Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware And Popups In Explorer / Vnrpack16.exe


  • This topic is locked This topic is locked
6 replies to this topic

#1 Bandit99

Bandit99

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 28 May 2008 - 12:38 AM

Explorer would open unexpectedly with popups from Internet Speed Monitor. After running Spybot, Windows Defender, Adaware, Malaware-bytes Anti-Malware and Super Anti-Spyware numerous times as well as my anit-virus from Mcafees, I removed components of Adware Xeno I believe. I was also able to remove Vnrpack16.exe and its folder manually myself. However, I'm am unsure I was able to rid myself of all the components of this malware.
Here is my DSS report:

Deckard's System Scanner v20071014.68
Run by User on 2008-05-27 22:12:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
14: 2008-05-28 04:56:56 UTC - RP372 - Deckard's System Scanner Restore Point
13: 2008-05-27 06:58:40 UTC - RP371 - Made by Registry Mechanic
12: 2008-05-27 01:21:06 UTC - RP370 - Uniblue RegistryBooster
11: 2008-05-27 00:56:46 UTC - RP369 - System Checkpoint
10: 2008-05-25 21:47:11 UTC - RP368 - Made by Registry Mechanic


-- First Restore Point --
1: 2008-05-08 17:17:15 UTC - RP359 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as User.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:54 PM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\asuskbservice.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\Explorer.EXE
C:\FlexLM\lmgrd.exe
C:\FlexLM\lmgrd.exe
C:\FlexLM\adskflex.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\VSTASCAN\vsaccess.exe
C:\Program Files\AutoHook2002\AHook2002.exe
C:\Program Files\AutoHook 2004\AutoHook 2004.exe
C:\Program Files\AutoHook 2006\AutoHook 2006.exe
C:\Program Files\AutoHook 2007\AutoHook 2007.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
D:\DnLoad\Registry\dss.exe
D:\PROGRA~1\TRENDM~1\HIJACK~1\User.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com
R3 - URLSearchHook: (no name) - _{A045DC85-FC44-45be-8A50-E4F9C62C9A84} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6DB936C9-B2DE-4324-9A28-048494464DFD} - blank (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: BeSideit IE Helper - {83C35173-E029-42f1-9692-0341EE379A0D} - blank (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Anvshell] anvshell.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TCTray] C:\Program Files\Computer Business Solutions\Time Control\TCTray.exe
O4 - HKLM\..\Run: [drkly16j] rundll32.exe drkly16j.dll,ServiceCheck
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: AutoHook2002.lnk = ?
O4 - Startup: AutoHook 2004.lnk = ?
O4 - Startup: AutoHook 2006.lnk = ?
O4 - Startup: AutoHook 2007.lnk = ?
O4 - Global Startup: Time Control Live Update.lnk = C:\Program Files\Computer Business Solutions\Time Control\WiseUpdt.exe
O4 - Global Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149385734265
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://pix.futureshop.ca/en/ImageUploader4.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.ca/downloads/BUM/B..._2/axofupld.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {D57262F5-9637-4E67-BC59-88C53EA76FC3} (ULcontrol Control) - http://pix.futureshop.ca/en/ulcontrolxp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: KWNTA - C:\WINDOWS\SYSTEM32\ICKGW32I.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Flexlm Service 1 - Macrovision Corporation - C:\FlexLM\lmgrd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 12565 bytes

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 iomdisk (Iomega Devices Disk Filter Services) - c:\windows\system32\drivers\iomdisk.sys <Not Verified; Iomega Corporation; Iomega Disk Filter Driver>
R0 sisidex - c:\windows\system32\drivers\sisidex.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R0 sisperf (Add Performance Filter Driver) - c:\windows\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
R1 ANVIOCTL - c:\windows\system32\drivers\anvioctl.sys <Not Verified; ASUSTeK; ASUS VGA Driver for Windows 2000/XP>
R1 asuskbnt - c:\windows\system32\drivers\asuskbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
R1 MagicTune - c:\windows\system32\drivers\mtictwl.sys
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R2 ETDrv - c:\windows\system32\drivers\etdrv.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
R3 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>

S1 AEC671X - c:\windows\system32\drivers\aec671x.sys <Not Verified; Acard Technology Corp.; Acard® AEC-671X PCI Ultra/W SCSC-3 Controller>
S1 DMX3191 - c:\windows\system32\drivers\dmx3191.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
S2 npkcrypt - d:\program files\nexon\maplestory\npkcrypt.sys (file missing)
S2 ousbehci (OrangeWare USB Enhanced Host Controller Service) - c:\windows\system32\drivers\ousbehci.sys <Not Verified; OrangeWare Corporation; USB 2.0 Enhanced Host Controller Driver>
S2 UDNT - c:\windows\system32\drivers\udnt.sys
S3 catchme - c:\docume~1\user\locals~1\temp\catchme.sys (file missing)
S3 cmuda (C-Media WDM Audio Interface) - c:\windows\system32\drivers\cmuda.sys (file missing)
S3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys (file missing)
S3 StMp3Rec (Player Recovery Device Control Driver) - c:\windows\system32\drivers\stmp3rec.sys <Not Verified; Generic; Generic MP3 Player>
S3 SYMIDSCO - c:\windows\system32\drivers\symidsco.sys (file missing)
S3 tbhsd (Tunebite High-Speed Dubbing) - c:\windows\system32\drivers\tbhsd.sys <Not Verified; RapidSolution Software AG; Tunebite High-Speed Dubbing>
S3 TCFilter - c:\windows\system32\drivers\tcfilter.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 _IOMEGA_ACTIVE_DISK_SERVICE_ (Iomega Active Disk) - "c:\program files\iomega\autodisk\adservice.exe" <Not Verified; Iomega Corporation; Iomega Active Disk>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ASUSKeyboardService - c:\windows\asuskbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>
R2 Flexlm Service 1 - c:\flexlm\lmgrd.exe <Not Verified; Macrovision Corporation; >
R2 Iomega App Services - "c:\progra~1\iomega\system32\appservices.exe" <Not Verified; Iomega Corporation; Iomega App Services>

S4 Iomega Activity Disk2 - ""


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-27 22:11:06 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-05-21 16:30:58 456 --a------ C:\WINDOWS\Tasks\TCP1Kids.job
2008-05-21 16:30:58 456 --a------ C:\WINDOWS\Tasks\TCL1Kids.job
2008-05-21 16:30:58 456 --a------ C:\WINDOWS\Tasks\TCI1Kids.job
2008-05-02 22:05:04 458 --a------ C:\WINDOWS\Tasks\TCP1Dylan.job
2008-05-02 22:05:04 458 --a------ C:\WINDOWS\Tasks\TCI1Dylan.job
2008-04-25 20:11:04 458 --a------ C:\WINDOWS\Tasks\TCL1Dylan.job
2008-04-25 20:00:02 462 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
2008-04-25 11:21:02 458 --a------ C:\WINDOWS\Tasks\TCL1Guest.job
2007-12-24 10:12:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-27 and 2008-05-27 -----------------------------

2008-05-26 18:12:43 0 d-------- C:\Documents and Settings\user\Application Data\Uniblue
2008-05-25 10:35:31 4106 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-25 08:02:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-05-24 16:59:04 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-24 16:58:52 0 d-------- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2008-05-24 14:35:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-22 22:42:03 0 d-------- C:\Program Files\Windows Defender
2008-05-22 21:01:50 0 d-------- C:\Program Files\Common Files\Autodesk
2008-05-22 21:00:09 0 d-------- C:\Program Files\DWG TrueView 2007
2008-05-22 20:59:20 0 d-------- C:\Program Files\Microsoft WSE
2008-05-22 20:41:37 0 d-------- C:\Program Files\AutoCAD Civil 3D 2008
2008-05-22 20:41:37 0 d-------- C:\Civil 3D Project Templates
2008-05-13 20:30:41 3779 --a------ C:\logfile
2008-05-13 20:20:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-05-06 23:28:35 0 d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-05-06 23:28:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-05 16:48:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-03 19:19:56 0 d-------- C:\WINDOWS\ERUNT
2008-04-29 20:09:09 399460 --a------ C:\WINDOWS\system32\g70.exe


-- Find3M Report ---------------------------------------------------------------

2008-04-04 23:43:34 0 d-------- C:\Program Files\iPod
2008-03-30 19:30:20 0 d-------- C:\Program Files\Common Files\xing shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6DB936C9-B2DE-4324-9A28-048494464DFD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83C35173-E029-42f1-9692-0341EE379A0D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="C:\WINDOWS\htpatch.exe" [10/30/2002 02:40 AM]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [07/12/2002 06:15 PM]
"nwiz"="nwiz.exe" [10/22/2006 12:22 PM C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 12:22 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" [12/19/2006 11:27 AM]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 09:50 AM C:\WINDOWS\Logi_MwX.Exe]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [08/13/2002 02:30 PM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [07/25/2005 12:01 PM]
"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [07/16/2002 10:55 AM]
"Anvshell"="anvshell.exe" [05/14/2004 11:12 PM C:\WINDOWS\Anvshell.exe]
"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [09/24/2002 04:39 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"TCTray"="C:\Program Files\Computer Business Solutions\Time Control\TCTray.exe" [03/14/2007 11:56 AM]
"drkly16j"="drkly16j.dll" [07/05/2006 03:55 AM C:\WINDOWS\system32\drkly16j.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/22/2006 12:22 PM]
"SoundMan"="SOUNDMAN.EXE" [05/17/2005 06:48 PM C:\WINDOWS\SOUNDMAN.EXE]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [02/22/2007 08:50 PM]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [01/12/2006 08:52 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/30/2008 07:29 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 06:23 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/30/2007 09:08 PM]
"NBJ"="C:\Program Files\Ahead\Nero\Nero BackItUp\NBJ.exe" [07/14/2005 09:35 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 PM]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/13/2008 12:43 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\user\Start Menu\Programs\Startup\
AutoHook2002.lnk - C:\Documents and Settings\user\Application Data\Microsoft\Installer\{92636699-1133-453C-8D73-7ED6645FB9BF}\2002icons.exe [9/1/2003 2:21:22 PM]
AutoHook 2004.lnk - C:\Documents and Settings\user\Application Data\Microsoft\Installer\{F514E547-2CDB-4F27-8D2F-0A4B89880065}\2004icons.exe [10/30/2004 10:21:30 PM]
AutoHook 2006.lnk - C:\Documents and Settings\user\Application Data\Microsoft\Installer\{534F6810-28E2-4139-ABDF-4ACB714F2E9F}\2006icons.exe [12/24/2005 4:09:01 PM]
AutoHook 2007.lnk - C:\Documents and Settings\user\Application Data\Microsoft\Installer\{60DDE1F8-C644-440C-B811-628A25CA964C}\2007icons.exe [10/9/2007 10:21:22 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Time Control Live Update.lnk - C:\Program Files\Computer Business Solutions\Time Control\WiseUpdt.exe [12/3/2006 9:43:04 PM]
UMAX VistaAccess.lnk - C:\VSTASCAN\vsaccess.exe [10/14/2007 10:15:06 PM]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [3/5/2005 5:18:22 AM]
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2/9/2008 3:09:34 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\KWNTA]
ICKGW32I.DLL 07/05/2006 03:55 AM 288376 C:\WINDOWS\system32\ickgw32i.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli ickgw32i

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e26e846a-9ea9-11da-8206-0050bab9b2f5}]
AutoRun\command- I:\PortableRoboForm.exe
RoboForm2Go\command- I:\PortableRoboForm.exe




-- End of Deckard's System Scanner: finished at 2008-05-27 22:16:39 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.06GHz
CPU 1: Intel® Pentium® 4 CPU 3.06GHz
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 1023.48 MiB / 505.79 MiB
Pagefile Memory (total/avail): 2465.12 MiB / 1995.75 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.51 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 38.15 GiB total, 7.45 GiB free.
D: is Fixed (FAT32) - 38.15 GiB total, 11.66 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Fixed (NTFS) - 189.92 GiB total, 28.57 GiB free.

\\.\PHYSICALDRIVE1 - Maxtor 6L200P0 - 189.92 GiB - 1 partition
\PARTITION0 - Logical Disk Manager - 189.92 GiB - H:

\\.\PHYSICALDRIVE0 - Maxtor 6Y080L0 - 76.33 GiB - 2 partitions
\PARTITION0 (bootable) - Unknown - 38.16 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 38.16 GiB - D:

\\.\PHYSICALDRIVE2 - IOMEGA ZIP 100 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: VirusScan Enterprise + AntiSpyware Enterprise v8.5.0.781 (McAfee, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Intel\\Createshare\\VideoPhone\\VP50.exe"="C:\\Program Files\\Intel\\Createshare\\VideoPhone\\VP50.exe:*:Enabled:Intel® Video Phone Container"
"C:\\WINDOWS\\System32\\dpvsetup.exe"="C:\\WINDOWS\\System32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\System32\\RUNDLL32.EXE"="C:\\WINDOWS\\System32\\RUNDLL32.EXE:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\LiveUpd.exe"="C:\\WINDOWS\\LiveUpd.exe:*:Enabled:ASUS LiveUpdate"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Enabled:Framework Service"
"D:\\DnLoad\\Aopen\\fwliveupdate.exe"="D:\\DnLoad\\Aopen\\fwliveupdate.exe:*:Enabled:AOpen Firmware Online Update Program"
"C:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"="C:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion"
"D:\\Program Files\\Warcraft III\\Warcraft III.exe"="D:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Real\\RealPlayer\\REALPLAY.EXE"="C:\\Program Files\\Real\\RealPlayer\\REALPLAY.EXE:*:Enabled:RealPlayer"
"C:\\WINDOWS\\System32\\mmc.exe"="C:\\WINDOWS\\System32\\mmc.exe:*:Enabled:Microsoft Management Console"
"D:\\ssi_V5.0-M\\nt_i386\\bin\\surpac2.exe"="D:\\ssi_V5.0-M\\nt_i386\\bin\\surpac2.exe:*:Enabled:surpac2"
"D:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="D:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"D:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="D:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"D:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="D:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"D:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="D:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Computer Business Solutions\\Time Control\\TControl.exe"="C:\\Program Files\\Computer Business Solutions\\Time Control\\TControl.exe:*:Enabled:Time Control"
"D:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"="D:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"D:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"="D:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe:*:Enabled:Age of Empires 3"
"C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\\Documents and Settings\\Kids\\My Documents\\Warcraft III\\Warcraft III.exe"="C:\\Documents and Settings\\Kids\\My Documents\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Wizet\\MapleStory\\NewPatcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Common Files\\Autodesk Shared\\WSCommCntr1.exe"="C:\\Program Files\\Common Files\\Autodesk Shared\\WSCommCntr1.exe:*:Enabled:WSCommCntr1.exe"
"C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"="C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE:*:Enabled:Firefox"
"D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="D:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\user\Application Data
CLASSPATH=.;"C:\Program Files\Java\jre1.5.0_11\QTJava.zip";C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MAINHOME
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\user
LOGONSERVER=\\MAINHOME
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\PROGRA~1\COMMON~1\AUTODE~1\GIS\IMPORT~1\1.0;C:\PROGRA~1\COMMON~1\AUTODE~1\GIS\IMPORT~1\2.0;"C:\Program Files\Common Files\Autodesk Shared\";C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Autodesk\DWG TrueView\;D:\Program Files\Pinnacle\Shared Files;D:\Program Files\Pinnacle\Shared Files\Filter
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\user\LOCALS~1\Temp
TMP=C:\DOCUME~1\user\LOCALS~1\Temp
USERDOMAIN=MAINHOME
USERNAME=User
USERPROFILE=C:\Documents and Settings\user
VSEDEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

user (admin)
Dalbir (admin)
Kids
kidsadmin (new local, admin)
Dylan
kidsadmin.MAIN (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Intel\Createshare\Inetcam\uninstall.exe" /s
--> C:\Documents and Settings\user\Local Settings\Application Data\{74D61F17-FFC2-41AF-96E5-1DCB0631B6D1}\EraserSetup32.exe
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\Setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C9DDCE0-66CF-11D4-9100-0090274FBE9A}\setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68DC5968-0278-11D5-8EAA-00062973342B}\setup.exe" maintflag
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD>
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9A812DA-143D-4780-BEDC-FD6D41386317}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9A812DA-143D-4780-BEDC-FD6D41386317}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB532BE2-425E-47D9-89C9-E2583EF74EF1}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB532BE2-425E-47D9-89C9-E2583EF74EF1}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee for PENTAX --> MsiExec.exe /I{EED5156C-4BA8-4105-A506-DB9D00F8B68D}
Ace DivX Player --> "C:\Program Files\GustoSoft\Ace DivX Player\Uninstall.exe"
Active Disk --> C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\AutoDisk\uninstal.log
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 7.0.9 Professional --> msiexec /I {AC76BA86-1033-0000-7760-100000000002}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~2\INSTALL.LOG
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Age of Empires III - The WarChiefs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}
Age of Mythology Gold --> "C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /uninstall
AnswerWorks Runtime --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AutoCAD 2005 Express Tools Volumes 1-9 --> MsiExec.exe /X{5783F2D7-0311-0409-0000-0060B0CE6BBA}
AutoCAD 2006 - English --> MsiExec.exe /I{5783F2D7-4001-0409-0002-0060B0CE6BBA}
AutoCAD Civil 3D 2008 --> C:\Program Files\AutoCAD Civil 3D 2008\Setup\Setup.exe /P {5783F2D7-6000-0409-0002-0060B0CE6BBA} /M C3D
AutoCAD Express Tools - Autodesk Land Desktop 3 --> "C:\WINDOWS\etUnInst.exe" "-fC:\Program Files\Land Desktop 3\DeIsL1.isu" "C:\Program Files\Land Desktop 3\Express\acetmain.ini"
AutoCAD Express Tools Volumes 1-9 --> MsiExec.exe /X{5783F2D7-0211-0409-0000-0060B0CE6BBA}
AutoCAD R14.0 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\AutoCAD R14\DeIsL1.isu"
Autodesk 2005 OE Hotfix --> C:\Program Files\Common Files\Autodesk Shared\OEHotfix.2005.exe -u
Autodesk 2006 OE Hotfix --> C:\Program Files\Common Files\Autodesk Shared\OEHotfix.2006.exe -u
Autodesk CAD Manager Tools 2.0 --> MsiExec.exe /I{5783F2D7-0111-0409-0010-0060B0CE6BBA}
Autodesk Civil 3D 2006 --> MsiExec.exe /I{5783F2D7-4000-0409-0002-0060B0CE6BBA}
Autodesk Civil 3D 2007 --> MsiExec.exe /I{5783F2D7-5000-0409-0002-0060B0CE6BBA}
Autodesk Civil Design 2005 --> MsiExec.exe /I{5783F2D7-1308-0409-0002-0060B0CE6BBA}
Autodesk Civil Design 3 --> MsiExec.exe /I{5783F2D7-1138-0409-0000-0060B0CE6BBA}
Autodesk Design Review 2008 --> MsiExec.exe /I{FACF203E-0F4D-489A-B80C-D185253C8FCB}
Autodesk Land 2005 Object Enabler --> MsiExec.exe /I{B683590D-C55F-426F-9443-D3B309B18E95}
Autodesk Land Desktop 2005 --> MsiExec.exe /I{5783F2D7-0308-0409-0002-0060B0CE6BBA}
Autodesk MapGuide® Viewer ActiveX Control Release 6.5 --> MsiExec.exe /I{E031338C-839D-4EDD-9537-99B653C39D81}
Autodesk Network License Manager --> MsiExec.exe /X{FE2F2589-96A6-4F38-98F5-DDAC34BD41B9}
Autodesk Vault 2008 --> C:\Program Files\Autodesk\Vault 2008\Setup\setup.exe /p {E55B00B0-9DBF-4EE1-AC1D-5DEBE12BD097} /M VAULT
Autodesk Vault 2008 --> MsiExec.exe /X{E55B00B0-9DBF-4EE1-AC1D-5DEBE12BD097}
AutoHook 2004 --> MsiExec.exe /X{F514E547-2CDB-4F27-8D2F-0A4B89880065}
AutoHook 2006 --> MsiExec.exe /X{534F6810-28E2-4139-ABDF-4ACB714F2E9F}
AutoHook 2007 --> MsiExec.exe /X{60DDE1F8-C644-440C-B811-628A25CA964C}
AutoHook2002 --> MsiExec.exe /X{92636699-1133-453C-8D73-7ED6645FB9BF}
Click'N Design 3D (V5) --> C:\PROGRA~1\CLICK'~1\UNWISE.EXE C:\PROGRA~1\CLICK'~1\INSTALL.LOG
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Compton's Interactive Encyclopedia 1999 Deluxe --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Compton's Home Library\CIE99D\DeIsL1.isu"
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative MuVo N200 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{985B31BF-A8E8-4B9E-8B76-298E756C3FAB}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVDFab Decrypter 3.0.9.6 --> "D:\Program Files\DVDFab Decrypter 3\unins000.exe"
DWG TrueConvert™ --> MsiExec.exe /X{5783F2D7-0221-0409-0000-0060B0CE6BBA}
DWG TrueView 2007 --> MsiExec.exe /I{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}
EasyTune4 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\ET4\Uninst.isu"
Enable S3 for USB Device --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Enable S3 for USB Device\Uninst.isu"
Encyclopædia Britannica Deluxe Edition --> "D:\Program Files\Britannica 2003\Deluxe Edition CD\Uninstaller.exe"
Eraser --> "C:\Documents and Settings\user\Local Settings\Application Data\{74D61F17-FFC2-41AF-96E5-1DCB0631B6D1}\EraserSetup32.exe" REMOVE=TRUE MODIFY=FALSE
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Image Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}\Setup.exe" UNINSTALL
ImageMixer for Sony --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}\setup.exe"
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
Intel® Create & Share® Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{202D5EE1-81AC-11D5-87C9-00AA00C29E0A}\setup.exe" -l0009 maintflag
IomegaWare 4.0.2 --> C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\uninstal.log
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.14.8 --> "D:\Program Files\LimeWire\uninstall.exe"
Logitech MouseWare 9.79.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
MagicTune3.6_Client_pivot --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1C04D433-2EDF-4AFB-B31B-C0B13065092F}\setup.exe" -l0x9
Malwarebytes' Anti-Malware --> "D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee AntiSpyware Enterprise Module --> "C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe" /UninstallMAS
McAfee VirusScan Enterprise --> MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
MGI PhotoSuite 4 (Remove Only) --> "C:\Program Files\MGI\MGI PhotoSuite 4\System\MGIUninstall.exe" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\MGI PhotoSuite 4\Uninst.isu" -c"C:\Program Files\MGI\MGI PhotoSuite 4\System\CustomUninstall.dll"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! for Windows XP --> MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft Streets and Trips 2005 --> MsiExec.exe /I{67E4EE98-59F4-4210-89A6-A20AF5BEC689}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft WSE 3.0 Runtime --> MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mr. Snappy 95 --> C:\Program Files\MrSnappy95\\setup.exe /u
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MuVo Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\Setup.exe" -l0x9 /remove
Natural Color --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}\setup.exe"
Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express Content --> C:\WINDOWS\UNNVEContent.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PageBreeze Free HTML Editor --> D:\PROGRA~1\PAGEBR~1\UNWISE.EXE D:\PROGRA~1\PAGEBR~1\INSTALL.LOG
Paint Shop Pro 6.0 (CD-ROM) --> D:\PROGRA~1\PAINTS~1\Unwise.exe D:\PROGRA~1\PAINTS~1\INSTALL.LOG
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Pinnacle Hollywood FX for Studio --> C:\WINDOWS\unvise32.exe D:\Program Files\Pinnacle\Hollywood FX for Studio\6.0\uninstal.log
Pinnacle Instant DVD Recorder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x9 UNINSTALL
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PrintMaster 7.00 --> c:\PROGRA~1\MINDSC~1\PRINTM~1\uninst32.exe /IFirst
Quicken 2003 Deluxe --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2D974D26-BA8F-4A0B-B7EE-3F563AF79746} anything
Quicksurf --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Schreiber\Quicksurf 5.1\DeIsL1.isu"
QuickTax 2006 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAFDA89B-1031-4BDB-8619-DE20CBDEDF32}\isetup.ex_" -l0x9 -uninst
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly REMOVE
Registry Mechanic 5.2 --> "D:\Program Files\Registry Mechanic\unins000.exe"
Sentinel System Driver 5.41.1 (32-bit) --> MsiExec.exe /I{5081528F-5DD5-49BA-8213-9A6A13502497}
Serif DrawPlus 3.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Serif\dp30\DrawPlus_uninst.isu"
Shaw Speed Test --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://sr3so.cg.shawcable.net/shawrtm1.jnlp"
Shockwave --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Spybot - Search & Destroy --> "D:\Program Files\Spybot - Search & Destroy\unins000.exe"
Studio 10 --> "C:\Program Files\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup2.exe"iles\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup.exe -l0x9 UNINSTALL
Studio 10.5 Patch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08E2EC5A-9C9D-4472-AB52-4165774BB8D8}\setup.exe" -l0x9 UNINSTALL
Studio 10.5.2 Patch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED775CE1-E9F7-41C4-BE91-C925E6D5F513}\setup.exe" -l0x9 UNINSTALL -removeonly
SUPERAntiSpyware Professional --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Surpac Vision V5.0-M --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0F1D8277-19DF-421D-9066-ACAEF0D12BEA}\Setup.exe" -l0x9
Tibia --> "D:\Program Files\Tibia\unins000.exe"
Time Control 4.0 --> C:\Program Files\Computer Business Solutions\Time Control\TControl.exe u
Time Zone Data Update Tool for Microsoft Office Outlook --> MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
Trimble Link 3.0 for LDD R3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{821A1432-2058-4CEA-8ACF-F6A726FA2A46}\setup.exe" uninstall
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Ulead VideoStudio 7 ESD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}\setup.exe" -l0x9
Undelete Plus 2.92 --> "D:\Program Files\FDRLab\Undelete Plus\unins000.exe"
VistaScan --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFAAFB3-4773-495B-B030-00ABC17A01DC}\Setup.exe"
Warcraft III --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up --> MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type7835 / Warning
Event Submitted/Written: 05/27/2008 10:06:37 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type7814 / Error
Event Submitted/Written: 05/27/2008 06:13:55 PM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 80072f8f, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Event Record #/Type7808 / Warning
Event Submitted/Written: 05/27/2008 00:02:00 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type7807 / Warning
Event Submitted/Written: 05/26/2008 11:36:17 PM
Event ID/Source: 258 / McLogEvent
Event Description:
The file D:\DnLoad\Smitfraud\SmitfraudFix\Reboot.exe contains Generic PUP.g Potentially Unwanted Program. The file was successfully deleted.

Event Record #/Type7806 / Warning
Event Submitted/Written: 05/26/2008 11:36:17 PM
Event ID/Source: 258 / McLogEvent
Event Description:
The file D:\DNLOAD\SMITFRAUD\SMITFRAUDFIX\REBOOT.EXE contains Generic PUP.g Potentially Unwanted Program. The file was successfully deleted.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type92284 / Warning
Event Submitted/Written: 05/27/2008 10:16:07 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%MAINHOME27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MAINHOME27 can't undo changes that you allow.

For more information please see the following:
%MAINHOME275

Scan ID: {0B72158C-A99B-4C55-81B1-83F2B7E91B30}

User: MAINHOME\User

Name: %MAINHOME271

ID: %MAINHOME272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %MAINHOME276

Alert Type: %MAINHOME278

Detection Type: 1.1.1593.02

Event Record #/Type92283 / Warning
Event Submitted/Written: 05/27/2008 10:16:07 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%MAINHOME27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MAINHOME27 can't undo changes that you allow.

For more information please see the following:
%MAINHOME275

Scan ID: {2BE6C0B8-4353-4A93-BA1F-B1537D9E80E3}

User: MAINHOME\User

Name: %MAINHOME271

ID: %MAINHOME272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %MAINHOME276

Alert Type: %MAINHOME278

Detection Type: 1.1.1593.02

Event Record #/Type92282 / Warning
Event Submitted/Written: 05/27/2008 10:16:07 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%MAINHOME27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MAINHOME27 can't undo changes that you allow.

For more information please see the following:
%MAINHOME275

Scan ID: {32004B80-1630-4EA2-A6FD-E18199D9B93B}

User: MAINHOME\User

Name: %MAINHOME271

ID: %MAINHOME272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %MAINHOME276

Alert Type: %MAINHOME278

Detection Type: 1.1.1593.02

Event Record #/Type92281 / Warning
Event Submitted/Written: 05/27/2008 10:16:05 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%MAINHOME27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MAINHOME27 can't undo changes that you allow.

For more information please see the following:
%MAINHOME275

Scan ID: {130043C5-A82A-4394-B25C-D0321E1B789F}

User: MAINHOME\User

Name: %MAINHOME271

ID: %MAINHOME272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %MAINHOME276

Alert Type: %MAINHOME278

Detection Type: 1.1.1593.02

Event Record #/Type92280 / Warning
Event Submitted/Written: 05/27/2008 10:16:05 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%MAINHOME27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MAINHOME27 can't undo changes that you allow.

For more information please see the following:
%MAINHOME275

Scan ID: {0C322994-5BC5-44D3-87BB-3ED80DA464BF}

User: MAINHOME\User

Name: %MAINHOME271

ID: %MAINHOME272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %MAINHOME276

Alert Type: %MAINHOME278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-05-27 22:16:39 ------------

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:50 AM

Posted 28 June 2008 - 12:23 PM

Hello Bandit99,

Welcome to Bleeping Computer :)

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Bandit99

Bandit99
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 28 June 2008 - 12:38 PM

Hi Tea,

Here's my HiJack This log file:
(I hope I've posted the right file) :thumbsup:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:28 AM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\asuskbservice.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\FlexLM\lmgrd.exe
C:\FlexLM\lmgrd.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\FlexLM\adskflex.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\VSTASCAN\vsaccess.exe
C:\Program Files\AutoHook2002\AHook2002.exe
C:\Program Files\AutoHook 2004\AutoHook 2004.exe
C:\Program Files\AutoHook 2006\AutoHook 2006.exe
C:\Program Files\AutoHook 2007\AutoHook 2007.exe
D:\Program Files\AutoHook 2008\AutoHook 2008.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com
R3 - URLSearchHook: (no name) - _{A045DC85-FC44-45be-8A50-E4F9C62C9A84} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6DB936C9-B2DE-4324-9A28-048494464DFD} - blank (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Anvshell] anvshell.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TCTray] C:\Program Files\Computer Business Solutions\Time Control\TCTray.exe
O4 - HKLM\..\Run: [drkly16j] rundll32.exe drkly16j.dll,ServiceCheck
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: AutoHook2002.lnk = ?
O4 - Startup: AutoHook 2004.lnk = ?
O4 - Startup: AutoHook 2006.lnk = ?
O4 - Startup: AutoHook 2007.lnk = ?
O4 - Startup: AutoHook 2008.lnk = ?
O4 - Global Startup: Time Control Live Update.lnk = C:\Program Files\Computer Business Solutions\Time Control\WiseUpdt.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149385734265
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://pix.futureshop.ca/en/ImageUploader4.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.ca/downloads/BUM/B..._2/axofupld.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {D57262F5-9637-4E67-BC59-88C53EA76FC3} (ULcontrol Control) - http://pix.futureshop.ca/en/ulcontrolxp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: KWNTA - C:\WINDOWS\SYSTEM32\ICKGW32I.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Flexlm Service 1 - Macrovision Corporation - C:\FlexLM\lmgrd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 12357 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:50 AM

Posted 28 June 2008 - 12:54 PM

Hello,

Perfect, thanks. :thumbsup: Looks like just leftovers, but I'd like to be sure. Then we'll remove any clutter that might remain. :)

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

How is it running?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Bandit99

Bandit99
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 29 June 2008 - 12:42 PM

Hi Tea,

Thanks for the quick reply. Over the last month, I've been diligent with weekly virus scans with McAfee and spyware/adware scans with both Spybot and Ad-aware. As well, I have MS Defender installed and running in the background. Not sure if this is overkill. Maybe I should uninstall Defender?

The computer seems to be running fine :thumbsup: , however, I'm not sure if there are fragments left behind from previous infection. Here are my logs as requested.

Cheers

Malwarebytes' Anti-Malware 1.19
Database version: 903
Windows 5.1.2600 Service Pack 2

10:28:30 AM 6/29/2008
mbam-log-6-29-2008 (10-28-30).txt

Scan type: Quick Scan
Objects scanned: 57991
Time elapsed: 7 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:57 AM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\asuskbservice.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\FlexLM\lmgrd.exe
C:\FlexLM\lmgrd.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\FlexLM\adskflex.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\VSTASCAN\vsaccess.exe
C:\Program Files\AutoHook2002\AHook2002.exe
C:\Program Files\AutoHook 2004\AutoHook 2004.exe
C:\Program Files\AutoHook 2006\AutoHook 2006.exe
C:\Program Files\AutoHook 2007\AutoHook 2007.exe
D:\Program Files\AutoHook 2008\AutoHook 2008.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com
R3 - URLSearchHook: (no name) - _{A045DC85-FC44-45be-8A50-E4F9C62C9A84} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6DB936C9-B2DE-4324-9A28-048494464DFD} - blank (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Anvshell] anvshell.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TCTray] C:\Program Files\Computer Business Solutions\Time Control\TCTray.exe
O4 - HKLM\..\Run: [drkly16j] rundll32.exe drkly16j.dll,ServiceCheck
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: AutoHook2002.lnk = ?
O4 - Startup: AutoHook 2004.lnk = ?
O4 - Startup: AutoHook 2006.lnk = ?
O4 - Startup: AutoHook 2007.lnk = ?
O4 - Startup: AutoHook 2008.lnk = ?
O4 - Global Startup: Time Control Live Update.lnk = C:\Program Files\Computer Business Solutions\Time Control\WiseUpdt.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149385734265
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://pix.futureshop.ca/en/ImageUploader4.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.ca/downloads/BUM/B..._2/axofupld.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {D57262F5-9637-4E67-BC59-88C53EA76FC3} (ULcontrol Control) - http://pix.futureshop.ca/en/ulcontrolxp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: KWNTA - C:\WINDOWS\SYSTEM32\ICKGW32I.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Flexlm Service 1 - Macrovision Corporation - C:\FlexLM\lmgrd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 12283 bytes

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:50 AM

Posted 29 June 2008 - 01:09 PM

Hello,

No, that combination isn't overkill......but I would not add any more than that, or it will be. :)

Looks like just the clutter in the HijackThis log to fix. :thumbsup:

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R3 - URLSearchHook: (no name) - _{A045DC85-FC44-45be-8A50-E4F9C62C9A84} - (no file)
O2 - BHO: (no name) - {6DB936C9-B2DE-4324-9A28-048494464DFD} - blank (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot your computer.

Looks like you did a good job of cleaning up, and I don't see the need to go any further since it's running well too. :thumbsup:

If there are no further problems:

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

You should definitely maintain a firewall. Some good free firewalls are Kerio, or Outpost. I use Comodo on my own system and really like it. http://comodo.com
A tutorial on understanding and using firewalls may be found here.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
IE/Spyad

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:50 AM

Posted 04 July 2008 - 10:12 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users