2008-12-08 09:26:13 ----D---- C:\WINDOWS\system32 2008-12-08 09:20:46 ----D---- C:\WINDOWS\system32\CatRoot2 2008-12-08 09:18:45 ----D---- C:\WINDOWS\Temp 2008-12-08 09:13:09 ----SD---- C:\WINDOWS\Tasks 2008-12-08 09:10:13 ----AD---- C:\WINDOWS 2008-12-08 09:10:13 ----A---- C:\WINDOWS\.compaq.bak 2008-12-08 09:08:15 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-12-08 09:02:48 ----D---- C:\Program Files\Common Files 2008-12-08 01:43:12 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-12-07 18:37:32 ----AD---- C:\Program Files 2008-12-07 15:47:07 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-12-07 13:08:12 ----D---- C:\WINDOWS\system32\drivers 2008-12-07 12:58:58 ----A---- C:\WINDOWS\system.ini 2008-12-07 12:29:48 ----D---- C:\WINDOWS\system32\config 2008-12-07 12:26:09 ----D---- C:\WINDOWS\AppPatch 2008-12-07 08:52:25 ----D---- C:\Program Files\Replay AV 8 2008-12-05 21:35:52 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-12-05 17:30:28 ----RASH---- C:\boot.ini 2008-12-05 16:15:48 ----HD---- C:\$AVG8.VAULT$ 2008-11-29 14:06:45 ----D---- C:\Documents and Settings\Kelvin Romrell\Application Data\U3 2008-11-27 10:47:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-11-27 10:47:32 ----HD---- C:\WINDOWS\inf 2008-11-27 00:33:58 ----D---- C:\Documents and Settings\Kelvin Romrell\Application Data\Skype 2008-11-26 22:34:19 ----D---- C:\WINDOWS\Help 2008-11-26 06:39:26 ----D---- C:\WINDOWS\Minidump 2008-11-25 17:37:24 ----D---- C:\Program Files\Virtools Web Player 3.5 2008-11-25 17:37:21 ----HD---- C:\Documents and Settings\All Users\Application Data\Move Networks 2008-11-24 18:29:30 ----D---- C:\Documents and Settings\All Users\Application Data\avg8 2008-11-24 18:17:17 ----D---- C:\Documents and Settings 2008-11-23 17:06:56 ----D---- C:\Temp 2008-11-21 22:22:30 ----RSHD---- C:\WINDOWS\system32\dllcache 2008-11-21 22:21:07 ----HD---- C:\WINDOWS\$hf_mig$ 2008-11-21 22:19:17 ----A---- C:\WINDOWS\imsins.BAK 2008-11-21 22:09:03 ----D---- C:\WINDOWS\WinSxS ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840] R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-28 97928] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-03 26824] R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2008-05-17 66992] R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2008-05-17 24698] R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-06-19 237568] R1 EAWDMFD;EAWDMFD; C:\WINDOWS\system32\drivers\EAWDMFD.sys [1999-10-29 24348] R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2002-06-19 127026] R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2002-06-19 206336] R2 Fallback;Fallback; C:\WINDOWS\system32\DRIVERS\C4C_FALL.sys [2002-07-08 303171] R2 Fsks;Fsks; C:\WINDOWS\system32\DRIVERS\C4C_FSKS.sys [2002-07-08 124703] R2 K56;K56; C:\WINDOWS\system32\DRIVERS\C4C_K56K.sys [2002-07-08 428578] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-09-17 17744] R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2001-08-18 63232] R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2001-08-18 55936] R2 SoftFax;SoftFax; C:\WINDOWS\system32\DRIVERS\C4C_FAXX.sys [2002-07-08 212494] R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [2002-07-08 33548] R2 Tones;Tones; C:\WINDOWS\system32\DRIVERS\C4C_TONE.sys [2002-07-08 59664] R2 V124;V124; C:\WINDOWS\system32\DRIVERS\C4C_V124.sys [2002-07-08 542223] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800] R3 C4C_BSC2;C4C_BSC2; C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 84788] R3 eaps2kbd;Compaq Easy Access PS2 Internet Keyboard (Win2K); C:\WINDOWS\System32\DRIVERS\eaps2kbd.sys [2001-12-28 24035] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2002-06-19 29446] R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624] R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-03-19 96768] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248] R3 Rksample;Rksample; C:\WINDOWS\system32\DRIVERS\C4C_SAMP.sys [2002-07-08 62422] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-01-16 415400] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104] R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2002-07-08 591520] S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496] S2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2004-08-03 88448] S3 APLMp50;APLMp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\APLMp50.sys [2006-11-28 28224] S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\basic2.sys [2002-01-02 84786] S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552] S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2002-06-19 25226] S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760] S3 gbalink;GBA Link Driver (gbalink.sys); C:\WINDOWS\System32\Drivers\gbalink.sys [2001-03-08 19677] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2002-02-15 50960] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2002-03-21 16112] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2002-03-08 22512] S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020] S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415] S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127] S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775] S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063] S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455] S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311] S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551] S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys [] S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599] S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615] S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2004-08-03 40320] S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000] S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2006-12-27 16694] S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2004-08-03 12672] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [] S3 wandrv;WAN Network Driver; C:\WINDOWS\System32\DRIVERS\wandrv.sys [2001-08-09 22608] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-03 5504] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-03 611664] R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-28 231704] R2 Compaq_RBA;Compaq Advisor; C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe [2002-05-16 262144] R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-03 267776] R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-27 168432] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-27 152984] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810] R2 StatusAgent4;Epson Printer Status Agent4; C:\WINDOWS\system32\SAgent4.exe [2004-04-29 122880] R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336] S2 NwSapAgent;SAP Agent; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048] S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040] S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264] S4 msCMTSrvc;Content Monitoring Tool; C:\WINDOWS\system32\msCMTSrvc.exe [] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2002-03-15 81920] -----------------EOF----------------- RSIT info log: info.txt logfile of random's system information tool 1.04 2008-12-08 09:49:15 ======Uninstall list====== -->C:\PROGRA~1\VERIZO~1\SUPPOR~1\Uninstall.exe Verizon -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 -->C:\Program Files\InstallShield Installation Information\{25EF00A0-F17B-11D6-88EA-000476CD2443}Verizon Online\setup.exe Verizon Online UNINSTALL -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{854A5F01-D692-11D4-A984-009027EC0A9C}\setup.exe" -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{945E2519-C2B9-11D3-9D56-0060B0A4823E}\setup.exe" -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD47EFC1-D692-11D4-A984-009027EC0A9C}\setup.exe" -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E518B2-B174-11D3-9D4E-0060B0A4823E}\setup.exe" -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ActiveDolls - Radiant-->G:\Fire and Rifle Pics\Radiant\Uninstall.exe Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log ADP / XR8.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E31E722-B317-11D4-A292-006097D8A11D}\setup.exe" Advertisement Service-->C:\WINDOWS\system32\prunnet.exe Uninstall AnswerWorks 5.0 English Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\Setup.exe" -l0x9 AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} Calendar Creator 10-->MsiExec.exe /I{C8CE30F9-CBD0-43B1-BFD3-B18F55A48827} CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992} Clear Cache feature for Internet Explorer-->MsiExec.exe /I{4E901875-0F15-44BA-89DE-94AA41A7F507} Coloreal-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDE90251-93EB-4F6A-89D8-086E2D91DC56}\setup.exe" Compaq Advisor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4C1AFCD-2C72-48B4-AE2E-A7354A525E87}\Setup.exe" UNINSTALL Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Corel Business Applications-->E:\Corel\AppMan\Setup\remove.exe Diet + Exercise Assistant Desktop-->MsiExec.exe /X{158DC053-8BFA-4991-9B85-7AC5F7CA60A0} DING!-->MsiExec.exe /X{84031A18-BA9A-4156-A74F-E05B52DDFCE2} Documents To Go-->MsiExec.exe /X{BDFE199D-E889-4BB6-BECB-C4BDF5700849} Easy Access Button Support-->C:\Program Files\COMPAQ\Easy Access Button Support\Uninst.exe Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0} Empire Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe" EPSON CX 3800 Guide-->C:\Program Files\epson\guide\cx3800_e\uninstall.exe EPSON PhotoCenter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D21553E9-2EC5-4E8C-AB71-07AC07D50BBC}\Setup.exe" -l0x9 anything EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe" ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6} ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD} ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4} ESSCT-->MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8} ESSEMAIL-->MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340} ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A} ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD} ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765} ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5} ESSSONIC-->MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331} ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589} essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F} essvcpt-->MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF} ESSvpaht-->MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69} ESSvpot-->MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1} Excel 2000 Quattro Pro 7.0 Converter-->MsiExec.exe /X{011FDFFF-67D5-11D3-8CF4-0050048383FE} Game Maker 6 Resource Pack 1-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\Game_Maker6\UnInstR1.log" "/APPNAME=Game Maker 6 Resource Pack 1" Game Maker 6 Resource Pack 3-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\Game_Maker6\UnInst.log" "/APPNAME=Game Maker 6 Resource Pack 3" Game Maker 6 Resource Pack 4-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\Game_Maker6\UnInstR4.log" "/APPNAME=Game Maker 6 Resource Pack 4" Game Maker 6.1-->C:\Documents and Settings\Camille Romrell\Desktop\Uninstal.exe Game Maker 7.0-->F:\Game Maker\Uninstal.exe Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3} Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall Handmark® Magic Dogs™ for Palm OS-->C:\WINDOWS\unvise32.exe C:\Program Files\Handmark\Magic Dogs for Palm OS\uninstal.log Handmark® MobileDB™ for Palm OS-->C:\WINDOWS\unvise32.exe C:\Program Files\Handmark\MobileDB for Palm OS\uninstal.log Handmark® PDA Money for Palm OS-->C:\WINDOWS\unvise32.exe C:\Program Files\Handmark\PDA Money for Palm OS\uninstal.log HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} HijackThis 2.0.2-->"C:\Documents and Settings\Kelvin Romrell\Desktop\HijackThis.exe" /uninstall HLPIndex-->MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE} HLPSFO-->MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8} Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840} Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe" Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe" Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe" Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe" Hotfix for Windows XP (KB928388)-->"C:\WINDOWS\$NtUninstallKB928388$\spuninst\spuninst.exe" Hotfix for Windows XP (KB929120)-->"C:\WINDOWS\$NtUninstallKB929120$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" hp instant support-->C:\PROGRA~1\HEWLET~1\HPINST~1\Uninstall.exe CeS HP Photo and Imaging 1.0 - PSC 2000 Series Drivers-->MsiExec.exe /X{ED93995E-8BF2-480F-8EA4-7D29E29A7052} HP Photo and Imaging 1.0 - PSC 2000 Series-->C:\Program Files\Hewlett-Packard\Digital Imaging\AiODriver\Drivers\Uninst\enu\hposcr01.exe -forcereboot -datfile hposcr01.dat HP Photo and Imaging 1.0 - PSC 2000 Series-->MsiExec.exe /X{82DFB852-9594-4668-9C66-28BB6E94BCB2} hp psc 2200 series-->rundll32 hpzcon05.dll,VendorJettison hp psc 2200 series InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E} J2SE Runtime Environment 5.0 Update 17-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150170} JumpStart 2nd Grade v1.1-->C:\WINDOWS\IsUninst.exe -fC:\KA\2G\DeIsL1.isu JumpStart Advanced 2nd Grade-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\UNJSA2G.exe JumpStart Field Trip Adventure-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSFTAdvUn.exe JumpStart World Presents Pet Playground-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\PetPlaygroundUn.exe Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_460007_25c6b7\Setup.exe /APR-REMOVE KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267} Kublox-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {01862C0C-3330-47DB-83D1-9E88D1D8DCE4} Line Rider-->G:\Line Rider\Uninstall.exe Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Math 2-->C:\WINDOWS\unvise32.exe C:\Program Files\sz8032\uninstal.log Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf Microsoft Digital Image Suite 10-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=SUITE Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft Learning and Research Plus Support Files-->MsiExec.exe /I{00000000-3976-4267-9F39-1DC4745090B7} Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Converter Pack-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\convpack.isu Microsoft Office XP Small Business-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9} Microsoft Picture It! Express 7.0-->MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE130} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall ModemXpert-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9CB4FEE2-7F47-11D4-B6AD-00A0CC624550}\setup.exe" AnyText MSN Internet Software-->C:\Program Files\MSN\MSNCoreFiles\Setup\msnunin.exe MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96} Musicnotes Player V1.23.1-->"C:\Program Files\Musicnotes\Player\unins000.exe" Mystery Club Detective Academy-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\DetAcademyUn.exe Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2} Netscape (7.1)-->C:\WINDOWS\NSUninst.exe /ua "7.1b1 (en)" NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" ControlPanelAnyText NetZero-->"C:\Program Files\NetZero\uninst.exe" Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2} NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45} Oracle JInitiator 1.3.1.22-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAFECAFE-0013-0001-0122-ABCDEFABCDEF}\Setup.exe" -l0x9 -uninst OTtBP-->MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C} OTtBPSDK-->MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353} palmOne-->MsiExec.exe /X{FF8157AA-F640-45BD-B7C2-BAA1016B267A} PDFCreator-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_1937.exe" -hu _?=C:\Program Files\PDFCreator Toolbar Phonics 2-3-->C:\WINDOWS\unvise32.exe C:\Program Files\sz8064\uninstal.log powerOne Personal v2.1.1 for Handhelds-->C:\PROGRA~1\INFINI~1\POWERO~1\UNWISE.EXE C:\PROGRA~1\INFINI~1\POWERO~1\INSTALL.LOG Quicken 2008-->MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280} Quicken WillMaker Plus 2008-->C:\WINDOWS\unvise32.exe C:\Program Files\Quicken WillMaker Plus 2008\uninstal.log QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175} Readiris 7.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}\setup.exe" -l0x9 RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 Reflection for UNIX and Digital 8.0.2-->MsiExec.exe /I{2ACB03C1-4D55-11D4-8272-00C04F72E405} Replay AV 8-->C:\WINDOWS\iun6002.exe "C:\Program Files\Replay AV 8\uninstallRAV8.ini" Replay Converter 2.8-->C:\WINDOWS\iun6002.exe "C:\Program Files\Replay AV 8\iruninRCV.ini" RiskII (remove only)-->"C:\Program Files\RiskII\Uninstall.exe" Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868} SanDisk TransferMate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{601C6E14-DF1E-4113-A8C8-F9DB90CB0D88}\Setup.exe" -l0x9 Search Enhancements (remove only)-->"C:\Program Files\nzsearch\Uninstall.exe" Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe" Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe" Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe" Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe" Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe" Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe" Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe" Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe" Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe" Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe" Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe" Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe" Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe" Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe" Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe" Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe" Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe" Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe" Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe" Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe" Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe" Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe" Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe" Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe" Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe" Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe" Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe" Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe" Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe" Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B} SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237} Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log SKIN0001-->MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE} SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F} Skype 2.5-->"C:\Program Files\Skype\Phone\unins000.exe" SlingPlayer-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{004B0DCB-4C60-465B-8F01-44B0A4111187} /l1033 SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.EXE" Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe" Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe" Tweak-XP Pro 4-->C:\WINDOWS\iun6002.exe "C:\Program Files\Tweak-XP Pro 4\irunin.ini" Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe" Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Update for Windows XP (KB912945)-->"C:\WINDOWS\$NtUninstallKB912945$\spuninst\spuninst.exe" Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Update for Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe" Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe" Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe" Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe" Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe" Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe" Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe" Verizon FiOS Activation-->"C:\WINDOWS\FIOS\unins000.exe" Verizon High Speed Internet-->"C:\WINDOWS\DSL\unins000.exe" Verizon Online Control Pad-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00A3-F17B-11D6-88EA-000476CD2443}\iSetup.exe" -l0x9 UNINSTALL Verizon Online Support Center-->C:\WINDOWS\Motive\Verizon\MCCUninst.exe Visual IP InSight(Verizon Online)-->C:\Program Files\InstallShield Installation Information\{25EF00A0-F17B-11D6-88EA-000476CD2443}Verizon Online\setup.exe Verizon Online UNINSTALL VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370} Wal-Mart Music Downloads Store-->MsiExec.exe /I{1DB2FBA5-D57A-42A7-8E87-5B3EEBED8283} Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe" Windows XP Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe Windows XP Hotfix - KB885523-->C:\WINDOWS\$NtUninstallKB885523$\spuninst\spuninst.exe Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe Windows XP Hotfix - KB887797-->C:\WINDOWS\$NtUninstallKB887797$\spuninst\spuninst.exe Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe" Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe" Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe" Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe WinPcap 4.0-->C:\Program Files\WinPcap\uninstall.exe WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F} Word Munchers Deluxe-->C:\WINDOWS\uninst.exe -f"C:\Program Files\The Learning Company\WMuncher\DeIsL1.isu" XoftSpySE-->C:\Program Files\XoftSpySE\uninstall.exe Yahoo! Essentials-->C:\Program Files\Yahoo!\Common\unwise.exe C:\progra~1\yahoo!\common\install.log Yahoo! Internet Mail-->C:\WINDOWS\System32\regsvr32 /u /s C:\WINDOWS\DOWNLO~1\ymmapi.dll Yahoo! Login-->C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ylogin.dll Yahoo! Messenger Explorer Bar-->C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\yhexbmes.dll Yahoo! Messenger-->C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG Yahoo! Ten Pin Championship Bowling-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6DE14135-AC19-459A-8A1F-C2AA0AD2D9F7}\Setup.exe" -l0x9 -uninst Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe YouSendIt Application Plug-in SDK-->C:\Program Files\InstallShield Installation Information\{3AE00DF4-ADF1-479E-834C-D1B2E71570BD}\setup.exe -runfromtemp -l0x0409 YouSendIt Express-->C:\Program Files\InstallShield Installation Information\{9F611A4B-1307-4F48-A538-BF6361264C4F}\setup.exe -runfromtemp -l0x0409 =====HijackThis Backups===== O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll (file missing) O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll (file missing) ======Security center information====== AV: AVG Anti-Virus Free (disabled) ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Vantive32;C:\Program Files\QuickTime\QTSystem "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=0602 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "CLASSPATH"=.;C:\Program Files\JavaSoft\JRE\1.3.1\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\JavaSoft\JRE\1.3.1\lib\ext\QTJava.zip -----------------EOF-----------------

farbar View Member Profile	Dec 8 2008, 02:08 PM Post #28
Bleeping Curious Group: HJT Team Posts: 7,103 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	Kelvin, About AVG: Please enable AVG Resident Shield. Make sure it remains enabled except when you run a particular tool like Combofix or an online scanner. Also make sure you have the latest virus definitions. I'm sorry, looks I have made a mistake while I confirmed your action before in enabling Resident Shield I then denied it without intending to do that. You don't have to change any setting in Internet Explorer. When we run Combofix it has rest the Internet setting to its default because often Vundo and other malware lower the security or privacy. I was going to see why Java was not installing, wanted to remove the remaining service or eventually all file, folders and registry entries. I asked the RSIT to check the remains of Java. Since you have installed Java 5 let see if we can run another scanner. If we couldn't we have to clean install Java. The following scanner let you know (in the left part of the screen) if there is any problem with Java. Please do a scan with Kaspersky Online Scanner Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Click on the Accept button and install any components it needs. The program will install and then begin downloading the latest definition files. After the files have been downloaded on the left side of the page in the Scan section select My Computer This will start the program and scan your system. The scan will take a while, so be patient and let it run. Once the scan is complete, click on View scan report Now, click on the Save Report as button. Save the file to your desktop. Copy and paste that information in your next post. -------------------- This is a voluntary free service. However, if you would like to donate click on

Kelvin in Oregon View Member Profile	Dec 8 2008, 02:55 PM Post #29
Member Group: Members Posts: 29 Joined: 27-November 08 Member No.: 261,378	Farbar, Re AVG: I tried to reactivate it once a couple of days ago. It appeared to work, but later it reported that AVG Resident Shield was inactive. I have re-checked the box now and it is active. Hopefully it will stay this way. I'm working on running the Kapersky scan. I clicked on the Accept button. "Downloading and installing the program" is 100% complete. It is Updating the database now. The update size is about 64M. While it was updating, I went to the Dell site (I need to by another computer or two for Christmas). While both of these were occurring, I got a Windows Security Alert popup saying WIndows Firewall had blocked some features of Internet Explorer, and asking whether I want to Keep Blocking, Unblock, or Ask Me Later. I believe I was at about 21M of 64M when this window first popped up. I figured it probably came from the Kapersky scan window, but I guess it could have come from my browsing the Dell site. I thought that the Update was on hold when the message first came up. I clicked on When should I unblock a program? and my system tried to bring up Help and Support Center, which eventually hung. I killed it from Task Manager. I noticed that the Kapersky Update appears to be running again (it is currently at 34M). What should I do about the Windows Security Alert popup? Thanks as always!!!

farbar View Member Profile	Dec 8 2008, 04:22 PM Post #30
Bleeping Curious Group: HJT Team Posts: 7,103 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	In in this case: Please refrain from surfing until Kaspersky runs and finishes the scan. When you don't surf it is needed to let internet to download any active x or update it needed, so don't block anything at the moment. When we are done and you are clean I'll give you more information on the firewall. you can then install a free firewall. -------------------- This is a voluntary free service. However, if you would like to donate click on

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

3 Pages

< 1 2 3 >

2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Switch to: Standard · Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 21st November 2009 - 09:59 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides