 Rootkit Infection, Unable to connect to google sites |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
| Important Announcement: We have a terrific contest still running on the site that I wanted all our members and guests to know about. The chance to win two Seagate FreeAgent external hard drives. More information about this contest can be found here. I suggest everyone submit an entry for them. - BleepingComputer Management |
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jul 1 2008, 04:18 PM
Post
#1
|
|
|
Member  Group: Members Posts: 23 Joined: 1-July 08 Member No.: 219,836  |
Hopefully one of you wonderful people out there will be able to help me here! My problems started yesterday (monday) morning - I was working from home, dialled into work through a VPN connection when suddenly all my telnet sessions dropped. I went into my network connections to re-connect, only to find that my work connection had been deleted, and a new connection called 'internet' had been created. I deleted that, and re-created my work connection, and carried on working - possibly a bit daft but I was in the middle of something urgent, so didnt really stop to think about what I was doing. I then started having problems connecting to any google sites, particularly google mail. This was the point where I realised I really shouldn't have let my anti-virus software get so out of date! So......I un-installed McAfee which had come with my laptop and which had expired, and downloaded & installed AVG 8.0. Virus scan revealed about 4 infected files, and a few tracking cookies, all of which it was able to delete successfully. However, I still had the google connection problems. I then ran a rootkit scan, and it came up with File c:\WINDOWS\System32\Drivers\as299597.SYS Infection hidden driver Result object is hidden I clicked to delete this file, and got the message Object is hidden by a rootkit technique (which is usually used my malicious software). Do you really want to remove it? At this point, I clicked 'No', turned to google on another machine, and hence ended up here Any help which you are able to offer will be very much appreciated!! DSS logs are attached, I will do a Kaspersky scan overnight and post in the morning, although my AVG scan shows no errors other than the hidden file already mentioned Thanks again Ian **************************************************************** Deckard's System Scanner v20071014.68 Run by Ian on 2008-07-01 21:34:41 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 67: 2008-07-01 20:35:12 UTC - RP221 - Deckard's System Scanner Restore Point 66: 2008-07-01 17:16:41 UTC - RP220 - Move file to quarantine: eewaaiqb.dll 65: 2008-07-01 17:15:16 UTC - RP219 - Move file to quarantine: frbpqytj.dll 64: 2008-07-01 17:11:27 UTC - RP218 - Move file to quarantine: qoMcYRIx.dll 63: 2008-07-01 12:17:10 UTC - RP217 - Installed AVG 8.0 -- First Restore Point -- 1: 2008-06-28 09:21:47 UTC - RP155 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Ian.exe) ------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:40:29, on 01/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\Hummingbird\Connectivity\7.10\Inetd\inetd32.exe C:\WINDOWS\system32\Hummingbird\Connectivity\7.10\Jconfig\jconfigdnt.exe C:\WINDOWS\system32\Hummingbird\Connectivity\7.10\Jconfig\hjavaw.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe C:\WINDOWS\system32\nvsvc32.exe c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE C:\WINDOWS\Explorer.EXE C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\KADxMain.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe C:\Program Files\Kontiki\KHost.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Winamp Remote\bin\OrbTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Garmin\gStart.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe C:\Program Files\Winamp Remote\bin\Orb.exe C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Ian\Desktop\dss.exe C:\DOCUME~1\Ian\Desktop\Ian.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=2071115 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=2071115 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=2071115 O1 - Hosts: 172.16.48.1 antares O1 - Hosts: 172.16.48.2 shiva O1 - Hosts: 172.16.48.3 poohcorner O1 - Hosts: 172.16.48.4 vialli O1 - Hosts: 172.16.48.5 ganesh O1 - Hosts: 100.74.80.32 atlas O1 - Hosts: 137.223.65.8 globe O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {514A5C49-0C7D-42c3-A71B-38864A269B7A} - C:\WINDOWS\system32\ytnkohwo.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5BC9278E-EE50-4C8A-ACBF-00AE772FB866} - C:\WINDOWS\system32\bhtlecol.dll (file missing) O2 - BHO: (no name) - {75004187-0143-44D9-8B4F-F0FDEEC5582A} - C:\WINDOWS\system32\nnnnOhGa.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7D3C7FA8-2270-4E6E-8758-87F33B8B3721} - C:\WINDOWS\system32\ssqPfdEW.dll (file missing) O2 - BHO: {d5b3f7ce-a7df-5888-8784-c4542713cf68} - {86fc3172-454c-4878-8885-fd7aec7f3b5d} - C:\WINDOWS\system32\mxocsc.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: (no name) - {A5CC051F-7E99-4A7C-8F00-BCBC06D90703} - C:\WINDOWS\system32\ssqpMeCV.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: (no name) - {E684A5F2-4406-47AC-9E83-B3F36045505B} - C:\WINDOWS\system32\qoMcYRIx.dll (file missing) O2 - BHO: (no name) - {F6F4C721-D7B5-4C06-8EA9-F01DFBB11ABd} - C:\WINDOWS\system32\bhtlecol.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [BM03835f71] Rundll32.exe "C:\WINDOWS\system32\eewaaiqb.dll",s O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) - http://laptop:8889/forms/jinitiator/jinit.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll O20 - Winlogon Notify: ssqPfdEW - ssqPfdEW.dll (file missing) O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\7.10\Inetd\inetd32.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Hummingbird Jconfig Daemon (Jconfigd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\7.10\Jconfig\jconfigdnt.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Ian\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing) O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 15703 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver> R1 StarOpen - c:\windows\system32\drivers\staropen.sys R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.6.0.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.6.0.0> R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.2609> R2 DVDRIVER - c:\windows\system32\drivers\dvdriver.sys <Not Verified; Eagletron Inc.; DVdriver> R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver> R3 btwmodem (Bluetooth Modem) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.2609> R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt> R3 DXEC02 - c:\windows\system32\drivers\dxec02.sys <Not Verified; Knowles Acoustics; DXEC.02 Speech Enhancement> R3 MEMSWEEP2 - c:\windows\system32\a1.tmp (file missing) S2 WebCamDV (WebCamDV DV to Webcam Converter) - c:\windows\system32\drivers\webcamdv.sys (file missing) S3 btwhid - c:\windows\system32\drivers\btwhid.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.2609> S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS> S3 WCDV_Aud (WevCamDV WDM Virtual Audio Device) - c:\windows\system32\drivers\wcdvaud.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 HCLInetd (Hummingbird Inetd) - c:\windows\system32\hummingbird\connectivity\7.10\inetd\inetd32.exe <Not Verified; Hummingbird Ltd.; InetD> R2 Jconfigd (Hummingbird Jconfig Daemon) - c:\windows\system32\hummingbird\connectivity\7.10\jconfig\jconfigdnt.exe <Not Verified; Hummingbird Ltd.; Jconfig> R2 OracleServiceXE - c:\oraclexe\app\oracle\product\10.2.0\server\bin\oracle.exe xe <Not Verified; Oracle Corporation; > R2 OracleXETNSListener - c:\oraclexe\app\oracle\product\10.2.0\server\bin\tnslsnr.exe R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service> R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition> R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSO Service> S2 SessionLauncher - c:\docume~1\ian\locals~1\temp\dx9\sessionlauncher.exe (file missing) S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application> S3 OracleMTSRecoveryService - c:\oraclexe\app\oracle\product\10.2.0\server\bin\omtsreco.exe "oraclemtsrecoveryservice" <Not Verified; Oracle Corporation; Oracle MTS Recovery Service> S3 OracleXEClrAgent - c:\oraclexe\app\oracle\product\10.2.0\server\bin\oraclragnt.exe agent_sid=clrextproc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler> S4 OracleJobSchedulerXE - c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe xe -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-06-28 19:47:07 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-06-01 and 2008-07-01 ----------------------------- 2008-07-01 19:41:53 0 d-------- C:\Program Files\Sophos 2008-07-01 13:24:30 0 d--h----- C:\$AVG8.VAULT$ 2008-07-01 13:17:39 0 d-------- C:\WINDOWS\system32\drivers\Avg 2008-07-01 13:17:39 0 d-------- C:\Documents and Settings\Ian\Application Data\AVGTOOLBAR 2008-07-01 12:05:31 0 d-------- C:\Program Files\AVG 2008-07-01 12:05:30 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-07-01 10:54:03 103424 --a------ C:\WINDOWS\system32\mxocsc.dll 2008-07-01 10:54:02 103424 --a------ C:\WINDOWS\system32\bhglgucd.dll 2008-07-01 10:53:02 553613 --ahs---- C:\WINDOWS\system32\xIRYcMoq.ini2 2008-07-01 09:54:13 103424 --a------ C:\WINDOWS\system32\msvwnt.dll 2008-07-01 09:54:10 103424 --a------ C:\WINDOWS\system32\cvwfbtsi.dll 2008-07-01 09:51:10 81408 --a------ C:\WINDOWS\system32\oqgmoyvt.dll 2008-07-01 09:45:16 90624 --a------ C:\WINDOWS\system32\nlpakyum.dll 2008-07-01 08:57:10 554417 --ahs---- C:\WINDOWS\system32\VCeMpqss.ini2 2008-06-30 23:08:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-30 22:26:02 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2008-06-30 22:25:54 0 d-------- C:\Program Files\Security Task Manager 2008-06-30 21:12:37 0 d-------- C:\Documents and Settings\Ian\.housecall6.6 2008-06-30 06:45:39 554031 --ahs---- C:\WINDOWS\system32\uFihPqru.ini2 2008-06-29 12:07:56 553615 --ahs---- C:\WINDOWS\system32\OVEgNXbc.ini2 2008-06-29 07:25:15 553600 --ahs---- C:\WINDOWS\system32\iihkQXbc.ini2 2008-06-28 10:21:36 557707 --ahs---- C:\WINDOWS\system32\aGhOnnnn.ini2 2008-06-28 08:56:58 0 d-------- C:\Documents and Settings\Lara\Application Data\CyberLink 2008-06-21 22:17:41 0 d-------- C:\Program Files\QuickTime 2008-06-21 22:17:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-06-21 13:47:05 0 d-------- C:\Program Files\KaraFun 2008-06-21 13:47:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Recisio 2008-06-14 07:22:35 0 d-------- C:\Program Files\Platform Studio 2008-06-14 07:12:52 0 d-------- C:\Program Files\Game_Maker7 2008-06-12 14:31:15 0 d-------- C:\scheduler 2008-06-02 13:25:40 0 d-------- C:\Program Files\Classic Menu for Office -- Find3M Report --------------------------------------------------------------- 2008-07-01 17:33:04 0 d-------- C:\Documents and Settings\Ian\Application Data\OpenOffice.org2 2008-07-01 16:54:39 0 d-------- C:\Program Files\Winamp Remote 2008-07-01 11:29:56 0 d-------- C:\Program Files\Common Files 2008-07-01 11:29:13 0 d-------- C:\Program Files\McAfee 2008-06-29 07:34:27 0 d-------- C:\Program Files\RocketDock 2008-06-28 10:07:06 0 d-------- C:\Documents and Settings\Ian\Application Data\uTorrent 2008-06-24 07:17:26 0 d-------- C:\Program Files\Mozilla Thunderbird 2008-06-21 14:36:35 0 d-------- C:\Program Files\uTorrent 2008-06-21 07:45:14 0 d-------- C:\Program Files\Guitar Hero Explorer 2008-06-19 09:30:38 0 d-------- C:\Documents and Settings\Ian\Application Data\Mozilla 2008-06-16 19:23:14 0 d-------- C:\Documents and Settings\Ian\Application Data\FileZilla 2008-06-16 08:17:48 0 d-------- C:\Program Files\FileZilla Client 2008-06-12 15:41:11 0 d-------- C:\Documents and Settings\Ian\Application Data\SQL Developer 2008-06-02 13:51:35 0 d-------- C:\Program Files\MagicDVDRipper 2008-05-29 07:58:25 0 d-------- C:\Program Files\HyCam2 2008-05-25 06:47:05 135571 --a------ C:\WINDOWS\system32\nvModes.dat 2008-05-24 07:42:03 0 d-------- C:\Program Files\Frets on Fire 2008-05-19 18:25:45 0 d-------- C:\Documents and Settings\Ian\Application Data\Thunderbird 2008-05-10 23:00:59 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-05-06 15:05:04 0 d-------- C:\Program Files\PLSQL Developer 2008-04-08 15:15:02 5632 --a------ C:\Documents and Settings\Ian\Application Data\DMX.bmk -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{514A5C49-0C7D-42c3-A71B-38864A269B7A}] C:\WINDOWS\system32\ytnkohwo.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BC9278E-EE50-4C8A-ACBF-00AE772FB866}] C:\WINDOWS\system32\bhtlecol.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75004187-0143-44D9-8B4F-F0FDEEC5582A}] C:\WINDOWS\system32\nnnnOhGa.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D3C7FA8-2270-4E6E-8758-87F33B8B3721}] C:\WINDOWS\system32\ssqPfdEW.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86fc3172-454c-4878-8885-fd7aec7f3b5d}] 01/07/2008 10:54 103424 --a------ C:\WINDOWS\system32\mxocsc.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] 01/07/2008 13:17 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A5CC051F-7E99-4A7C-8F00-BCBC06D90703}] C:\WINDOWS\system32\ssqpMeCV.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E684A5F2-4406-47AC-9E83-B3F36045505B}] C:\WINDOWS\system32\qoMcYRIx.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6F4C721-D7B5-4C06-8EA9-F01DFBB11ABd}] C:\WINDOWS\system32\bhtlecol.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [04/10/2007 21:06 1135968] [-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [09/07/2007 23:21] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/06/2007 16:34] "nwiz"="nwiz.exe" [06/06/2007 16:35 C:\WINDOWS\system32\nwiz.exe] "NVHotkey"="nvHotkey.dll" [06/06/2007 16:34 C:\WINDOWS\system32\nvhotkey.dll] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [06/06/2007 16:34] "SigmatelSysTrayApp"="stsystra.exe" [09/07/2007 23:03 C:\WINDOWS\stsystra.exe] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [21/02/2007 12:19] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [21/02/2007 12:17] "KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [02/11/2006 15:05] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [03/10/2006 12:35] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [11/09/2006 05:40] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [16/04/2007 17:10] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 10:24] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [15/11/2007 15:26] "ECenter"="C:\Dell\E-Center\EULALauncher.exe" [24/05/2007 08:03] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 22:22] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25] "@"="" [] "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [24/08/2007 16:52] "DMXLauncher"="C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" [14/08/2007 04:44] "kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [15/11/2007 10:23] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27/05/2008 10:50] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [01/07/2008 13:17] "BM03835f71"="C:\WINDOWS\system32\eewaaiqb.dll" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [15/03/2007 13:09] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [19/11/2007 22:44] "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [07/01/2008 21:02] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [15/11/2007 10:23] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 06:00] "kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23] "gStart"="C:\Garmin\gStart.exe" [06/09/2006 11:05] C:\Documents and Settings\Ian\Start Menu\Programs\Startup\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [17/08/2007 22:57:56] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [24/05/2006 19:28:28] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [15/11/2007 15:16:28] Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [06/08/2003 14:23:32] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{7D3C7FA8-2270-4E6E-8758-87F33B8B3721}"= C:\WINDOWS\system32\ssqPfdEW.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqPfdEW] ssqPfdEW.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\qoMcYRIx [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2c3f495-96c3-11dc-b481-806d6172696f}] AutoRun\command- D:\MEET_DAVE_(PC).exe *Newly Created Service* - ISDRV122 *Newly Created Service* - MEMSWEEP2 -- Hosts ----------------------------------------------------------------------- 127.0.0.1 localhost 192.168.2.1 wrouter 172.16.48.1 antares 172.16.48.2 shiva 172.16.48.3 poohcorner 172.16.48.4 vialli 172.16.48.5 ganesh 100.74.80.32 atlas 137.223.65.8 globe -- End of Deckard's System Scanner: finished at 2008-07-01 21:42:00 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Core™2 Duo CPU T5250 @ 1.50GHz CPU 1: Intel® Core™2 Duo CPU T5250 @ 1.50GHz Percentage of Memory in Use: 47% Physical Memory (total/avail): 2046.11 MiB / 1066.99 MiB Pagefile Memory (total/avail): 3937.77 MiB / 2601.9 MiB Virtual Memory (total/avail): 2047.88 MiB / 1915.4 MiB C: is Fixed (NTFS) - 143.44 GiB total, 30.73 GiB free. D: is CDROM (UDF) E: is CDROM (No Media) F: is CDROM (No Media) \\.\PHYSICALDRIVE0 - TOSHIBA MK1637GSX - 149.05 GiB - 4 partitions \PARTITION0 - Unknown - 109.79 MiB \PARTITION1 (bootable) - Installable File System - 143.44 GiB - C: \PARTITION2 - Extended w/Extended Int 13 - 2.5 GiB \PARTITION3 - Unknown - 3 GiB -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. AV: AVG Anti-Virus v8.0 (AVG Technologies) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"="C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program" "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk" "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service" "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb" "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray" "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:File Transfer Program" "C:\\Program Files\\Hummingbird\\Connectivity\\7.10\\Exceed\\exceed.exe"="C:\\Program Files\\Hummingbird\\Connectivity\\7.10\\Exceed\\exceed.exe:*:Enabled:X server for Win32" "C:\\DevSuiteHome_1\\jdev\\bin\\jdevw.exe"="C:\\DevSuiteHome_1\\jdev\\bin\\jdevw.exe:*:Enabled:jdevw" "C:\\Program Files\\Eagletron\\DVdriver\\dvdriver.exe"="C:\\Program Files\\Eagletron\\DVdriver\\dvdriver.exe:*:Enabled:dvdriver application" "C:\\Documents and Settings\\Ian\\Local Settings\\Temp\\rld11.exe"="C:\\Documents and Settings\\Ian\\Local Settings\\Temp\\rld11.exe:*:Enabled:UK Provider" "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe" "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe" "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Ian\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=LAPTOP ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Ian LOGONSERVER=\\LAPTOP NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Program Files\Java\jre1.5.0_06\bin;C:\DevSuiteHome_1\jdk\jre\bin\classic;C:\DevSuiteHome_1\jdk\jre\bin;C:\DevSuiteHome_1\jdk\jre\bin\client;C:\DevSuiteHome_1\jlib;C:\DevSuiteHome_1\bin;C:\DevSuiteHome_1\jre\1.4.2\bin\client;C:\DevSuiteHome_1\jre\1.4.2\bin;C:\oraclexe\app\oracle\product\10.2.0\server\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Hummingbird\Connectivity\7.10\Accessories\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0d ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip RoxioCentral=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\ SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Ian\LOCALS~1\Temp TMP=C:\DOCUME~1\Ian\LOCALS~1\Temp USERDOMAIN=LAPTOP USERNAME=Ian USERPROFILE=C:\Documents and Settings\Ian windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles --------------------------------------------------------------- Ian (admin) Lara (admin) Beth (admin) Ethan (admin) Administrator (admin) Guest (new local, guest) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {4F3FCD41-AD1C-4EE8-9D5C-35DBA58BA060} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} AVG 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL BAMZOOKi v3.1 (build 115.158) --> "C:\Program Files\BAMZOOKi\unins000.exe" Broadcom Management Programs --> MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449} Browser Address Error Redirector --> MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F} Classic Menu 3.x for Office 2007 --> "C:\Program Files\Classic Menu for Office\unins000.exe" Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf CuteFTP 8 Professional --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91F34319-08DE-457A-99C0-0BCDFAC145B9}\Setup.exe" -l0x9 CyberSky --> C:\PROGRA~1\CyberSky\UNWISE.EXE C:\PROGRA~1\CyberSky\INSTALL.LOG Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1} Dell Touchpad --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D} Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly DirectXInstallService --> MsiExec.exe /X{098122AB-C605-4853-B441-C0A4EB359B75} DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DVdriver Trial ver. 1.0.2.3 --> "C:\Program Files\Eagletron\DVdriver\unins000.exe" EMC 10 Content --> MsiExec.exe /X{FDB46DE7-9045-47BB-970A-3E4ED5369E03} FileZilla Client 3.0.11 --> C:\Program Files\FileZilla Client\uninstall.exe FoxyTunes for Firefox --> "C:\PROGRA~1\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul Frets On Fire --> "C:\Program Files\Frets on Fire\Uninstall.exe" Game Maker 7.0 --> C:\Program Files\Game_Maker7\Uninstal.exe Garmin City Navigator Europe NT v9 --> MsiExec.exe /X{200B415D-7CC6-4818-8624-9E43EDF19D9C} Garmin Training Center v5 --> MsiExec.exe /X{DE659AC8-EEF0-4115-AA0C-6500D194FB10} GNU Backgammon 0.15-stable (20061119 code) --> "C:\Program Files\gnubg\unins000.exe" Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe" Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" GoogleTalk Sidebar Conference --> MsiExec.exe /I{BCBEB840-D76E-4F7B-94C4-A6AABAC75490} Guitar Hero Explorer --> MsiExec.exe /I{2B072A33-D445-46D5-9442-7B41F5171AAC} High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe HijackThis 2.0.2 --> "C:\Documents and Settings\Ian\Desktop\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat Hummingbird Exceed V7.1 --> MsiExec.exe /I{CFBD3858-2164-42B0-84A2-576C18C85082} HyperCam 2 --> "C:\Program Files\HyCam2\UnHyCam2.exe" Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe IntelliSonic Speech Enhancement --> MsiExec.exe /X{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370} J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} KaraFun 1.18 --> "C:\Program Files\KaraFun\unins000.exe" Knowledge Xpert for PLSQL V8.6 --> C:\PROGRA~1\QUESTS~1\KNOWLE~1\PLSQL\UNWISE.EXE C:\PROGRA~1\QUESTS~1\KNOWLE~1\PLSQL\INSTALL.LOG Knowledge Xpert for PLSQL V9.0 --> C:\PROGRA~1\QUESTS~1\KNOWLE~1\PLSQL\UNWISE.EXE C:\PROGRA~1\QUESTS~1\KNOWLE~1\PLSQL\INSTALL.LOG Lexmark Z600 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBCUN5C.EXE -dLexmark Z600 Series Magic DVD Ripper V5.2.1 build 6 --> "C:\Program Files\MagicDVDRipper\unins000.exe" Magic ISO Maker v5.3 (build 0221) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG Magic MP3 Tagger 2.2.4d --> "C:\Program Files\Magic MP3 Tagger\unins000.exe" Main --> C:\Program Files\3 Vallées\Itineraire\Q3DUnInst.exe mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779} mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49} MediaDirect --> C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B} Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Document Explorer 2005 --> C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe Microsoft Document Explorer 2005 --> MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1} Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9} Microsoft Office OneNote 2003 --> MsiExec.exe /I{90A10409-6000-11D3-8CFE-0150048383C9} Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft Office Project Professional 2003 --> MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9} Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual SourceSafe 2005 - ENU --> "C:\Program Files\Microsoft Visual SourceSafe\Microsoft Visual SourceSafe 2005 - ENU\setup.exe" Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1} mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F} mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B} Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (2.0.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9} mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83} mSCfg --> MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538} MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB} MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA} mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023} NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI OpenOffice.org 2.3 --> MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A} Oracle Data Provider for .NET Help --> MsiExec.exe /I{6AA003BF-73E5-4911-ADB7-71DD5674DDD4} Oracle Database 10g Express Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F0BC0F9E-C4A8-485C-93ED-424DB9EA3F75} /l1033 Oracle JInitiator 1.3.1.22 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAFECAFE-0013-0001-0122-ABCDEFABCDEF}\Setup.exe" -l0x9 -uninst OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56} Platform Studio 3.2 Standard Edition --> "C:\Program Files\Platform Studio\unins000.exe" PSP Video 9 2.25 --> C:\Program Files\Red Kawa\Video Converter\uninstaller.exe Qexplain2full --> MsiExec.exe /I{67CF58F5-DBA4-4340-99EA-D71BC07D23EE} Quest Software Toad for Oracle Version 8.6 --> C:\PROGRA~1\QUESTS~1\TOADFO~1\UNINST~1.EXE Quest Software Toad for Oracle Version 9.0.1 --> C:\PROGRA~1\QUESTS~1\TOADFO~1\UNINST~1.EXE Quest SQL Tuning --> C:\PROGRA~1\QUESTS~1\TOADFO~1\TUNING~1\UNWISE.EXE C:\PROGRA~1\QUESTS~1\TOADFO~1\TUNING~1\INSTALL.LOG Quest SQL Tuning for Oracle --> C:\PROGRA~1\QUESTS~1\TOADFO~1\TUNING~1\UNWISE.EXE C:\PROGRA~1\QUESTS~1\TOADFO~1\TUNING~1\install.log QuickSet --> C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175} RocketDock 1.3.5 --> "C:\Program Files\RocketDock\unins000.exe" Roxio Activation Module --> MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810} Roxio BackOnTrack --> MsiExec.exe /I{5A06423A-210C-49FB-950E-CB0EB8C5CEC7} Roxio Central Audio --> MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83} Roxio Central Copy --> MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD} Roxio Central Core --> MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB} Roxio Central Data --> MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693} Roxio Central Tools --> MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4} Roxio CinePlayer --> MsiExec.exe /I{1B683082-8791-4D00-8ADE-6C8986FCCC68} Roxio CinePlayer Decoder Pack --> MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B} Roxio Disc Gallery --> MsiExec.exe /I{3E67A8DA-FE7B-4160-8465-F5571EA18753} Roxio Easy Media Creator 10 Suite --> MsiExec.exe /I{BF83EFE2-C9F0-40D4-841C-2066668C1D7A} Roxio File Backup --> MsiExec.exe /I{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB} Roxio MediaShare --> MsiExec.exe /I{9A9A1828-31D1-4590-A99F-022B7237AFAE} Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe SAMSUNG Mobile Composite Device Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Samsung PC Studio 3 --> "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly SearchAssist --> C:\DELL\SearchAssist\UninstSA.bat Security Task Manager 1.7f --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager" Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Sky Anytime --> MsiExec.exe /X{DD30C2FD-F485-46A8-8153-88EC2650BC79} SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0} Sony Vegas Movie Studio 8.0 --> MsiExec.exe /X{6D3A42EA-DFD9-4E8A-A9DC-3DE9B162BEDD} Sophos Anti-Rootkit 1.3.1 --> C:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe remove SportTracks 2.0 --> MsiExec.exe /I{DBB86FEF-CA7B-4A63-AE37-BA774D799168} Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" TextPad 5 --> MsiExec.exe /X{B6EC7388-E277-4A5B-8C8F-71067A41BA64} The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe The Sims 2 Open For Business --> C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe Tiscali Internet --> MsiExec.exe /I{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6} Virtual Villagers --> "C:\Program Files\MSN Games\Virtual Villagers\Uninstall.exe" "C:\Program Files\MSN Games\Virtual Villagers\install.log" VNC Free Edition 4.1.2 --> "C:\Program Files\RealVNC\VNC4\unins000.exe" WIDCOMM Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679} Winamp --> "C:\Program Files\Winamp\UninstWA.exe" Winamp Remote --> "C:\Program Files\Winamp Remote\uninstall.exe" Winamp Toolbar --> "C:\Program Files\Winamp Toolbar\uninstall.exe" Windows Installer Clean Up --> MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53} Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5} XP Codec Pack --> C:\Program Files\XP Codec Pack\Uninstall.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type8702 / Warning Event Submitted/Written: 07/01/2008 11:00:44 AM Event ID/Source: 32066 / Microsoft Fax Event Description: At least one of the devices in the outgoing routing group is not valid. Group name: '<All devices>' Event Record #/Type8590 / Error Event Submitted/Written: 07/01/2008 00:06:26 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application spybotsd.exe, version 1.5.2.20, faulting module spybotsd.exe, version 1.5.2.20, fault address 0x002e609b. Processing media-specific event for [spybotsd.exe!ws!] Event Record #/Type8589 / Error Event Submitted/Written: 07/01/2008 00:06:20 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application spybotsd.exe, version 1.5.2.20, faulting module kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b. Processing media-specific event for [spybotsd.exe!ws!] Event Record #/Type8588 / Error Event Submitted/Written: 07/01/2008 00:06:11 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application spybotsd.exe, version 1.5.2.20, faulting module kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b. Processing media-specific event for [spybotsd.exe!ws!] Event Record #/Type8586 / Error Event Submitted/Written: 06/30/2008 10:27:25 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application explorer.exe, version 6.0.2900.3156, faulting module ole32.dll, version 5.1.2600.2726, fault address 0x0003030f. Processing media-specific event for [explorer.exe!ws!] -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type26799 / Error Event Submitted/Written: 07/01/2008 05:28:34 PM Event ID/Source: 7000 / Service Control Manager Event Description: The WebCamDV DV to Webcam Converter service failed to start due to the following error: %%2 Event Record #/Type26798 / Error Event Submitted/Written: 07/01/2008 05:28:34 PM Event ID/Source: 7000 / Service Control Manager Event Description: The SessionLauncher service failed to start due to the following error: %%2 Event Record #/Type26797 / Warning Event Submitted/Written: 07/01/2008 05:28:02 PM Event ID/Source: 1007 / Dhcp Event Description: Your computer has automatically configured the IP address for the Network Card with network address 001CBF373C3F. The IP address being used is 169.254.7.18. Event Record #/Type26796 / Warning Event Submitted/Written: 07/01/2008 05:27:39 PM Event ID/Source: 1003 / Dhcp Event Description: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001CBF373C3F. The following error occurred: %%121. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Event Record #/Type26764 / Error Event Submitted/Written: 07/01/2008 01:59:53 PM Event ID/Source: 7000 / Service Control Manager Event Description: The WebCamDV DV to Webcam Converter service failed to start due to the following error: %%2 -- End of Deckard's System Scanner: finished at 2008-07-01 21:42:00 ------------ |
 |
 
|
|
Jul 1 2008, 07:06 PM
Post
#2
|
|
 Forum Regular Group: HJT Team Posts: 233 Joined: 4-March 06 Member No.: 57,930 |
Hi, Ian66
 Welcome. Please download ComboFix from Here or Here to your Desktop. **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
-----------------------------------------------------------
----------------------------------------------------------- |
|
|
|
|
Jul 3 2008, 03:51 PM
Post
#3
|
|
|
Member Group: Members Posts: 23 Joined: 1-July 08 Member No.: 219,836 |
JSntgRvr - many many thanks for helping out with this! ok, here we go Kapersky log from prior to running ComboFix -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Thursday, July 3, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Tuesday, July 01, 2008 21:46:32 Records in database: 903012 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ Scan statistics: Files scanned: 153051 Threat name: 4 Infected objects: 24 Suspicious objects: 0 Duration of the scan: 08:04:22 File name / Threat name / Threats count C:\Program Files\RealVNC\VNC4\WinVNC4.exe/C:\Program Files\RealVNC\VNC4\WinVNC4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1 C:\Documents and Settings\All Users\Application Data\SecTaskMan\cseveyxq.dll.q_8046801_q Infected: Trojan.Win32.Obfuscated.auw 1 C:\Documents and Settings\All Users\Application Data\SecTaskMan\dvgepa.dll.q_8049401_q Infected: Trojan.Win32.Monderc.gen 1 C:\Documents and Settings\All Users\Application Data\SecTaskMan\eewaaiqb.dll.q_8046201_q Infected: Trojan.Win32.Monderc.gen 1 C:\Documents and Settings\All Users\Application Data\SecTaskMan\frbpqytj.dll.q_8043E01_q Infected: Trojan.Win32.Monderc.gen 1 C:\Documents and Settings\All Users\Application Data\SecTaskMan\nnnnOhGa.dll.q_804E004_q Infected: Trojan.Win32.Monder.wi 1 C:\Documents and Settings\All Users\Application Data\SecTaskMan\qoMcYRIx.dll.q_804DE04_q Infected: Trojan.Win32.Monderc.gen 1 C:\Documents and Settings\Ian\Local Settings\Temporary Internet Files\Content.IE5\KY83D7RR\kb456456[1] Infected: Trojan.Win32.Monderc.gen 1 C:\Documents and Settings\Ian\Local Settings\Temporary Internet Files\Content.IE5\OTNMJXRF\kb671231[1] Infected: Trojan.Win32.Monderc.gen 1 C:\Documents and Settings\Ian\Local Settings\Temporary Internet Files\Content.IE5\YZJVD7W4\kb767887[1] Infected: Trojan.Win32.Monderc.gen 1 C:\Documents and Settings\Ian\My Documents\My Downloads\vnc-4_1_2-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 4 C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1 C:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1 C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1 C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1 C:\WINDOWS\system32\bhglgucd.dll Infected: Trojan.Win32.Monderc.gen 1 C:\WINDOWS\system32\cvwfbtsi.dll Infected: Trojan.Win32.Monderc.gen 1 C:\WINDOWS\system32\msvwnt.dll Infected: Trojan.Win32.Monderc.gen 1 C:\WINDOWS\system32\mxocsc.dll Infected: Trojan.Win32.Monderc.gen 1 C:\WINDOWS\system32\nlpakyum.dll Infected: Trojan.Win32.Monderc.gen 1 C:\WINDOWS\system32\oqgmoyvt.dll Infected: Trojan.Win32.Monderc.gen 1 The selected area was scanned. ComboFix ComboFix 08-07-02.5 - Ian 2008-07-03 21:16:29.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015 [GMT 1:00] Running from: C:\Documents and Settings\Ian\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BM03835f71.txt C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\aGhOnnnn.ini C:\WINDOWS\system32\aGhOnnnn.ini2 C:\WINDOWS\system32\bhglgucd.dll C:\WINDOWS\system32\cvwfbtsi.dll C:\WINDOWS\system32\dkvqvbia.ini C:\WINDOWS\system32\fpniqxrd.ini C:\WINDOWS\system32\fsnmjgca.ini C:\WINDOWS\system32\iihkQXbc.ini C:\WINDOWS\system32\iihkQXbc.ini2 C:\WINDOWS\system32\jtyqpbrf.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mmleqqyr.ini C:\WINDOWS\system32\msvwnt.dll C:\WINDOWS\system32\nlpakyum.dll C:\WINDOWS\system32\oqgmoyvt.dll C:\WINDOWS\system32\OVEgNXbc.ini C:\WINDOWS\system32\OVEgNXbc.ini2 C:\WINDOWS\system32\pntdoapk.ini C:\WINDOWS\system32\qrdooxmc.ini C:\WINDOWS\system32\tvyomgqo.ini C:\WINDOWS\system32\uFihPqru.ini C:\WINDOWS\system32\uFihPqru.ini2 C:\WINDOWS\system32\VCeMpqss.ini C:\WINDOWS\system32\VCeMpqss.ini2 C:\WINDOWS\system32\wiuruwbu.ini C:\WINDOWS\system32\wwvgdngv.ini C:\WINDOWS\system32\xIRYcMoq.ini C:\WINDOWS\system32\xIRYcMoq.ini2 . ((((((((((((((((((((((((( Files Created from 2008-06-03 to 2008-07-03 ))))))))))))))))))))))))))))))) . 2008-07-01 21:10 . 2008-07-01 21:10 <DIR> d-------- C:\Deckard 2008-07-01 19:41 . 2008-07-01 19:41 <DIR> d-------- C:\Program Files\Sophos 2008-07-01 13:24 . 2008-07-03 20:14 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-07-01 13:17 . 2008-07-03 21:31 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-07-01 13:17 . 2008-07-01 13:17 <DIR> d-------- C:\Documents and Settings\Ian\Application Data\AVGTOOLBAR 2008-07-01 13:17 . 2008-07-01 13:17 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-01 13:17 . 2008-07-01 13:17 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-07-01 13:17 . 2008-07-01 13:17 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys 2008-07-01 13:17 . 2008-07-01 13:17 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-07-01 12:05 . 2008-07-01 12:05 <DIR> d-------- C:\Program Files\AVG 2008-07-01 12:05 . 2008-07-01 13:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-06-30 23:08 . 2008-06-30 23:08 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-06-30 23:08 . 2008-07-01 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-30 22:26 . 2008-07-03 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2008-06-30 22:25 . 2008-06-30 23:07 <DIR> d-------- C:\Program Files\Security Task Manager 2008-06-30 21:15 . 2008-07-01 10:20 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-06-30 21:12 . 2008-07-01 10:22 <DIR> d-------- C:\Documents and Settings\Ian\.housecall6.6 2008-06-28 22:23 . 2008-07-03 20:15 110,415 --a------ C:\WINDOWS\BM03835f71.xml 2008-06-28 08:59 . 2008-06-28 08:59 268 --ah----- C:\sqmdata12.sqm 2008-06-28 08:59 . 2008-06-28 08:59 244 --ah----- C:\sqmnoopt12.sqm 2008-06-28 08:56 . 2008-06-28 08:56 <DIR> d-------- C:\Documents and Settings\Lara\Application Data\CyberLink 2008-06-25 11:05 . 2008-06-25 11:05 0 --a------ C:\expdat.dmp.gz 2008-06-21 22:17 . 2008-06-21 22:18 <DIR> d-------- C:\Program Files\QuickTime 2008-06-21 22:17 . 2008-06-21 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-06-21 13:47 . 2008-06-21 13:47 <DIR> d-------- C:\Program Files\KaraFun 2008-06-21 13:47 . 2008-06-21 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Recisio 2008-06-17 21:11 . 2008-06-17 21:11 268 --ah----- C:\sqmdata11.sqm 2008-06-17 21:11 . 2008-06-17 21:11 244 --ah----- C:\sqmnoopt11.sqm 2008-06-14 07:22 . 2008-06-21 14:17 <DIR> d-------- C:\Program Files\Platform Studio 2008-06-14 07:13 . 2008-06-14 07:13 0 --ah----- C:\WINDOWS\SwSys2.bmp 2008-06-14 07:13 . 2008-06-14 07:13 0 --ah----- C:\WINDOWS\SwSys1.bmp 2008-06-14 07:12 . 2008-06-14 07:12 <DIR> d-------- C:\Program Files\Game_Maker7 2008-06-12 14:31 . 2008-06-12 14:31 <DIR> d-------- C:\scheduler 2008-06-11 09:46 . 2008-06-13 14:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 09:46 . 2008-06-13 14:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-03 20:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki 2008-07-01 22:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-01 16:33 --------- d-----w C:\Documents and Settings\Ian\Application Data\OpenOffice.org2 2008-07-01 15:54 --------- d-----w C:\Program Files\Winamp Remote 2008-07-01 10:29 --------- d-----w C:\Program Files\McAfee 2008-07-01 10:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2008-06-29 06:34 --------- d-----w C:\Program Files\RocketDock 2008-06-28 09:07 --------- d-----w C:\Documents and Settings\Ian\Application Data\uTorrent 2008-06-28 08:01 --------- d-----w C:\Documents and Settings\Ethan\Application Data\uTorrent 2008-06-24 06:17 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-06-21 13:36 --------- d-----w C:\Program Files\uTorrent 2008-06-21 06:45 --------- d-----w C:\Program Files\Guitar Hero Explorer 2008-06-16 18:23 --------- d-----w C:\Documents and Settings\Ian\Application Data\FileZilla 2008-06-16 07:17 --------- d-----w C:\Program Files\FileZilla Client 2008-06-12 14:41 --------- d-----w C:\Documents and Settings\Ian\Application Data\SQL Developer 2008-06-02 12:51 --------- d-----w C:\Program Files\MagicDVDRipper 2008-06-02 12:25 --------- d-----w C:\Program Files\Classic Menu for Office 2008-05-29 06:58 --------- d-----w C:\Program Files\HyCam2 2008-05-25 11:19 --------- d-----w C:\Documents and Settings\Ethan\Application Data\OnReally 2008-05-25 06:21 0 ----a-w C:\Documents and Settings\Guest\Application Data\wklnhst.dat 2008-05-25 06:21 --------- d-----w C:\Documents and Settings\Guest\Application Data\Template 2008-05-25 05:49 --------- d-----w C:\Documents and Settings\Guest\Application Data\Thunderbird 2008-05-25 05:47 --------- d-----w C:\Documents and Settings\Guest\Application Data\Roxio 2008-05-24 06:43 --------- d-----w C:\Documents and Settings\Ethan\Application Data\fretsonfire 2008-05-24 06:42 --------- d-----w C:\Program Files\Frets on Fire 2008-05-20 05:47 --------- d-----w C:\Documents and Settings\Ethan\Application Data\Thunderbird 2008-05-19 17:25 --------- d-----w C:\Documents and Settings\Ian\Application Data\Thunderbird 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-06 14:05 --------- d-----w C:\Program Files\PLSQL Developer 2007-12-18 08:58 1,071,978 ----a-w C:\Program Files\WoW-2.0.0-enGB-Installer-downloader.exe 2007-11-21 07:52 0 ----a-w C:\Documents and Settings\Ethan\Application Data\wklnhst.dat 2004-11-01 10:19 3,118,262 ----a-w C:\Program Files\Setup.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 13:09 460784] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-19 22:44 68856] "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 21:02 495616] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360] "kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23 1032640] "gStart"="C:\Garmin\gStart.exe" [2006-09-06 11:05 1891416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-09 23:21 851968] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-06 16:34 8429568] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-06 16:34 81920] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 12:19 819200] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 12:17 970752] "KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 15:05 282624] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 05:40 86960] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 17:10 184320] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-15 15:26 1862144] "ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-24 08:03 17920] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 16:52 240112] "DMXLauncher"="C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 04:44 113136] "kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23 1032640] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544] "QuickTime Task"="C:\Program Files\QuickTime |