Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple "this Page Cannot Be Displayed" Pgs Popping Up


  • This topic is locked This topic is locked
15 replies to this topic

#1 starglow

starglow

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 05 April 2008 - 04:05 PM

My problem: While online, all of a sudden "This Page Cannot Be Displayed" pages start popping up continuously. Checking the white address bar on a couple of these pages (they pop up too fast to look at every one) I see the word "Winfixer" in the address. I ran Adaware and Spy Bot, those didn't help. We downloaded another program, I forget the name, it said we had Virtumonde. I have NORTON 360. That didn't fix the problem either.

EDITED TO ADD: The popping up "This Page Cannot BE Displayed" just happened after I posted this message. I was able to hit "print screen' and here is the address in the white address bar:

<http://202.67.220.231/trafc/redir.php?cmp=winfixer&nid=md>

Here are the logs. I hope I did everything correctly:

MAIN

Deckard's System Scanner v20071014.68
Run by heather on 2008-04-05 16:48:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
8: 2008-04-05 20:49:14 UTC - RP1899 - Deckard's System Scanner Restore Point
7: 2008-04-04 23:42:48 UTC - RP1898 - System Checkpoint
6: 2008-04-03 23:37:51 UTC - RP1897 - System Checkpoint
5: 2008-04-02 23:00:30 UTC - RP1896 - System Checkpoint
4: 2008-04-01 22:53:17 UTC - RP1895 - System Checkpoint


-- First Restore Point --
1: 2008-03-29 09:11:30 UTC - RP1892 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 4.55 GiB (less than 15%) free.


-- HijackThis (run as heather.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:52:51 PM, on 4/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\PROGRA~1\SQUARE~1\stdbmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\heather\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\heather.exe
C:\WINDOWS\system32\dumprep.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...://www.msn.com/
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: MSEvents Object - {3EBDDEDC-85D1-462F-B875-F013A8EA7B8D} - C:\WINDOWS\Fonts\expms.dll
O2 - BHO: C:\DOCUME~1\heather\LOCALS~1\Temp\ssc.dll - {41E69E32-FE22-4934-AF7A-262035CDFE86} - C:\DOCUME~1\heather\LOCALS~1\Temp\ssc.dll (file missing)
O2 - BHO: PopBlock Class - {A25A30C9-6D9A-46D0-A92C-05ABD82A83AE} - C:\Program Files\AdBlocker\PopupBlocker.dll
O2 - BHO: C:\WINDOWS\system32\ssc.dll - {B4C671BF-2B90-496B-B565-2CBEB053F171} - C:\WINDOWS\system32\ssc.dll (file missing)
O2 - BHO: C:\WINDOWS\system32\ssc.dll - {D1DD6A19-6B4A-48FB-92E8-FDA77A9D6C4D} - C:\WINDOWS\system32\ssc.dll (file missing)
O2 - BHO: Square Trade Shopping Assistant - {E3788F79-18CF-4D9A-A7B4-1BF43E914A8A} - C:\Program Files\SquareTrade SideBar\shpasst.dll
O2 - BHO: C:\DOCUME~1\heather\LOCALS~1\Temp\ssc.dll - {E72CBD61-B670-450A-841A-0768D52099DA} - C:\DOCUME~1\heather\LOCALS~1\Temp\ssc.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [zzzHPSETUP] H:\Setup.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Write DVD-R!] C:\Program Files\Write DVD!\saimon.exe
O4 - HKLM\..\Run: [Configuration Loaded] wupdated.exe
O4 - HKLM\..\Run: [SRDO20M] C:\WINDOWS\System32\SRDO20M.exe
O4 - HKLM\..\Run: [BurnQuick Queue] C:\Program Files\BurnQuick\BQTray.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [NI.UWAS5LP_0001_0811] "C:\Documents and Settings\trent\Local Settings\Temporary Internet Files\Content.IE5\GH6RG1I7\WAS5Scan[1].exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SquareTrade SideBar] "C:\Program Files\SquareTrade SideBar\sthlpr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\RunServices: [Configuration Loaded] wupdated.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-448539723-179605362-1417001333-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'tom')
O4 - HKUS\S-1-5-21-448539723-179605362-1417001333-1004\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe" (User 'tom')
O4 - HKUS\S-1-5-21-448539723-179605362-1417001333-1004\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" (User 'tom')
O4 - HKUS\S-1-5-21-448539723-179605362-1417001333-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'tom')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL (file missing)
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: SquareTrade SideBar - {7B3E5F6B-ADF4-4731-9DAD-AC8AE9A4DFEC} - C:\Program Files\SquareTrade SideBar\shpasst.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O20 - Winlogon Notify: expms - C:\WINDOWS\Fonts\expms.dll
O20 - Winlogon Notify: mllmn - mllmn.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11855 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 saicdr - c:\windows\system32\drivers\saicdr.sys <Not Verified; Software Architects, Inc.; >
R1 saiudf - c:\windows\system32\drivers\saiudf.sys <Not Verified; Software Architects, Inc.; >
R2 CINEMSUP (Software Cinemaster NT4.0 Driver) - c:\windows\system32\drivers\cinemsup.sys <Not Verified; Divicore Inc.; Software CineMaster NT 4/Win2K>

S0 Cdr4vsd - c:\windows\system32\drivers\cdr4vsd.sys <Not Verified; Adaptec; Adaptec's CD-R Helper Drivers>
S1 saicdrwup - c:\windows\system32\drivers\saicdrwup.sys <Not Verified; Software Architects, Inc.; >
S3 iMSPQMn - c:\docume~1\tom\locals~1\temp\imspqmn.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Diskeeper - c:\program files\executive software\diskeeper\dkservice.exe <Not Verified; Executive Software International, Inc.; Diskeeper ™ Disk Defragmenter>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-03-05 and 2008-04-05 -----------------------------

2008-04-05 16:35:02 0 d-------- C:\Program Files\Trend Micro
2008-03-28 18:30:41 0 d-------- C:\Program Files\Norton 360
2008-03-23 10:29:36 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-22 18:21:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-21 22:40:45 0 d-------- C:\Documents and Settings\heather\Application Data\HP
2008-03-21 22:37:47 0 d-------- C:\Documents and Settings\trent\Application Data\HP
2008-03-21 22:33:39 0 d-------- C:\Documents and Settings\trent\Application Data\HPAppData
2008-03-21 22:32:22 0 d-------- C:\Documents and Settings\mary\Application Data\HP
2008-03-21 22:29:18 0 d-------- C:\Documents and Settings\mary\Application Data\HPAppData
2008-03-21 22:21:54 0 d-------- C:\Documents and Settings\heather\Application Data\HPAppData
2008-03-21 21:59:17 0 d-------- C:\Documents and Settings\tom\Application Data\HP
2008-03-21 21:37:47 0 d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-03-21 21:35:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-03-21 21:29:49 0 d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-03-21 21:29:32 0 d-------- C:\Documents and Settings\tom\Application Data\HPAppData
2008-03-21 21:26:40 0 d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-03-21 21:26:39 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-03-21 21:26:02 0 d-------- C:\Program Files\Common Files\HP
2008-03-21 21:23:42 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-03-21 21:20:40 8138 -----n--- C:\WINDOWS\hpomdl21.dat
2008-03-21 21:20:40 147618 --a------ C:\WINDOWS\hpoins21.dat
2008-03-14 23:58:48 0 d-------- C:\Documents and Settings\tom\Application Data\TAC
2008-03-14 23:56:53 0 d-------- C:\Program Files\TAC


-- Find3M Report ---------------------------------------------------------------

2008-04-05 16:50:20 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-28 19:05:25 0 d-------- C:\Program Files\Symantec
2008-03-28 19:02:23 0 d-a------ C:\Program Files\Common Files
2008-03-28 17:56:06 0 d-------- C:\Program Files\Lavasoft
2008-03-22 23:46:33 0 d-------- C:\Program Files\MyWay
2008-03-22 18:23:06 0 d-------- C:\Documents and Settings\heather\Application Data\Lavasoft
2008-03-21 22:34:02 0 d-------- C:\Program Files\Plaxo
2008-03-21 22:10:54 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-03-21 22:10:48 0 d-------- C:\Program Files\Roxio
2008-03-21 21:29:49 0 d-------- C:\Program Files\HP
2008-03-21 20:37:50 0 d-------- C:\Program Files\Google
2008-03-21 20:29:59 0 d-------- C:\Program Files\Hewlett-Packard
2008-03-21 20:24:39 0 d-------- C:\Program Files\Piolet
2008-03-21 20:20:18 0 d-------- C:\Program Files\Microsoft Silverlight
2008-02-08 21:48:03 0 d-------- C:\Program Files\ICQ
2008-02-05 01:59:15 0 d-------- C:\Program Files\WMV9_VCM
2008-01-28 23:22:41 9852896 --a------ C:\LiveBilliards22enDemo.exe <Not Verified; Tavex, Ltd.; >


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
03/02/2007 04:52 PM 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
03/02/2007 04:52 PM 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3EBDDEDC-85D1-462F-B875-F013A8EA7B8D}]
06/13/2005 11:50 AM 516116 --------- C:\WINDOWS\Fonts\expms.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41E69E32-FE22-4934-AF7A-262035CDFE86}]
C:\DOCUME~1\heather\LOCALS~1\Temp\ssc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A25A30C9-6D9A-46D0-A92C-05ABD82A83AE}]
08/22/2003 11:37 AM 40960 --a------ C:\Program Files\AdBlocker\PopupBlocker.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4C671BF-2B90-496B-B565-2CBEB053F171}]
C:\WINDOWS\system32\ssc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1DD6A19-6B4A-48FB-92E8-FDA77A9D6C4D}]
C:\WINDOWS\system32\ssc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3788F79-18CF-4D9A-A7B4-1BF43E914A8A}]
01/27/2006 02:33 PM 245760 --------- C:\Program Files\SquareTrade SideBar\shpasst.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E72CBD61-B670-450A-841A-0768D52099DA}]
C:\DOCUME~1\heather\LOCALS~1\Temp\ssc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe" [02/22/2004 11:44 PM]
"zzzHPSETUP"="H:\Setup.exe" []
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [07/16/2002 09:21 PM]
"Write DVD-R!"="C:\Program Files\Write DVD!\saimon.exe" [07/18/2003 12:34 PM]
"Configuration Loaded"="wupdated.exe" []
"SRDO20M"="C:\WINDOWS\System32\SRDO20M.exe" []
"BurnQuick Queue"="C:\Program Files\BurnQuick\BQTray.exe" [06/15/2006 10:49 AM]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe" [08/18/2003 05:46 PM]
"NI.UWAS5LP_0001_0811"="C:\Documents and Settings\trent\Local Settings\Temporary Internet Files\Content.IE5\GH6RG1I7\WAS5Scan[1].exe" []
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [08/06/2001 02:03 PM]
"SquareTrade SideBar"="C:\Program Files\SquareTrade SideBar\sthlpr.exe" [01/17/2006 06:51 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/03/2006 08:26 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/23/2006 03:45 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07/11/2006 01:06 PM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [02/17/2005 12:11 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/17/2007 09:54 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 05:38 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 07:23 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 11:37 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Configuration Loaded"=wupdated.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/11/2007 9:26:24 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 4:05:56 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\expms]
C:\WINDOWS\Fonts\expms.dll 06/13/2005 11:50 AM 516116 C:\WINDOWS\Fonts\expms.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllmn]
mllmn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-04-05 16:56:20 ------------






EXTRA

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 2600+
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 511.48 MiB / 189.19 MiB
Pagefile Memory (total/avail): 865.54 MiB / 457.01 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928 MiB

A: is Removable (FAT)
C: is Fixed (NTFS) - 74.52 GiB total, 4.83 GiB free.
D: is Fixed (FAT32) - 9.76 GiB total, 0.31 GiB free.
E: is Fixed (FAT32) - 2.92 GiB total, 2.89 GiB free.
F: is Fixed (FAT32) - 2.92 GiB total, 2.92 GiB free.
G: is Fixed (FAT32) - 2.92 GiB total, 0 GiB free.
H: is CDROM (No Media)
I: is CDROM (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE1 - WDC WD205AA - 19.11 GiB - 4 partitions
\PARTITION0 (bootable) - Unknown - 9.77 GiB - D:
\PARTITION1 - Unknown - 2.93 GiB - E:
\PARTITION2 - Unknown - 2.93 GiB - F:
\PARTITION3 - Unknown - 2.93 GiB - G:

\\.\PHYSICALDRIVE0 - WDC WD800JB-00DUA3 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:

\\.\PHYSICALDRIVE2 - HP USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: Norton 360 v2007 (SYMANTEC Corperation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Program Files\\Blubster\\Blubster.exe"="C:\\Program Files\\Blubster\\Blubster.exe:*:Enabled:MP2P servent main executable"
"C:\\Program Files\\Piolet\\Piolet.exe"="C:\\Program Files\\Piolet\\Piolet.exe:*:Enabled:Piolet servent main executable"
"C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking2.exe"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking2.exe:*:Enabled:P2P Networking"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe:*:Disabled:HP Software Update Client"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1143434408\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1143434408\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1143434408\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1143434408\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\heather\Application Data
CLASSPATH=C:\Program Files\Java\j2re1.4.2_04\lib\ext\QTJava.zip
COLLECTIONID=COL7299
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JACKSON
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HMSERVER=https://vausnzisprob.austin.hp.com/wuss/servlet/WUSSServlet
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\heather
ITEMID=oj-21918-1
LANG=1033
LOGONSERVER=\\JACKSON
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
OSVER=winXPH
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Executive Software\Diskeeper\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_04\lib\ext\QTJava.zip
SESSIONID=1197481161048g1u0355c.austin.hp.com-4439d774:11793dda9d9:-793c
SESSIONNAME=Console
SWUTVER=1.0.18.30716
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\heather\LOCALS~1\Temp
TIMEOUT=0
TMP=C:\DOCUME~1\heather\LOCALS~1\Temp
TOOLPATH=/C:/Program%20Files/Hewlett-Packard/HP%20Software%20Update/install.htm
UPDATEDIR=C:\DOCUME~1\tom\LOCALS~1\Temp\radD0433.tmp
USERDOMAIN=JACKSON
USERNAME=heather
USERPROFILE=C:\Documents and Settings\heather
VERSION=2.1.5
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

tom (admin)
mary (admin)
heather (admin)
trent (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\Setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B65F068-5A91-4B41-AE3A-0BCC34DC7904}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B65F068-5A91-4B41-AE3A-0BCC34DC7904}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9A812DA-143D-4780-BEDC-FD6D41386317}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9A812DA-143D-4780-BEDC-FD6D41386317}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
AccessDiver Master List Creator --> C:\PROGRA~1\ACCESS~2\UNWISE.EXE C:\PROGRA~1\ACCESS~2\INSTALL.LOG
AccessDiver v4.120 --> "C:\Program Files\Accessdiver\unins000.exe"
Ad-aware 6 Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Advanced X Video Converter --> "C:\Program Files\XVideoConverter\unins000.exe"
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ArcSoft Panorama Maker 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71A271BC-9147-4074-B8FA-C222E6C5084D}\setup.exe" -l0x9 -uninst
ATI Multimedia Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEE2C9FF-FAB4-4A36-B2CD-862C26A58E7E}\setup.exe"
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Avery DesignPro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}\setup.exe" -uninst
Bazooka Spyware Scanner --> "C:\Program Files\Bazooka Spyware Scanner\Uninstall.exe" "C:\Program Files\Bazooka Spyware Scanner\install.log"
BeeThink MP3 WMA To WAV Converter 2.0 --> "C:\Program Files\BeeThink MP3 WMA To Wav 2.0\unins000.exe"
Biliardo --> C:\Program Files\Biliardo\Uninstall.exe "C:\Program Files\Biliardo\install.log"
Burn4Free 1.0.0.568 --> "C:\Program Files\Burn4Free\unins000.exe"
BurnQuick --> C:\WINDOWS\iun6002.exe "C:\Program Files\BurnQuick\irunin.ini"
Cakewalk Pyro 2004 --> C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CD LabelMaker Easy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E2CD3A0-505B-11D4-867E-E56CE477E832}\setup.exe"
CD Wave Editor version 1.93.1 --> "C:\Program Files\CD Wave\unins000.exe"
CDLAB 2000 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\CDLabel\ST6UNST.LOG"
CoCSoft Stream Down 5.2 --> C:\PROGRA~1\COCSOF~1\UNWISE.EXE C:\PROGRA~1\COCSOF~1\INSTALL.LOG
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative MuVo NX-TX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B124151-B6A0-492C-8838-0854B800535D}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
DAK Wave MP3 Editor Pro --> MsiExec.exe /I{1C02D187-9256-4B08-92D1-82922DBE4D52}
Diskeeper Home Edition --> MsiExec.exe /X{10CA154D-A9D5-4CE9-B739-2361518108C7}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Photo Slideshow Pro 6.12 --> C:\Program Files\DVD Photo Slideshow Professional\uninst.exe
Easy Hi-Q Recorder 1.5 --> "C:\Program Files\Easy Hi-Q Recorder\unins000.exe"
Easy MP3 To WAV Maker --> C:\WINDOWS\ISUninst.exe -f"C:\Program Files\Easy MP3 To WAV\Easy MP3 To WAV Maker\easymp3.isu"
EasyRecorder version 4.31 --> "C:\Program Files\Microluck\EasyRecorder\unins000.exe"
Family Tree Maker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FE85D571-8BFE-4AB9-A7FB-54BBCA2E910B}\SETUP.EXE" -l0x9
File Renamer 2.0 --> "C:\Program Files\Princeton Software Company\File Renamer\unins000.exe"
FireStorm CD & DVD --> "C:\Program Files\FireStorm CD & DVD\unins000.exe"
Flash Movie Extract Pilot --> "C:\Program Files\Flash Movie Extract Pilot\unins000.exe"
GearDrvs --> MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
GMAT POWERPREP --> C:\WINDOWS\IsUninst.exe -fC:\ETS\PPGMAT.ISU
Grab & Burn, Version 5.0.2 Free( Build 2006-08-23, Win32, CSS ) --> "C:\Program Files\Rocket Division Software\GrabBurn\unins000.exe"
GUIDE PLUS+™ for Windows® System --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99D34763-7E45-4FE5-8424-28DBC3A5F0BF}\setup.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Customer Participation Program 9.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
hp deskjet 5600 --> msiexec /x{8CDC6712-AF80-459E-911F-F1E156CB0AB0}
HP Imaging Device Functions 9.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP OCR Software 9.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 9.0 --> C:\Program Files\HP\Digital Imaging\{B46AC30C-22D2-4610-B041-1DA7BB29EB57}\setup\hpzscr01.exe -datfile hposcr21.dat
HP Photosmart Essential 2.01 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
hp print screen utility --> C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
HP Smart Web Printing --> MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center 9.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply --> MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
HyperCam --> "C:\Program Files\HyperCam\Uninstall.exe"
ICQ --> C:\PROGRA~1\ICQ\ICQUninstall.EXE
iPod for Windows 2006-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1033
Java 2 Runtime Environment Standard Edition v1.3.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1\Uninst.isu"
Java 2 Runtime Environment Standard Edition v1.3.1_08 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B11CAD0E-0E0F-11D7-88BE-0050DA21757E}\Setup.exe" -uninst
Java 2 Runtime Environment, SE v1.4.1_02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext
Java 2 Runtime Environment, SE v1.4.2_01 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010}
Java 2 Runtime Environment, SE v1.4.2_04 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
Java 2 SDK Standard Edition v1.3.1_08 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{300E45A2-0E10-11D7-88BE-0050DA21757E}\Setup.exe" -uninst
Java Web Start --> "C:\Program Files\Java\j2re1.4.2_01\javaws\uninst-javaws.exe"
LimeShop --> javaw -cp "C:\Program Files\LimeShop\System\Code" Main lp: "C:\Program Files\LimeShop" ls: deletefeature ld: feature=limeshop.xml
LimeWire 4.8.1 --> "C:\Program Files\LimeWire\uninstall.exe"
Live Billiards 2 Demo --> "C:\Program Files\TerraGame\Live Billiards 2\unins000.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Magic DVD Ripper V3.4 --> "C:\Program Files\MagicDVDRipper\unins000.exe"
MAGIX audio cleaning lab 2004 --> C:\MAGIX\cleaningLab_2004\unwise.exe
MAGIX Media Manager silver --> C:\MAGIX\Media_Manager\instslct.exe
MAGIX Movies on CD & DVD 2004 --> C:\MAGIX\Movies_on_CD_DVD_2004\instslct.exe
Maxell CreateIt --> C:\WINDOWS\mvuninst\App2\unwise.exe C:\WINDOWS\MVUNINST\APP2\INSTALL.LOG "Maxell CreateIt Uninstall"
MediaFACE 4.01 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{41979C2F-34B8-4F92-8111-B13C5864682D} /l1033
MediaFACE 4.01 Image Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{82AF77BC-423D-42DA-BE5B-FFCA04752181} /l1033
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office 2000 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Picture It! Express 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE130}
Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Media Video 9 VCM --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
MonteVerdi.tv --> "C:\Program Files\TAC\Taccels\MonteVerdi\unins000.exe"
Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 to WAV Decoder --> C:\PROGRA~1\MP3TOW~1\UNWISE.EXE C:\PROGRA~1\MP3TOW~1\INSTALL.LOG
MuVo Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\Setup.exe" -l0x9 /remove
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton 360 --> MsiExec.exe /I{F413B69D-4AD6-42AB-AEA5-0548989FAD50}
Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_3_0_24\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360 Help --> MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component --> MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
OSS Audio Converter 6.0.0.2 --> "C:\Program Files\OSS\AudioConverter\unins000.exe"
OSS Audio Extractor 5.6.0.2 --> "C:\Program Files\OSS\AudioExtractor\unins000.exe"
overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
P2P Networking2 --> C:\WINDOWS\system32\P2P Networking\P2P Networking2.exe /UNINSTALL
PicaLoader 1.47.1231 --> "C:\Program Files\PicaLoader\UninsHs.exe"
Plaxo Toolbar for Outlook and Outlook Express --> C:\Program Files\Plaxo\2.12.1.1\uninstall.exe
Pool House v1.0 --> "C:\Program Files\absolutist.com\Pool House\unins000.exe"
Proxyrama --> C:\Program Files\Proxyrama\uninstall.exe
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
Readiris Pro 8 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B93C2B3-D9E8-11D6-AB3E-000102B0F79A}\setup.exe" -l0x9
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RealProducer Basic 8.5 --> C:\Program Files\Real\RealProducer\rnuninst.exe RealNetworks|RealProducer|8.5
Roxio Express Labeler 3 --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Savings Bond Wizard --> C:\WINDOWS\unvise32.exe C:\Program Files\Savings Bond Wizard\uninstal.log
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SongsToCD --> "C:\Program Files\SongsToCD\uninstall.exe"
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SquareTrade SideBar --> C:\PROGRA~1\SQUARE~1\UNINST~1.EXE /remove /q0
SuppSoft --> MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
SureThing CD Labeler Deluxe 4 --> C:\WINDOWS\mvuninst\App1\mvuninst.exe "SureThing CD Labeler Deluxe 4"
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Symantec Technical Support Controls --> MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TAC Engine v2.1-6 --> "C:\Program Files\TAC\unins000.exe"
TopLine PC Encryption --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F8479C0-16BA-415F-8776-ECE95E3356DD}\setup.exe" -uninst
Ulead Burn.Now --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A99FBC32-DE3C-450D-A2C7-A39BCF08F04F}\setup.exe" -l0x9
Ulead DVD MovieFactory 2 SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88F93347-0F9B-4FED-BA71-6C2A4CDFE61D}\Setup.exe" -l0x9
Ulead DVD PictureShow 2 SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9212616-FCA2-4173-BD99-5C741EB3A068}\setup.exe" -l0x9
Ulead DVD Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21DAFB84-2421-488F-B17D-102FF53396AA}\setup.exe" -l0x9
Ulead VideoStudio 7 SE DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}\setup.exe" -l0x9
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WMA To MP3 Converter --> C:\PROGRA~1\WMATOM~1\UNWISE.EXE C:\PROGRA~1\WMATOM~1\INSTALL.LOG
World Champion Billard --> "D:\Program Files\WorldBilliards\unins000.exe"
Write DVD! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{90D12C0F-9EC0-4E4C-A44C-C76AA0E44FEE}\setup.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type40682 / Error
Event Submitted/Written: 04/05/2008 04:54:58 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type40680 / Error
Event Submitted/Written: 04/05/2008 04:22:45 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type40679 / Error
Event Submitted/Written: 04/05/2008 04:05:34 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application taskmgr.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type40614 / Error
Event Submitted/Written: 04/04/2008 05:01:36 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type40609 / Error
Event Submitted/Written: 04/04/2008 04:14:54 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16608, faulting module hpswp_selection_ie7.dll, version 2.15.7.0, fault address 0x000284d2.
Processing media-specific event for [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type12033 / Error
Event Submitted/Written: 04/05/2008 04:52:06 PM
Event ID/Source: 1 / sr
Event Description:
The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'desktop.ini' on the volume 'HarddiskVolume5'. It has stopped monitoring the volume.

Event Record #/Type11990 / Error
Event Submitted/Written: 04/05/2008 02:44:59 PM / 04/05/2008 02:46:00 PM
Event ID/Source: 876 / Application Popup
Event Description:
Driver Cdr4vsd.SYS has been blocked from loading.

Event Record #/Type11989 / Error
Event Submitted/Written: 04/05/2008 02:44:59 PM / 04/05/2008 02:46:00 PM
Event ID/Source: 31 / Ftdisk
Event Description:
The fault tolerant driver could not read the on disk structures from disk 1.

Event Record #/Type11988 / Error
Event Submitted/Written: 04/05/2008 02:44:59 PM / 04/05/2008 02:46:00 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk1\D, has a bad block.

Event Record #/Type11980 / Error
Event Submitted/Written: 04/05/2008 00:53:35 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {03E0E6C2-363B-11D3-B536-00902771A435} did not register with DCOM within the required timeout.



-- End of Deckard's System Scanner: finished at 2008-04-05 16:56:20 ------------


Thank you!!!

Edited by Orange Blossom, 05 April 2008 - 06:25 PM.
Disactive link ~ OB


BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:37 PM

Posted 08 April 2008 - 09:43 AM

Hello Starglow and welcome to BleepingComputer,

Sorry for the delay but we are really swamped with logs.

If you still need help :

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please follow these instructions for downloading and running ComboFix :

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you .

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
BMThor
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 starglow

starglow
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 08 April 2008 - 09:46 PM

Thank you :thumbsup: I followed the directions exactly as they are written. The log says "does not have recovery console installed." I don't know what I did wrong, I did everything that was listed. I did download it from the microsoft page and the icon is on my desktop. When I tried to drag the new icon into the ComboFix icon, nothing seemed to happen. Maybe that is what went wrong? Can you offer any help with this?


ComboFix Log


ComboFix 08-04-08.7 - heather 2008-04-08 22:26:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.230 [GMT -4:00]
Running from: C:\Documents and Settings\heather\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Fonts\smpxe.bak1
C:\WINDOWS\Fonts\smpxe.bak2
C:\WINDOWS\Fonts\smpxe.ini
C:\WINDOWS\Fonts\smpxe.tmp
C:\WINDOWS\Fonts\smpxe.tmp2
C:\WINDOWS\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
.

2008-04-08 14:15 . 2008-04-08 14:15 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-07 14:44 . 2008-04-07 14:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-07 14:44 . 2008-04-07 14:44 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-07 02:10 . 2008-04-07 03:10 <DIR> d-------- C:\Program Files\RegCure
2008-04-07 00:28 . 2008-04-07 20:33 <DIR> d-------- C:\Program Files\XoftSpySE
2008-04-05 17:44 . 2008-04-05 17:44 <DIR> d-------- C:\Documents and Settings\heather\Application Data\Symantec
2008-04-05 16:48 . 2008-04-05 16:48 <DIR> d-------- C:\Deckard
2008-04-05 16:35 . 2008-04-05 16:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-30 22:21 . 2008-03-30 22:21 0 --a------ C:\WINDOWS\hpqEmlSz.INI
2008-03-28 22:42 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-28 22:42 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-03-28 22:42 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-28 18:30 . 2008-03-28 19:16 <DIR> d-------- C:\Program Files\Norton 360
2008-03-28 18:29 . 2008-03-28 19:05 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-28 18:29 . 2008-03-28 19:05 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-28 18:29 . 2008-03-28 19:05 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-28 18:29 . 2008-03-28 19:05 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-23 10:29 . 2008-03-28 17:52 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-22 18:21 . 2008-03-22 18:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-21 22:40 . 2008-03-21 22:40 <DIR> d-------- C:\Documents and Settings\heather\Application Data\HP
2008-03-21 22:37 . 2008-03-21 22:37 <DIR> d-------- C:\Documents and Settings\trent\Application Data\HP
2008-03-21 22:33 . 2008-03-21 22:33 <DIR> d-------- C:\Documents and Settings\trent\Application Data\HPAppData
2008-03-21 22:32 . 2008-03-21 22:32 <DIR> d-------- C:\Documents and Settings\mary\Application Data\HP
2008-03-21 22:29 . 2008-03-21 22:29 <DIR> d-------- C:\Documents and Settings\mary\Application Data\HPAppData
2008-03-21 22:21 . 2008-03-21 22:21 <DIR> d-------- C:\Documents and Settings\heather\Application Data\HPAppData
2008-03-21 21:59 . 2008-03-21 22:55 <DIR> d-------- C:\Documents and Settings\tom\Application Data\HP
2008-03-21 21:37 . 2008-03-21 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-03-21 21:35 . 2008-03-21 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-03-21 21:35 . 2007-05-02 06:03 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-03-21 21:35 . 2007-03-15 15:32 118,272 --a------ C:\WINDOWS\system32\hpz3l5ha.dll
2008-03-21 21:35 . 2007-03-08 00:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-03-21 21:35 . 2007-03-08 00:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-03-21 21:34 . 2007-05-02 04:56 954,368 -ra------ C:\WINDOWS\system32\hpotiop5.dll
2008-03-21 21:34 . 2007-05-02 05:01 675,840 -ra------ C:\WINDOWS\system32\hpowiax5.dll
2008-03-21 21:34 . 2007-03-08 00:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-03-21 21:34 . 2007-03-08 00:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-03-21 21:34 . 2007-05-02 05:00 303,104 -ra------ C:\WINDOWS\system32\hpovst12.dll
2008-03-21 21:34 . 2007-03-08 00:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-03-21 21:29 . 2008-03-26 19:07 <DIR> d-------- C:\Documents and Settings\tom\Application Data\HPAppData
2008-03-21 21:29 . 2008-03-21 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-03-21 21:26 . 2008-03-21 21:26 <DIR> d-------- C:\Program Files\Common Files\HP
2008-03-21 21:26 . 2008-03-21 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-03-21 21:26 . 2008-03-21 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-03-21 21:23 . 2008-03-21 21:24 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-21 21:22 . 2004-08-04 02:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-21 21:22 . 2004-08-04 02:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-21 21:20 . 2008-03-21 21:37 147,618 --a------ C:\WINDOWS\hpoins21.dat
2008-03-21 21:20 . 2007-05-15 06:13 8,138 --------- C:\WINDOWS\hpomdl21.dat
2008-03-21 19:10 . 2008-03-21 19:11 212 --ah----- C:\IPH.PH
2008-03-14 23:58 . 2008-03-17 16:21 <DIR> d-------- C:\Documents and Settings\tom\Application Data\TAC
2008-03-14 23:56 . 2008-03-14 23:59 <DIR> d-------- C:\Program Files\TAC
2008-03-12 03:04 . 2008-03-12 03:04 2,174 --a------ C:\WINDOWS\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 02:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-09 02:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-07 06:44 --------- d-----w C:\Program Files\Plaxo
2008-04-07 06:03 --------- d-----w C:\Program Files\Toolbar
2008-03-31 02:33 143 ----a-w C:\WINDOWS\Fonts\mcrh.tmp
2008-03-29 07:30 --------- d-----w C:\Documents and Settings\tom\Application Data\Symantec
2008-03-28 23:05 --------- d-----w C:\Program Files\Symantec
2008-03-28 22:18 --------- d-----w C:\Documents and Settings\mary\Application Data\Symantec
2008-03-28 22:00 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-28 21:56 --------- d-----w C:\Program Files\Lavasoft
2008-03-28 21:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-22 22:23 --------- d-----w C:\Documents and Settings\heather\Application Data\Lavasoft
2008-03-22 02:10 --------- d-----w C:\Program Files\Roxio
2008-03-22 02:10 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-03-22 01:29 --------- d-----w C:\Program Files\HP
2008-03-22 00:37 --------- d-----w C:\Program Files\Google
2008-03-22 00:29 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-22 00:24 --------- d-----w C:\Program Files\Piolet
2008-03-22 00:20 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-08 03:00 --------- d-----w C:\Documents and Settings\tom\Application Data\Creative
2008-02-09 01:48 --------- d-----w C:\Program Files\ICQ
2008-02-01 23:46 30,651 ----a-w C:\scriptorium.zip
2008-02-01 23:45 28,907 ----a-w C:\sherwoodfont.zip
2008-01-29 03:22 9,852,896 ----a-w C:\LiveBilliards22enDemo.exe
2008-01-25 02:59 887,524 ----a-w C:\biliardo.zip
2005-06-13 15:50 516,116 ------w C:\WINDOWS\Fonts\expms.dll
2004-09-16 20:58 457 -c--a-w C:\Program Files\INSTALL.LOG
2002-07-12 16:59 79,872 -c--a-w C:\Program Files\Common Files\HeadAC3he.exe
2002-07-12 03:54 6,374 -c--a-w C:\Program Files\Common Files\ReadMe.txt
2002-07-12 03:51 8,801 -c--a-w C:\Program Files\Common Files\WhatsNew.txt
2002-07-12 03:46 1,617 -c--a-w C:\Program Files\Common Files\KnownIssues.txt
2002-04-20 21:15 2,676 -c--a-w C:\Program Files\Common Files\Legal.txt
2002-04-15 22:53 40,960 -c--a-w C:\Program Files\Common Files\ssrc.dll
2002-03-29 15:52 84 -c--a-w C:\Program Files\Common Files\Notes.txt
2002-03-21 02:22 271,872 -c--a-w C:\Program Files\Common Files\libmmd.dll
2002-02-27 02:26 563 -c--a-w C:\Program Files\Common Files\LameMod.txt
2002-02-20 13:35 43,008 -c--a-w C:\Program Files\Common Files\azid.dll
2002-02-16 15:46 1,176 -c--a-w C:\Program Files\Common Files\ssrcLegal.txt
2002-02-16 15:43 439 -c--a-w C:\Program Files\Common Files\ReadMeDLL.txt
2002-01-18 02:46 374 -c--a-w C:\Program Files\Common Files\PTB.txt
2002-01-16 03:26 4,096 -c--a-w C:\Program Files\Common Files\ptb.exe
2001-12-26 00:52 741 -c--a-w C:\Program Files\Common Files\Future.txt
2001-12-26 00:51 1,212 -c--a-w C:\Program Files\Common Files\EMail.txt
2001-09-10 14:55 560 -c--a-w C:\Program Files\Common Files\AzidLegal.txt
1999-11-24 14:40 25,292 -c--a-w C:\Program Files\Common Files\COPYING
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3EBDDEDC-85D1-462F-B875-F013A8EA7B8D}]
2005-06-13 11:50 516116 --------- C:\WINDOWS\Fonts\expms.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41E69E32-FE22-4934-AF7A-262035CDFE86}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A25A30C9-6D9A-46D0-A92C-05ABD82A83AE}]
2003-08-22 11:37 40960 --a------ C:\Program Files\AdBlocker\PopupBlocker.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4C671BF-2B90-496B-B565-2CBEB053F171}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1DD6A19-6B4A-48FB-92E8-FDA77A9D6C4D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3788F79-18CF-4D9A-A7B4-1BF43E914A8A}]
2006-01-27 14:33 245760 --------- C:\Program Files\SquareTrade SideBar\shpasst.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E72CBD61-B670-450A-841A-0768D52099DA}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe" [2004-02-22 23:44 32881]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 21:21 28672]
"Write DVD-R!"="C:\Program Files\Write DVD!\saimon.exe" [2003-07-18 12:34 114688]
"BurnQuick Queue"="C:\Program Files\BurnQuick\BQTray.exe" [2006-06-15 10:49 49152]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe" [2003-08-18 17:46 53248]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-08-06 14:03 155648]
"SquareTrade SideBar"="C:\Program Files\SquareTrade SideBar\sthlpr.exe" [2006-01-17 18:51 126976]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-04-03 20:26 180269]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-11 13:06 155648]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 21:54 116072]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2007-09-12 18:27 492912]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\expms]
C:\WINDOWS\Fonts\expms.dll 2005-06-13 11:50 516116 C:\WINDOWS\Fonts\expms.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllmn]
mllmn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"VIDC.VCR2"= ATIVCR2.DLL
"VIDC.DRAW"= DVIDEO.DLL
"VIDC.VCR1"= ATIVCR1.DLL
"VIDC.YV12"= ATIYUV12.DLL
"aux1"= ctwdm32.dll
"msacm.scg726"= scg726.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R1 saicdr;saicdr;C:\WINDOWS\system32\drivers\saicdr.sys [2003-07-16 14:20]
R1 saiudf;saiudf;C:\WINDOWS\system32\drivers\saiudf.sys [2003-07-09 10:42]
R2 CINEMSUP;Software Cinemaster NT4.0 Driver;C:\WINDOWS\system32\DRIVERS\CINEMSUP.SYS [2000-03-24 14:53]
S0 Cdr4vsd;Cdr4vsd;C:\WINDOWS\system32\drivers\Cdr4vsd.sys [1998-05-11 16:22]
S1 saicdrwup;saicdrwup;C:\WINDOWS\system32\drivers\saicdrwup.sys [2003-05-16 15:32]
S3 iMSPQMn;iMSPQMn;C:\DOCUME~1\tom\LOCALS~1\Temp\iMSPQMn.sys []
S3 Symantec RemoteAssist;Symantec RemoteAssist;"C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe" [2008-01-29 16:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-08 21:00:00 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-04-07 06:32:02 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-04-08 21:00:00 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-04-07 04:28:42 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 22:33:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R????l??|q??|???|???|????$??????|???????|x??|???????????????????????|p??|????m??|???|?????????(?????????|?(?????????????w ??w6??????????????s????????????????????<???????????????????rl?wUV?w???|?k?w

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\Fonts\expms.dll
.
Completion time: 2008-04-08 22:38:36
ComboFix-quarantined-files.txt 2008-04-09 02:38:27
Pre-Run: 5,223,141,376 bytes free
Post-Run: 5,207,904,256 bytes free
.
2008-03-12 07:05:00 --- E O F ---

Edited by starglow, 08 April 2008 - 10:23 PM.


#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:37 PM

Posted 09 April 2008 - 03:12 AM

Hello Starglow,

Did you download the correct file to install the Recovery Console ?
This is the one you need : http://www.microsoft.com/downloads/details...;displaylang=en

Upon install, let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:File::
C:\WINDOWS\hpqEmlSz.INI
C:\WINDOWS\Fonts\mcrh.tmp
C:\WINDOWS\Fonts\expms.dll
Driver::
iMSPQMn
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3EBDDEDC-85D1-462F-B875-F013A8EA7B8D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41E69E32-FE22-4934-AF7A-262035CDFE86}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4C671BF-2B90-496B-B565-2CBEB053F171}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1DD6A19-6B4A-48FB-92E8-FDA77A9D6C4D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E72CBD61-B670-450A-841A-0768D52099DA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\expms]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllmn]

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh HijackThislog.

Are you still having problems ?

Greetings,
BMThor

Edited by BMThor, 09 April 2008 - 02:09 PM.

Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 starglow

starglow
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 09 April 2008 - 12:19 PM

Thank you :thumbsup:

This is the Windows Recovery I downloaded:

http://www.microsoft.com/downloads/details...;displaylang=en


Is this the correct one? When I dragged the icon onto the ComboFix icon the only thing that happened was ComboFix started to run. Do I have to extract the Windows file first or something? I did a search about this problem on this forun and somebody else had this problem as well. Last night (after the ComboFix run) I found my Windows XP cd, and tried to install it that way, but it said it was already on the hard disk (probably because i downloaded it from the Windows site).

Because it's so important, I don't want to proceed with the rest of the instructions until I have the Windows Recovery Console properly installed.

#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:37 PM

Posted 09 April 2008 - 02:11 PM

That's the one, Starglow :thumbsup:

And you won't notice much else than ComboFix starting to run to install the package.

You can proceed with the CFScript now.

Greetings,
BMThor
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 starglow

starglow
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 09 April 2008 - 07:11 PM

I hope I did this correctly. :thumbsup:

I have been online for an hour today and so far (knock on wood) the "this page cannot be displayed" windows have not been popping up.


ComboFix Log

ComboFix 08-04-09.8 - heather 2008-04-09 19:54:31.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.256 [GMT -4:00]
Running from: C:\Documents and Settings\heather\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
.

2008-04-07 14:44 . 2008-04-07 14:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-07 14:44 . 2008-04-07 14:44 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-07 02:10 . 2008-04-07 03:10 <DIR> d-------- C:\Program Files\RegCure
2008-04-07 00:28 . 2008-04-07 20:33 <DIR> d-------- C:\Program Files\XoftSpySE
2008-04-05 17:44 . 2008-04-05 17:44 <DIR> d-------- C:\Documents and Settings\heather\Application Data\Symantec
2008-04-05 16:48 . 2008-04-05 16:48 <DIR> d-------- C:\Deckard
2008-04-05 16:35 . 2008-04-05 16:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-30 22:21 . 2008-03-30 22:21 0 --a------ C:\WINDOWS\hpqEmlSz.INI
2008-03-28 22:42 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-28 22:42 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-03-28 22:42 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-28 18:30 . 2008-03-28 19:16 <DIR> d-------- C:\Program Files\Norton 360
2008-03-28 18:29 . 2008-03-28 19:05 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-28 18:29 . 2008-03-28 19:05 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-28 18:29 . 2008-03-28 19:05 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-28 18:29 . 2008-03-28 19:05 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-23 10:29 . 2008-03-28 17:52 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-22 18:21 . 2008-03-22 18:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-21 22:40 . 2008-03-21 22:40 <DIR> d-------- C:\Documents and Settings\heather\Application Data\HP
2008-03-21 22:37 . 2008-03-21 22:37 <DIR> d-------- C:\Documents and Settings\trent\Application Data\HP
2008-03-21 22:33 . 2008-03-21 22:33 <DIR> d-------- C:\Documents and Settings\trent\Application Data\HPAppData
2008-03-21 22:32 . 2008-03-21 22:32 <DIR> d-------- C:\Documents and Settings\mary\Application Data\HP
2008-03-21 22:29 . 2008-03-21 22:29 <DIR> d-------- C:\Documents and Settings\mary\Application Data\HPAppData
2008-03-21 22:21 . 2008-03-21 22:21 <DIR> d-------- C:\Documents and Settings\heather\Application Data\HPAppData
2008-03-21 21:59 . 2008-03-21 22:55 <DIR> d-------- C:\Documents and Settings\tom\Application Data\HP
2008-03-21 21:37 . 2008-03-21 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-03-21 21:35 . 2008-03-21 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-03-21 21:35 . 2007-05-02 06:03 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-03-21 21:35 . 2007-03-15 15:32 118,272 --a------ C:\WINDOWS\system32\hpz3l5ha.dll
2008-03-21 21:35 . 2007-03-08 00:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-03-21 21:35 . 2007-03-08 00:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-03-21 21:34 . 2007-05-02 04:56 954,368 -ra------ C:\WINDOWS\system32\hpotiop5.dll
2008-03-21 21:34 . 2007-05-02 05:01 675,840 -ra------ C:\WINDOWS\system32\hpowiax5.dll
2008-03-21 21:34 . 2007-03-08 00:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-03-21 21:34 . 2007-03-08 00:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-03-21 21:34 . 2007-05-02 05:00 303,104 -ra------ C:\WINDOWS\system32\hpovst12.dll
2008-03-21 21:34 . 2007-03-08 00:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-03-21 21:29 . 2008-03-26 19:07 <DIR> d-------- C:\Documents and Settings\tom\Application Data\HPAppData
2008-03-21 21:29 . 2008-03-21 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-03-21 21:26 . 2008-03-21 21:26 <DIR> d-------- C:\Program Files\Common Files\HP
2008-03-21 21:26 . 2008-03-21 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-03-21 21:26 . 2008-03-21 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-03-21 21:23 . 2008-03-21 21:24 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-21 21:22 . 2004-08-04 02:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-21 21:22 . 2004-08-04 02:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-21 21:20 . 2008-03-21 21:37 147,618 --a------ C:\WINDOWS\hpoins21.dat
2008-03-21 21:20 . 2007-05-15 06:13 8,138 --------- C:\WINDOWS\hpomdl21.dat
2008-03-21 19:10 . 2008-03-21 19:11 212 --ah----- C:\IPH.PH
2008-03-14 23:58 . 2008-03-17 16:21 <DIR> d-------- C:\Documents and Settings\tom\Application Data\TAC
2008-03-14 23:56 . 2008-03-14 23:59 <DIR> d-------- C:\Program Files\TAC
2008-03-12 03:04 . 2008-04-09 03:06 127 --a------ C:\WINDOWS\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 23:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-09 17:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-09 07:14 1,198 --sh--w C:\WINDOWS\Fonts\smpxe.ini
2008-04-07 06:44 --------- d-----w C:\Program Files\Plaxo
2008-04-07 06:03 --------- d-----w C:\Program Files\Toolbar
2008-03-31 02:33 143 ----a-w C:\WINDOWS\Fonts\mcrh.tmp
2008-03-29 07:30 --------- d-----w C:\Documents and Settings\tom\Application Data\Symantec
2008-03-28 23:05 --------- d-----w C:\Program Files\Symantec
2008-03-28 22:18 --------- d-----w C:\Documents and Settings\mary\Application Data\Symantec
2008-03-28 22:00 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-28 21:56 --------- d-----w C:\Program Files\Lavasoft
2008-03-28 21:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-22 22:23 --------- d-----w C:\Documents and Settings\heather\Application Data\Lavasoft
2008-03-22 02:10 --------- d-----w C:\Program Files\Roxio
2008-03-22 02:10 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-03-22 01:29 --------- d-----w C:\Program Files\HP
2008-03-22 00:37 --------- d-----w C:\Program Files\Google
2008-03-22 00:29 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-22 00:24 --------- d-----w C:\Program Files\Piolet
2008-03-22 00:20 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-08 03:00 --------- d-----w C:\Documents and Settings\tom\Application Data\Creative
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-09 01:48 --------- d-----w C:\Program Files\ICQ
2008-02-01 23:46 30,651 ----a-w C:\scriptorium.zip
2008-02-01 23:45 28,907 ----a-w C:\sherwoodfont.zip
2008-01-29 03:22 9,852,896 ----a-w C:\LiveBilliards22enDemo.exe
2008-01-25 02:59 887,524 ----a-w C:\biliardo.zip
2004-09-16 20:58 457 -c--a-w C:\Program Files\INSTALL.LOG
2002-07-12 16:59 79,872 -c--a-w C:\Program Files\Common Files\HeadAC3he.exe
2002-07-12 03:54 6,374 -c--a-w C:\Program Files\Common Files\ReadMe.txt
2002-07-12 03:51 8,801 -c--a-w C:\Program Files\Common Files\WhatsNew.txt
2002-07-12 03:46 1,617 -c--a-w C:\Program Files\Common Files\KnownIssues.txt
2002-04-20 21:15 2,676 -c--a-w C:\Program Files\Common Files\Legal.txt
2002-04-15 22:53 40,960 -c--a-w C:\Program Files\Common Files\ssrc.dll
2002-03-29 15:52 84 -c--a-w C:\Program Files\Common Files\Notes.txt
2002-03-21 02:22 271,872 -c--a-w C:\Program Files\Common Files\libmmd.dll
2002-02-27 02:26 563 -c--a-w C:\Program Files\Common Files\LameMod.txt
2002-02-20 13:35 43,008 -c--a-w C:\Program Files\Common Files\azid.dll
2002-02-16 15:46 1,176 -c--a-w C:\Program Files\Common Files\ssrcLegal.txt
2002-02-16 15:43 439 -c--a-w C:\Program Files\Common Files\ReadMeDLL.txt
2002-01-18 02:46 374 -c--a-w C:\Program Files\Common Files\PTB.txt
2002-01-16 03:26 4,096 -c--a-w C:\Program Files\Common Files\ptb.exe
2001-12-26 00:52 741 -c--a-w C:\Program Files\Common Files\Future.txt
2001-12-26 00:51 1,212 -c--a-w C:\Program Files\Common Files\EMail.txt
2001-09-10 14:55 560 -c--a-w C:\Program Files\Common Files\AzidLegal.txt
1999-11-24 14:40 25,292 -c--a-w C:\Program Files\Common Files\COPYING
.

((((((((((((((((((((((((((((( snapshot@2008-04-08_22.37.53.70 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-19 09:40:27 1,845,888 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2008-02-20 05:19:35 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:49:36 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2008-02-20 06:52:43 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-19 23:01:06 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:21:45 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:21:45 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:21:45 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:21:45 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:21:45 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:21:46 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:21:47 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-08 05:21:48 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-07 02:21:47 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:21:48 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:21:48 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:53:32 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
+ 2008-04-09 23:57:59 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
- 2007-12-07 02:21:45 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2006-06-26 17:37:10 148,480 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 45,568 -c----w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2007-12-19 23:01:06 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-12-07 02:21:45 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 13:06:21 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-19 13:31:19 282,112 -c----w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:05 282,624 -c----w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-12-07 02:21:45 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-12-07 02:21:45 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-12-06 04:59:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-12-07 02:21:46 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-12-07 02:21:47 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-12-08 05:21:48 3,592,192 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-01 22:36:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-12-07 02:21:47 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-12-07 02:21:48 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 13:06:28 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-12-07 02:21:48 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 13:06:29 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-01-11 05:53:32 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2007-12-07 02:21:48 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-03-08 13:47:48 1,843,584 -c----w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-03-19 09:47:00 1,845,248 -c----w C:\WINDOWS\system32\dllcache\win32k.sys
- 2007-12-07 02:21:48 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-01 13:06:31 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2007-12-19 23:01:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-12-07 02:21:45 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-04-07 07:13:43 544,016 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-09 07:16:06 544,016 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-12-07 02:21:45 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-12-06 11:00:57 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-12-07 02:21:45 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-12-07 02:21:45 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-12-06 04:59:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-12-07 02:21:45 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-12-07 02:21:46 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-12-07 02:21:46 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-12-07 02:21:47 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-12-07 02:21:47 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-12-07 02:21:47 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-12-08 05:21:48 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-01 22:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-12-07 02:21:47 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-12-07 02:21:48 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-12-07 02:21:48 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-12-07 02:21:48 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-01-11 05:53:32 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-12-07 02:21:48 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-12-07 02:21:48 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-12-07 02:21:48 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41E69E32-FE22-4934-AF7A-262035CDFE86}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A25A30C9-6D9A-46D0-A92C-05ABD82A83AE}]
2003-08-22 11:37 40960 --a------ C:\Program Files\AdBlocker\PopupBlocker.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4C671BF-2B90-496B-B565-2CBEB053F171}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1DD6A19-6B4A-48FB-92E8-FDA77A9D6C4D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3788F79-18CF-4D9A-A7B4-1BF43E914A8A}]
2006-01-27 14:33 245760 --------- C:\Program Files\SquareTrade SideBar\shpasst.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E72CBD61-B670-450A-841A-0768D52099DA}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe" [2004-02-22 23:44 32881]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 21:21 28672]
"Write DVD-R!"="C:\Program Files\Write DVD!\saimon.exe" [2003-07-18 12:34 114688]
"BurnQuick Queue"="C:\Program Files\BurnQuick\BQTray.exe" [2006-06-15 10:49 49152]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe" [2003-08-18 17:46 53248]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-08-06 14:03 155648]
"SquareTrade SideBar"="C:\Program Files\SquareTrade SideBar\sthlpr.exe" [2006-01-17 18:51 126976]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-04-03 20:26 180269]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-11 13:06 155648]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 21:54 116072]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2007-09-12 18:27 492912]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\expms]
C:\WINDOWS\Fonts\expms.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllmn]
mllmn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R1 saicdr;saicdr;C:\WINDOWS\system32\drivers\saicdr.sys [2003-07-16 14:20]
R1 saiudf;saiudf;C:\WINDOWS\system32\drivers\saiudf.sys [2003-07-09 10:42]
R2 CINEMSUP;Software Cinemaster NT4.0 Driver;C:\WINDOWS\system32\DRIVERS\CINEMSUP.SYS [2000-03-24 14:53]
S0 Cdr4vsd;Cdr4vsd;C:\WINDOWS\system32\drivers\Cdr4vsd.sys [1998-05-11 16:22]
S1 saicdrwup;saicdrwup;C:\WINDOWS\system32\drivers\saicdrwup.sys [2003-05-16 15:32]
S3 iMSPQMn;iMSPQMn;C:\DOCUME~1\tom\LOCALS~1\Temp\iMSPQMn.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-09 21:00:03 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-04-07 06:32:02 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-04-09 21:00:03 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-04-07 04:28:42 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 19:58:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R????l??|q??|???|???|????$??????|???????|x??|???????????????????????|p??|????m??|???|?????????(?????????|?(?????????????w ??w6??????????????s????????????????????<???????????????????rl?wUV?w???|?k?w

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-09 19:59:49
ComboFix-quarantined-files.txt 2008-04-09 23:59:37
ComboFix2.txt 2008-04-09 02:38:37
Pre-Run: 5,289,521,152 bytes free
Post-Run: 5,288,271,872 bytes free
.
2008-04-09 07:09:11 --- E O F ---





Hijack This Log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:08:20 PM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Write DVD!\saimon.exe
C:\Program Files\BurnQuick\BQTray.exe
C:\Program Files\SquareTrade SideBar\sthlpr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\PROGRA~1\SQUARE~1\stdbmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: (no name) - {41E69E32-FE22-4934-AF7A-262035CDFE86} - (no file)
O2 - BHO: PopBlock Class - {A25A30C9-6D9A-46D0-A92C-05ABD82A83AE} - C:\Program Files\AdBlocker\PopupBlocker.dll
O2 - BHO: (no name) - {B4C671BF-2B90-496B-B565-2CBEB053F171} - (no file)
O2 - BHO: (no name) - {D1DD6A19-6B4A-48FB-92E8-FDA77A9D6C4D} - (no file)
O2 - BHO: Square Trade Shopping Assistant - {E3788F79-18CF-4D9A-A7B4-1BF43E914A8A} - C:\Program Files\SquareTrade SideBar\shpasst.dll
O2 - BHO: (no name) - {E72CBD61-B670-450A-841A-0768D52099DA} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Write DVD-R!] C:\Program Files\Write DVD!\saimon.exe
O4 - HKLM\..\Run: [BurnQuick Queue] C:\Program Files\BurnQuick\BQTray.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SquareTrade SideBar] "C:\Program Files\SquareTrade SideBar\sthlpr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: SquareTrade SideBar - {7B3E5F6B-ADF4-4731-9DAD-AC8AE9A4DFEC} - C:\Program Files\SquareTrade SideBar\shpasst.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O20 - Winlogon Notify: expms - C:\WINDOWS\Fonts\expms.dll (file missing)
O20 - Winlogon Notify: mllmn - mllmn.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 10991 bytes

Edited by starglow, 09 April 2008 - 07:13 PM.


#8 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:37 PM

Posted 10 April 2008 - 02:24 AM

Hello Starglow,

Did you start ComboFix using the CFScript, as described above ?
Your last ComboFix log doesn't show that specification, and not everything is removed as it should be.

Please read this carefully :thumbsup: :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:File::
C:\WINDOWS\hpqEmlSz.INI
C:\WINDOWS\Fonts\smpxe.ini
C:\WINDOWS\Fonts\mcrh.tmp
Driver::
iMSPQMn
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41E69E32-FE22-4934-AF7A-262035CDFE86}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4C671BF-2B90-496B-B565-2CBEB053F171}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1DD6A19-6B4A-48FB-92E8-FDA77A9D6C4D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E72CBD61-B670-450A-841A-0768D52099DA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\expms]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllmn]

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh HijackThislog.

Are you still having problems ?

Greetings,
BMThor
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#9 starglow

starglow
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 10 April 2008 - 02:36 PM

So far today (and yesterday) the problem I was having has not occurred. :thumbsup:

Okay, I hope this one is correct!!! :blink:


ComboFix Log


ComboFix 08-04-09.8 - heather 2008-04-10 15:20:56.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.231 [GMT -4:00]
Running from: C:\Documents and Settings\heather\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\heather\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\Fonts\mcrh.tmp
C:\WINDOWS\Fonts\smpxe.ini
C:\WINDOWS\hpqEmlSz.INI
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Fonts\mcrh.tmp
C:\WINDOWS\Fonts\smpxe.ini
C:\WINDOWS\hpqEmlSz.INI

.
((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.

2008-04-09 22:15 . 2008-04-09 22:15 2,248,378 --a------ C:\WINDOWS\Pride and Prejudice-DVD.exe
2008-04-09 22:15 . 2008-04-09 22:15 184,400 --a------ C:\WINDOWS\Pride and Prejudice-DVD.scr
2008-04-09 22:15 . 2008-04-09 22:15 40,960 --a------ C:\WINDOWS\Pride and Prejudice-DVD.dll
2008-04-09 22:15 . 2008-04-09 22:15 18,192 --a------ C:\WINDOWS\Pride and Prejudice-DVD.dat
2008-04-07 14:44 . 2008-04-10 13:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-07 14:44 . 2008-04-07 14:44 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-07 02:10 . 2008-04-07 03:10 <DIR> d-------- C:\Program Files\RegCure
2008-04-07 00:28 . 2008-04-07 20:33 <DIR> d-------- C:\Program Files\XoftSpySE
2008-04-05 17:44 . 2008-04-05 17:44 <DIR> d-------- C:\Documents and Settings\heather\Application Data\Symantec
2008-04-05 16:48 . 2008-04-05 16:48 <DIR> d-------- C:\Deckard
2008-04-05 16:35 . 2008-04-05 16:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-28 22:42 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-28 22:42 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-03-28 22:42 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-28 18:30 . 2008-03-28 19:16 <DIR> d-------- C:\Program Files\Norton 360
2008-03-28 18:29 . 2008-03-28 19:05 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-28 18:29 . 2008-03-28 19:05 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-28 18:29 . 2008-03-28 19:05 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-28 18:29 . 2008-03-28 19:05 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-23 10:29 . 2008-03-28 17:52 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-22 18:21 . 2008-03-22 18:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-21 22:40 . 2008-03-21 22:40 <DIR> d-------- C:\Documents and Settings\heather\Application Data\HP
2008-03-21 22:37 . 2008-03-21 22:37 <DIR> d-------- C:\Documents and Settings\trent\Application Data\HP
2008-03-21 22:33 . 2008-03-21 22:33 <DIR> d-------- C:\Documents and Settings\trent\Application Data\HPAppData
2008-03-21 22:32 . 2008-03-21 22:32 <DIR> d-------- C:\Documents and Settings\mary\Application Data\HP
2008-03-21 22:29 . 2008-03-21 22:29 <DIR> d-------- C:\Documents and Settings\mary\Application Data\HPAppData
2008-03-21 22:21 . 2008-03-21 22:21 <DIR> d-------- C:\Documents and Settings\heather\Application Data\HPAppData
2008-03-21 21:59 . 2008-03-21 22:55 <DIR> d-------- C:\Documents and Settings\tom\Application Data\HP
2008-03-21 21:37 . 2008-03-21 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-03-21 21:35 . 2008-03-21 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-03-21 21:35 . 2007-05-02 06:03 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-03-21 21:35 . 2007-03-15 15:32 118,272 --a------ C:\WINDOWS\system32\hpz3l5ha.dll
2008-03-21 21:35 . 2007-03-08 00:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-03-21 21:35 . 2007-03-08 00:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-03-21 21:34 . 2007-05-02 04:56 954,368 -ra------ C:\WINDOWS\system32\hpotiop5.dll
2008-03-21 21:34 . 2007-05-02 05:01 675,840 -ra------ C:\WINDOWS\system32\hpowiax5.dll
2008-03-21 21:34 . 2007-03-08 00:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-03-21 21:34 . 2007-03-08 00:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-03-21 21:34 . 2007-05-02 05:00 303,104 -ra------ C:\WINDOWS\system32\hpovst12.dll
2008-03-21 21:34 . 2007-03-08 00:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-03-21 21:29 . 2008-03-26 19:07 <DIR> d-------- C:\Documents and Settings\tom\Application Data\HPAppData
2008-03-21 21:29 . 2008-03-21 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-03-21 21:26 . 2008-03-21 21:26 <DIR> d-------- C:\Program Files\Common Files\HP
2008-03-21 21:26 . 2008-03-21 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-03-21 21:26 . 2008-03-21 22:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-03-21 21:23 . 2008-03-21 21:24 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-21 21:22 . 2004-08-04 02:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-21 21:22 . 2004-08-04 02:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-21 21:20 . 2008-03-21 21:37 147,618 --a------ C:\WINDOWS\hpoins21.dat
2008-03-21 21:20 . 2007-05-15 06:13 8,138 --------- C:\WINDOWS\hpomdl21.dat
2008-03-21 19:10 . 2008-03-21 19:11 212 --ah----- C:\IPH.PH
2008-03-14 23:58 . 2008-03-17 16:21 <DIR> d-------- C:\Documents and Settings\tom\Application Data\TAC
2008-03-14 23:56 . 2008-03-14 23:59 <DIR> d-------- C:\Program Files\TAC
2008-03-12 03:04 . 2008-04-09 03:06 127 --a------ C:\WINDOWS\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 19:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-10 04:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-07 06:44 --------- d-----w C:\Program Files\Plaxo
2008-04-07 06:03 --------- d-----w C:\Program Files\Toolbar
2008-03-29 07:30 --------- d-----w C:\Documents and Settings\tom\Application Data\Symantec
2008-03-28 23:05 --------- d-----w C:\Program Files\Symantec
2008-03-28 22:18 --------- d-----w C:\Documents and Settings\mary\Application Data\Symantec
2008-03-28 22:00 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-28 21:56 --------- d-----w C:\Program Files\Lavasoft
2008-03-28 21:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-22 22:23 --------- d-----w C:\Documents and Settings\heather\Application Data\Lavasoft
2008-03-22 02:10 --------- d-----w C:\Program Files\Roxio
2008-03-22 02:10 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-03-22 01:29 --------- d-----w C:\Program Files\HP
2008-03-22 00:37 --------- d-----w C:\Program Files\Google
2008-03-22 00:29 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-22 00:24 --------- d-----w C:\Program Files\Piolet
2008-03-22 00:20 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-08 03:00 --------- d-----w C:\Documents and Settings\tom\Application Data\Creative
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-01 23:46 30,651 ----a-w C:\scriptorium.zip
2008-02-01 23:45 28,907 ----a-w C:\sherwoodfont.zip
2008-01-29 03:22 9,852,896 ----a-w C:\LiveBilliards22enDemo.exe
2008-01-25 02:59 887,524 ----a-w C:\biliardo.zip
2004-09-16 20:58 457 -c--a-w C:\Program Files\INSTALL.LOG
2002-07-12 16:59 79,872 -c--a-w C:\Program Files\Common Files\HeadAC3he.exe
2002-07-12 03:54 6,374 -c--a-w C:\Program Files\Common Files\ReadMe.txt
2002-07-12 03:51 8,801 -c--a-w C:\Program Files\Common Files\WhatsNew.txt
2002-07-12 03:46 1,617 -c--a-w C:\Program Files\Common Files\KnownIssues.txt
2002-04-20 21:15 2,676 -c--a-w C:\Program Files\Common Files\Legal.txt
2002-04-15 22:53 40,960 -c--a-w C:\Program Files\Common Files\ssrc.dll
2002-03-29 15:52 84 -c--a-w C:\Program Files\Common Files\Notes.txt
2002-03-21 02:22 271,872 -c--a-w C:\Program Files\Common Files\libmmd.dll
2002-02-27 02:26 563 -c--a-w C:\Program Files\Common Files\LameMod.txt
2002-02-20 13:35 43,008 -c--a-w C:\Program Files\Common Files\azid.dll
2002-02-16 15:46 1,176 -c--a-w C:\Program Files\Common Files\ssrcLegal.txt
2002-02-16 15:43 439 -c--a-w C:\Program Files\Common Files\ReadMeDLL.txt
2002-01-18 02:46 374 -c--a-w C:\Program Files\Common Files\PTB.txt
2002-01-16 03:26 4,096 -c--a-w C:\Program Files\Common Files\ptb.exe
2001-12-26 00:52 741 -c--a-w C:\Program Files\Common Files\Future.txt
2001-12-26 00:51 1,212 -c--a-w C:\Program Files\Common Files\EMail.txt
2001-09-10 14:55 560 -c--a-w C:\Program Files\Common Files\AzidLegal.txt
1999-11-24 14:40 25,292 -c--a-w C:\Program Files\Common Files\COPYING
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A25A30C9-6D9A-46D0-A92C-05ABD82A83AE}]
2003-08-22 11:37 40960 --a------ C:\Program Files\AdBlocker\PopupBlocker.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3788F79-18CF-4D9A-A7B4-1BF43E914A8A}]
2006-01-27 14:33 245760 --------- C:\Program Files\SquareTrade SideBar\shpasst.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe" [2004-02-22 23:44 32881]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 21:21 28672]
"Write DVD-R!"="C:\Program Files\Write DVD!\saimon.exe" [2003-07-18 12:34 114688]
"BurnQuick Queue"="C:\Program Files\BurnQuick\BQTray.exe" [2006-06-15 10:49 49152]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe" [2003-08-18 17:46 53248]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-08-06 14:03 155648]
"SquareTrade SideBar"="C:\Program Files\SquareTrade SideBar\sthlpr.exe" [2006-01-17 18:51 126976]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-04-03 20:26 180269]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-11 13:06 155648]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 21:54 116072]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2007-09-12 18:27 492912]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R1 saicdr;saicdr;C:\WINDOWS\system32\drivers\saicdr.sys [2003-07-16 14:20]
R1 saiudf;saiudf;C:\WINDOWS\system32\drivers\saiudf.sys [2003-07-09 10:42]
R2 CINEMSUP;Software Cinemaster NT4.0 Driver;C:\WINDOWS\system32\DRIVERS\CINEMSUP.SYS [2000-03-24 14:53]
S0 Cdr4vsd;Cdr4vsd;C:\WINDOWS\system32\drivers\Cdr4vsd.sys [1998-05-11 16:22]
S1 saicdrwup;saicdrwup;C:\WINDOWS\system32\drivers\saicdrwup.sys [2003-05-16 15:32]
S3 iMSPQMn;iMSPQMn;C:\DOCUME~1\tom\LOCALS~1\Temp\iMSPQMn.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-10 00:04:32 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-04-10 07:00:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-04-10 00:04:32 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-04-07 04:28:42 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 15:25:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R????l??|q??|???|???|????$??????|???????|x??|???????????????????????|p??|????m??|???|?????????(?????????|?(?????????????w ??w6??????????????s????????????????????<???????????????????rl?wUV?w???|?k?w

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-10 15:31:42
ComboFix-quarantined-files.txt 2008-04-10 19:31:28
ComboFix2.txt 2008-04-09 23:59:50
ComboFix3.txt 2008-04-09 02:38:37
Pre-Run: 5,291,720,704 bytes free
Post-Run: 5,290,946,560 bytes free
.
2008-04-09 07:09:11 --- E O F ---





Hijack This Log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:57 PM, on 4/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Write DVD!\saimon.exe
C:\Program Files\BurnQuick\BQTray.exe
C:\Program Files\SquareTrade SideBar\sthlpr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\PROGRA~1\SQUARE~1\stdbmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: PopBlock Class - {A25A30C9-6D9A-46D0-A92C-05ABD82A83AE} - C:\Program Files\AdBlocker\PopupBlocker.dll
O2 - BHO: Square Trade Shopping Assistant - {E3788F79-18CF-4D9A-A7B4-1BF43E914A8A} - C:\Program Files\SquareTrade SideBar\shpasst.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Write DVD-R!] C:\Program Files\Write DVD!\saimon.exe
O4 - HKLM\..\Run: [BurnQuick Queue] C:\Program Files\BurnQuick\BQTray.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SquareTrade SideBar] "C:\Program Files\SquareTrade SideBar\sthlpr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-21-448539723-179605362-1417001333-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'tom')
O4 - HKUS\S-1-5-21-448539723-179605362-1417001333-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'tom')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: SquareTrade SideBar - {7B3E5F6B-ADF4-4731-9DAD-AC8AE9A4DFEC} - C:\Program Files\SquareTrade SideBar\shpasst.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 10826 bytes

#10 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:37 PM

Posted 10 April 2008 - 04:59 PM

Well done, Starglow :thumbsup:

To finish up :

Please remove, if still present, through Control Panel > Software the SquareTrade Toolbar.

Your JavaVM is also out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u5.
  • Scroll down to where it says The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right.
  • Check the box that says: Accept License Agreement
  • The page will refresh.
  • Click on the link to download Windows Offline Installation (jre-6u5-windows-i586-p.exe) and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u5-windowsi586-p.exe to install the newest version.
Please post a fresh HijackThis log for final checking.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#11 starglow

starglow
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 12 April 2008 - 02:32 PM

I am having some trouble uninstalling Java Runtime Environment :thumbsup:

I did successfully remove the SideSquare Toolbar :blink:

I have removed a few Java Runtime Environments, but there is one, Java 2 Runtime Environment Runtime Standard Edition v1.3.1, that will not uninstall. Something pops up and says Unable to locate the installation log file... Uninstallation will not continue.

There are others - Java 2 SDK Standard Edition v1.3.1_08 and also Java Web Start - do I need to worry about these?

I have downloaded the newest Java update you linked to above. I am going to wait to install it until you get back to me on this new problem I'm having.

Thank you :wacko:

#12 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:37 PM

Posted 12 April 2008 - 02:46 PM

Hello Starglow,

Don't worry about the one you can't remove,
some time ago the installation info probably got removed, no problem.

You can take out the other two,
reboot your PC and install the latest Java file you downloaded. :thumbsup:

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#13 starglow

starglow
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 12 April 2008 - 04:31 PM

I quickly wanted to ask if you think Norton 360 will do a good enough job protecting the computer, or if you think I need something else instead, or something else in addition to it?



Here is the Hijack This Log :thumbsup:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:28:47 PM, on 4/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Write DVD!\saimon.exe
C:\Program Files\BurnQuick\BQTray.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\SquareTrade SideBar\sthlpr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: PopBlock Class - {A25A30C9-6D9A-46D0-A92C-05ABD82A83AE} - C:\Program Files\AdBlocker\PopupBlocker.dll
O2 - BHO: Square Trade Shopping Assistant - {E3788F79-18CF-4D9A-A7B4-1BF43E914A8A} - C:\Program Files\SquareTrade SideBar\shpasst.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Write DVD-R!] C:\Program Files\Write DVD!\saimon.exe
O4 - HKLM\..\Run: [BurnQuick Queue] C:\Program Files\BurnQuick\BQTray.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SquareTrade SideBar] "C:\Program Files\SquareTrade SideBar\sthlpr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: SquareTrade SideBar - {7B3E5F6B-ADF4-4731-9DAD-AC8AE9A4DFEC} - C:\Program Files\SquareTrade SideBar\shpasst.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 10785 bytes

#14 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:37 PM

Posted 12 April 2008 - 06:35 PM

Hello Starglow,

I'd advise you to install at least some antispyware protection, fi. Spybot Search & Destroy, with active TeaTimer.
You'll find some valuable tips on the Prevention page, mentioned below. :thumbsup:

You can remove all tools we used, and any files/folder created in the proces.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Please read this Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Please also read Tony Klein's excellent article: How I got Infected in the First Place
and/or Grinlers tutorial on how malware is hidden and installed

Good luck,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#15 starglow

starglow
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 14 April 2008 - 05:16 PM

Okay, everything is completed now. Thank you, thank you, thank you :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users