 I Have Reason To Believe Somethign Is Screwing With My System Files And Or Drivers |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
| Important Announcement: We have two terrific contests running on the site that I wanted all our members and guests to know about. The first contest is the HP Magic Giveaway, which is underway as of November 28th. More information can be found at this topic, which will be updated very soon with further information. The second contests, is for the chance to win two Seagate FreeAgent external hard drives. More information about this contest can be found here. These are both amazing contests and I suggest everyone submit an entry for them. - BleepingComputer Management |
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 May 4 2008, 02:30 AM
Post
#31
|
|
 Distinguished Member  Group: Members Posts: 811 Joined: 25-October 07 From: Sydney, AUSTRALIA :] Member No.: 165,216  |
 [/URL]and then it "scanned" my system. [URL=http://imageshack.us]  Will update and scan with MBAM -------------------- "People die of disease and accident. Death comes suddenly and there is no notion of good or bad. It leaves, not a dramatic feeling but great emptiness. When you lose someone you loved very much you feel this big empty space and think, 'If I had known this was coming I would have done things differently.' These are the feelings I wanted to arouse in the players with Aerith's death relatively early in the game. Feelings of reality and not Hollywood." - Yoshinori Kitase |
 |
 
|
|
May 4 2008, 04:02 AM
Post
#32
|
|
|
Distinguished Member Group: Members Posts: 811 Joined: 25-October 07 From: Sydney, AUSTRALIA :] Member No.: 165,216 |
Malwarebytes' Anti-Malware 1.11
Database version: 714 Scan type: Full Scan (C:\|) Objects scanned: 75285 Time elapsed: 1 hour(s), 5 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) The only thing it found was an old MyWebSearch reg key. I thought I was clean of this infection a long time ago. Im having the popups again >.> -------------------- "People die of disease and accident. Death comes suddenly and there is no notion of good or bad. It leaves, not a dramatic feeling but great emptiness. When you lose someone you loved very much you feel this big empty space and think, 'If I had known this was coming I would have done things differently.' These are the feelings I wanted to arouse in the players with Aerith's death relatively early in the game. Feelings of reality and not Hollywood." - Yoshinori Kitase |
|
|
|
|
May 6 2008, 06:18 AM
Post
#33
|
|
|
Distinguished Member Group: Members Posts: 811 Joined: 25-October 07 From: Sydney, AUSTRALIA :] Member No.: 165,216 |
Bump;
C'mon.. Don't leave me out here in the cold 
-------------------- "People die of disease and accident. Death comes suddenly and there is no notion of good or bad. It leaves, not a dramatic feeling but great emptiness. When you lose someone you loved very much you feel this big empty space and think, 'If I had known this was coming I would have done things differently.' These are the feelings I wanted to arouse in the players with Aerith's death relatively early in the game. Feelings of reality and not Hollywood." - Yoshinori Kitase |
|
|
|
|
May 7 2008, 10:45 AM
Post
#34
|
|
 I will eat your Malware Group: HJT Team Coach Posts: 2,345 Joined: 14-November 04 From: Ontario Member No.: 5,056 |
Hi,
Sorry for delay. I didn't get my email notice you replied. If this happens again .. shoot me a PM. This yellow ! in device manager.. this appeared After you ran CF? Run system restore to just before you ran CF please (on Friday) Post a fresh Hijackthis log please. Let me know if the yellow ! has resolved. Let me know if Avast is working properly. Let me know if you still get XPAntivirus popups. Thanks -------------------- I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing. And to drink...a nice tall glass of adware! For dessert; can I have a bowl of the freshest worms you have please?. Never Give Up! If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware  |
|
|
|
|
May 8 2008, 08:57 AM
Post
#35
|
|
|
Distinguished Member Group: Members Posts: 811 Joined: 25-October 07 From: Sydney, AUSTRALIA :] Member No.: 165,216 |
Its okay
 Well the thing is I don't have anything with a yellow ! in device manager. Bad news; there is no restore point for that date. Avast still won't run. And I'm not getting anymore pop ups. Heres a fresh HJT log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:56:51 PM, on 5/8/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Comodo\CBOClean\BOCORE.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\SiteAdvisor\6253\SAService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\SiteAdvisor\6253\SiteAdv.exe C:\PROGRA~1\Comodo\CBOClean\BOC425.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Comodo\Firewall\cfp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Last.fm\LastFMHelper.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Opera\Opera.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 0;<local> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file) O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1172654987125 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{644A5BCD-E876-488D-9889-BEF3F3EEBB50}: NameServer = 203.2.75.132 198.142.0.51 O17 - HKLM\System\CS1\Services\Tcpip\..\{644A5BCD-E876-488D-9889-BEF3F3EEBB50}: NameServer = 203.2.75.132 198.142.0.51 O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\ O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 7060 bytes Also; everytime I boot my computer Avast Setup is in my running process. -------------------- "People die of disease and accident. Death comes suddenly and there is no notion of good or bad. It leaves, not a dramatic feeling but great emptiness. When you lose someone you loved very much you feel this big empty space and think, 'If I had known this was coming I would have done things differently.' These are the feelings I wanted to arouse in the players with Aerith's death relatively early in the game. Feelings of reality and not Hollywood." - Yoshinori Kitase |
|
|
|
|
May 11 2008, 06:15 AM
Post
#36
|
|
|
Distinguished Member Group: Members Posts: 811 Joined: 25-October 07 From: Sydney, AUSTRALIA :] Member No.: 165,216 |
BUMP!
-------------------- "People die of disease and accident. Death comes suddenly and there is no notion of good or bad. It leaves, not a dramatic feeling but great emptiness. When you lose someone you loved very much you feel this big empty space and think, 'If I had known this was coming I would have done things differently.' These are the feelings I wanted to arouse in the players with Aerith's death relatively early in the game. Feelings of reality and not Hollywood." - Yoshinori Kitase |
|
|
|
|
May 11 2008, 10:22 AM
Post
#37
|
|
|
I will eat your Malware Group: HJT Team Coach Posts: 2,345 Joined: 14-November 04 From: Ontario Member No.: 5,056 |
Hi,
Sorry for delay. Disable your TeaTimer then uninstall Avast and re-install it. Make sure to get the updates. Next: Download Dr.Webs CureIt to your desktop: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Double-click the drweb-cureit.exe file and allow it to run the express scan. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, select the "full system scan" Click the green arrow > to the right and the scan will begin. At the first infection, select 'Yes to all' if it asks if you want to cure/move the file. When the scan has finished, click the "Select all" toggle button (if available) next to the files found Then click the green cup icon right below and select Move incurable This will move any infected files to the %userprofile%\DoctorWeb\quarantaine-folder that can't be cured (in case if we need samples). Then, from the main Dr.Web CureIt menu (top left), click File and choose save report list Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit and Restart your computer to completely remove any stubborn files in reboot. Post back with the DrWeb.csv report please. Thanks
-------------------- I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing. And to drink...a nice tall glass of adware! For dessert; can I have a bowl of the freshest worms you have please?. Never Give Up! If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware |
|
|
|
|
May 12 2008, 08:58 AM
Post
#38
|
|
|
Distinguished Member Group: Members Posts: 811 Joined: 25-October 07 From: Sydney, AUSTRALIA :] Member No.: 165,216 |
Hi,
Will download Dr Web asap. Can't do it tonight as I am very tired (have had a long week of school and work). I will tomorrow mornign probably. Also, my autoruns are oly back for removable media. They don't work for CDs. -------------------- "People die of disease and accident. Death comes suddenly and there is no notion of good or bad. It leaves, not a dramatic feeling but great emptiness. When you lose someone you loved very much you feel this big empty space and think, 'If I had known this was coming I would have done things differently.' These are the feelings I wanted to arouse in the players with Aerith's death relatively early in the game. Feelings of reality and not Hollywood." - Yoshinori Kitase |
|
|
|
|
May 15 2008, 02:29 AM
Post
#39
|
|
|
Distinguished Member Group: Members Posts: 811 Joined: 25-October 07 From: Sydney, AUSTRALIA :] Member No.: 165,216 |
Hi; I will download and run the program tomorrow night.
Sorry, been having some personal issues and have had trouble getting online. -------------------- "People die of disease and accident. Death comes suddenly and there is no notion of good or bad. It leaves, not a dramatic feeling but great emptiness. When you lose someone you loved very much you feel this big empty space and think, 'If I had known this was coming I would have done things differently.' These are the feelings I wanted to arouse in the players with Aerith's death relatively early in the game. Feelings of reality and not Hollywood." - Yoshinori Kitase |
|
|
|
|
May 16 2008, 01:02 AM
Post
#40
|
|
|
I will eat your Malware Group: HJT Team Coach Posts: 2,345 Joined: 14-November 04 From: Ontario Member No.: 5,056 |
Ok.
I'll watch for ya.
-------------------- I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing. And to drink...a nice tall glass of adware! For dessert; can I have a bowl of the freshest worms you have please?. Never Give Up! If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware |
|
|
|
|
May 24 2008, 06:24 AM
Post
#41
|
|
|
Distinguished Member Group: Members Posts: 811 Joined: 25-October 07 From: Sydney, AUSTRALIA :] Member No.: 165,216 |
Hi Blender I know its been a while but I've had a fair bit of drama happening in my life. I have uninstalled avast and installed avira anti vir. I ran a full system scan with it after install and everything was clean. I downloaded and ran Dr Web and the scans only showed things that spybot had quarentined. I didn't take an action using Dr Web because they had already been taken care of. However if you think it would be wise for me to remove these, please tell me and I will ASAP. -------- Now heres the next couple of problems. I still have the issue with screen resolution. However, when this happens and windows has started I get a balloon from Windows Security Center telling me that Avira is turned off. Which makes me believe there is somethign funny going on. However, when I reboot and get the resolution back to normal this does not happen. I still believe something is indeed wrong. Also. I let someone use my computer because they wanted to download some stuff (this was yesterday). I trusted them I told them there is to be no pornography, no warez, no programs downloaded and no torrents/ GUESS WHAT HE WENT AND DOWNLOADED. I understand teenage boys have urges but come on!!! Anyway, I have got two infections from his urges (hehe, that sounds really funny  ), avira quarentined them straight away.The detections were: Contains detection pattern of the Windows virus W32/Sality.L Trojan Horse TR/Drop.VB.LU.2 (there is two of these in quarentine- but from the same file) I think the dropper may have caused a bit of harm. Havent noticed anything yet but still.. Should I run a Kaspersky scan? or another Dr Web? anything?? The next thing. Last night a strange folder appeared on my desktop called %SystemDrive% Heres a fresh DSS log. Deckard's System Scanner v20071014.68 Run by Ireland on 2008-05-24 21:14:22 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 3 Restore Point(s) -- 3: 2008-05-24 11:15:03 UTC - RP26 - Deckard's System Scanner Restore Point 2: 2008-05-22 09:36:46 UTC - RP25 - System Checkpoint 1: 2008-05-18 08:58:10 UTC - RP24 - Avira AntiVir Personal - 5/18/2008 18:57 Performed disk cleanup. Percentage of Memory in Use: 82% (more than 75%). System Drive C: has 1.01 GiB (less than 15%) free. -- HijackThis (run as Ireland.exe) --------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:16:31 PM, on 5/24/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\SiteAdvisor\6253\SAService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\SiteAdvisor\6253\SiteAdv.exe C:\Program Files\Comodo\Firewall\cfp.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\Ireland\desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Ireland.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 0;<local> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file) O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O4 - Startup: Last.fm Helper.lnk.disabled O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1172654987125 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{644A5BCD-E876-488D-9889-BEF3F3EEBB50}: NameServer = 203.2.75.132 198.142.0.51 O17 - HKLM\System\CS1\Services\Tcpip\..\{644A5BCD-E876-488D-9889-BEF3F3EEBB50}: NameServer = 203.2.75.132 198.142.0.51 O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\ O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 6622 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080322-173432-112 O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file) backup-20080322-173432-444 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) -- File Associations ----------------------------------------------------------- .reg - regfile - shell\open\command - regedit.exe "%1" %* .scr - scrfile - shell\open\command - "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- S1 SASKUTIL - c:\program files\superantispyware\saskutil.sys (file missing) S3 catchme - c:\combofix\catchme.sys (file missing) S3 CoachUsb (Digital Camera on USB) - c:\windows\system32\drivers\coachusb.sys (file missing) S3 SABProcEnum - c:\program files\mozilla firefox\sabprocenum.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation> S2 WinVNC4 (VNC Server Version 4) - "c:\program files\realvnc\vnc4\winvnc4.exe" -service S3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Process Modules ------------------------------------------------------------- C:\WINDOWS\explorer.exe (pid 1436) 2006-06-12 07:08:50 544768 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll <Not Verified; Nokia; Phone Browser> 2006-06-01 09:51:34 557056 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll <Not Verified; Nokia; PCSCM> 2006-06-05 13:04:02 242688 --a------ C:\WINDOWS\system32\ConnAPI.dll <Not Verified; Nokia.; Nokia Connectivity API> 2006-06-08 11:36:28 25088 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.NLR <Not Verified; Nokia; Nokia Phone Browser> 2006-06-01 10:00:46 569344 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.NGR <Not Verified; Nokia; Nokia Phone Browser> 2005-09-23 06:28:38 83456 --a------ C:\WINDOWS\system32\dfshim.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework> 2005-09-23 06:28:52 270848 --a------ C:\WINDOWS\system32\mscoree.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework> 2005-08-03 21:32:08 125440 --a------ C:\Program Files\WinRAR\RarExt.dll 2008-01-23 19:08:37 69889 --a------ C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll <Not Verified; Avira GmbH; AntiVir Workstation> 2007-06-04 17:12:22 98816 --a------ C:\Program Files\Messenger Plus! Live\Scripts\Enhancer\script_helper.dll -- Scheduled Tasks ------------------------------------------------------------- 2008-01-23 10:50:10 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-04-24 and 2008-05-24 ----------------------------- 2008-05-23 22:53:32 0 d---s---- C:\WINDOWS\system32\%SystemDrive% <%SYSTE~1> 2008-05-23 21:06:02 0 d-------- C:\Documents and Settings\Ireland\DoctorWeb 2008-05-18 19:05:13 0 dr-h----- C:\Documents and Settings\Ireland\Recent 2008-05-18 18:58:32 0 d-------- C:\Program Files\Avira 2008-05-18 18:58:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-05-17 23:48:22 0 d-------- C:\Documents and Settings\Ireland\Application Data\wsInspector 2008-05-17 16:44:22 0 d-------- C:\Program Files\Startup Inspector for Windows 2008-05-09 23:15:52 0 d-------- C:\Program Files\Recuva 2008-04-27 18:46:11 0 d-------- C:\cmdcons 2008-04-25 18:02:13 0 d-------- C:\Program Files\filehippo.com 2008-04-24 22:21:26 43352 --ah----- C:\WINDOWS\system32\mlfcache.dat -- Find3M Report --------------------------------------------------------------- 2008-05-18 21:36:44 0 d-------- C:\Program Files\LimeWire 2008-05-17 13:10:10 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-25 18:29:27 0 d-------- C:\Program Files\SpywareBlaster 2008-04-18 17:38:15 0 d-------- C:\Program Files\Gmer 2008-04-16 02:34:36 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-04-11 18:16:01 0 d-------- C:\Program Files\Java 2008-04-11 14:00:46 0 d-------- C:\Program Files\Windows Live 2008-04-11 13:59:44 0 d-------- C:\Program Files\Imikimi 2008-04-11 13:58:08 0 d-------- C:\Program Files\Google 2008-04-11 13:57:21 0 d-------- C:\Program Files\EULAlyzer 2008-04-08 01:43:42 0 d-------- C:\Program Files\Common Files 2008-04-05 19:39:07 0 d-------- C:\Program Files\Opera 2008-04-04 22:19:30 0 d-------- C:\Program Files\Cagles Mill Guitar Tuner 2008-04-04 22:14:02 0 d-------- C:\Documents and Settings\Ireland\Application Data\Malwarebytes 2008-04-02 19:33:42 0 d-------- C:\Program Files\SpywareGuard -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [02/09/2007 12:39 PM] "BOC-425"="C:\PROGRA~1\Comodo\CBOClean\BOC425.exe" [11/26/2007 09:38 AM] "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [03/22/2008 03:20 PM] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM] C:\Documents and Settings\Ireland\Start Menu\Programs\Startup\ Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [10/27/2007 10:05:08 PM] Last.fm Helper.lnk.disabled [5/18/2008 9:20:21 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) "disableregistrytools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"= C:\WINDOWS\system32\guard32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup -- End of Deckard's System Scanner: finished at 2008-05-24 21:21:58 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Pentium® 4 CPU 1.50GHz Percentage of Memory in Use: 86% Physical Memory (total/avail): 575.53 MiB / 75.89 MiB Pagefile Memory (total/avail): 1408.2 MiB / 598.85 MiB Virtual Memory (total/avail): 2047.88 MiB / 1910.5 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 7.45 GiB total, 1.01 GiB free. D: is CDROM (No Media) E: is Removable (FAT) F: is Removable (FAT) \\.\PHYSICALDRIVE0 - WDC WD80EB-28CGH1 - 7.45 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 7.45 GiB - C: \\.\PHYSICALDRIVE2 - Nokia Nokia 6288 USB Device - 964.84 MiB - 1 partition \PARTITION0 - MS-DOS V4 Huge - 968.5 MiB - F: \\.\PHYSICALDRIVE1 - TOSHIBA TransMemory USB Device - 949.15 MiB - 1 partition \PARTITION0 (bootable) - Win95 w/Extended Int 13 - 955.48 MiB - E: -- Security Center ------------------------------------------------------------- AUOptions is set to notify before download. Windows Internal Firewall is disabled. FW: COMODO Firewall Pro v3.0 (COMODO) AV: Avira AntiVir PersonalEdition v8.0.1.15 (Avira GmbH) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Disabled:RTC App Sharing" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Ireland\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=JOHN ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Ireland LOGONSERVER=\\JOHN NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0102 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Ireland\LOCALS~1\Temp TMP=C:\DOCUME~1\Ireland\LOCALS~1\Temp USERDOMAIN=JOHN USERNAME=Ireland USERPROFILE=C:\Documents and Settings\Ireland windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Ireland (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} Avira AntiVir Personal – Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE BOClean --> C:\WINDOWS\UNBOC.EXE Cagles Mill Guitar Tuner Version 1.2 --> "C:\Program Files\Cagles Mill Guitar Tuner\unins000.exe" CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u CoreVorbis Audio Decoder (remove only) --> "C:\WINDOWS\system32\CoreVorbis-uninstall.exe" Direct Show Ogg Vorbis Filter (remove only) --> "C:\WINDOWS\system32\OggDSuninst.exe" DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Pro Trial --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe" EVEREST Home Edition v2.20 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe" ffdshow (remove only) --> "C:\Program Files\ffdshow\uninstall.exe" filehippo.com Update Checker --> "C:\Program Files\filehippo.com\uninstall.exe" HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall HJT Assistant --> rundll32.exe dfshim.dll,ShArpMaintain HJT Assistant.application, Culture=neutral, PublicKeyToken=e1865a4e25268059, processorArchitecture=msil Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Huffyuv AVI lossless video codec (Remove Only) --> rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF Intel® Integrated Performance Primitives RTI 4.0 --> MsiExec.exe /X{51C91B84-7B46-4FE7-8999-8228CFA75F89} iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306} Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\k |