Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log- Is Zaiss Conflicting With Spyware Doctor?


  • This topic is locked This topic is locked
15 replies to this topic

#1 oddly

oddly

  • Members
  • 168 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 30 May 2008 - 12:06 AM

Hello.

I'm trying to do some updates to our family computers and cannot update SpyWare Doctor without freezing our systems. I'm not sure if this is malware related or if I've put too many anti-malware programs on here. The start-up on my computer is slow and there are two windows which start and then shut down almost instantly right after the icons load on the desk top.

I have shut down all my security programs except for Zone Alarm Internet Security Suite and have uninstalled Spyware Doctor for the moment. I would appreciate some advice on which programs I can run together or, if I have a virus, guidance in getting rid of it.

Here is what I have :

Windows XP sp3
linksys router

Zone Alarm Internet Security Suite
WinPatrol Pro
Windows Defender
Spybot Search and Destroy (on demand only- tea timer is disabled)
AdAware 2007 (on demand)
Sandboxie
Spyware Doctor- currently uninstalled
I Used to have Norton security, but I ran the removal tool to delete it. However, I still see some traces of it in the Hijack This log.
I also tried AVG 7.5, but have uninstalled it

I have run CCleaner, Kasperksy online scan and Decker. Here are the results:



DSS

Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-30 00:02:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
47: 2008-05-30 04:03:06 UTC - RP266 - Deckard's System Scanner Restore Point
46: 2008-05-30 01:38:23 UTC - RP265 - Software Distribution Service 3.0
45: 2008-05-29 04:34:57 UTC - RP264 - Revo Uninstaller's restore point - ActiveTutor (Player)
44: 2008-05-28 04:01:36 UTC - RP263 - Software Distribution Service 3.0
43: 2008-05-27 04:11:24 UTC - RP262 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-04-23 03:06:37 UTC - RP220 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:50 AM, on 5/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
G:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
G:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\LTMSG.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
G:\Program Files\Launchy\Launchy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
G:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.outdrs.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: (no name) - {2F2FBF0D-254F-11D5-B1E5-0050DAD7AF62} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - G:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - G:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [StorageGuard] C:\Program Files\VERITAS Software\Update Manager\sgtray.exe /r
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Startup: ERUNT AutoBackup.lnk = G:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Launchy.lnk = G:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to EverNote - res://G:\Program Files\EverNote\EverNote\enbar.dll/2000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - G:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - G:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.erightsoft.com
O16 - DPF: ppctlcab -
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} -
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} -
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141233614749
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141237300702
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} -
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/install/gtdownls.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Plug-in 1.4.2_05) -
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Plug-in 1.4.2_06) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?326
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} -
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - G:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - G:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - G:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 12675 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.js - JSFile - shell\open\command - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - VBSFile - shell\open\command - %SystemRoot%\System32\CScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R2 BCMNTIO - c:\program files\checkit\diagnostics\bcmntio.sys
R2 MAPMEM - c:\program files\checkit\diagnostics\mapmem.sys
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 ADPTEHCD (Adaptec USB 2.0 Enhanced Host Controller Driver) - c:\windows\system32\drivers\aehcd.sys <Not Verified; Adaptec Incorporated; Adaptec USB 2.0 Driver Stack>
R3 AUSBD_FilterService (Adaptec USB 2.0 Port Enumeration Driver) - c:\windows\system32\drivers\ausbd.sys <Not Verified; Adaptec Incorporated; Adaptec USB 2.0 Driver Stack>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SbieDrv - g:\program files\sandboxie\sbiedrv.sys <Not Verified; tzuk; Sandboxie>

S3 PSI - c:\windows\system32\drivers\psi_mf.sys <Not Verified; Secunia; Secunia Personal Software Inspector>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 SbieSvc (Sandboxie Service) - g:\program files\sandboxie\sbiesvc.exe <Not Verified; tzuk; Sandboxie>
R2 UPHClean (User Profile Hive Cleanup) - g:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S4 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-30 00:00:55 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-05-23 09:16:14 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2006-11-12 01:20:17 240 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job


-- Files created between 2008-04-30 and 2008-05-30 -----------------------------

2008-05-29 11:05:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-29 11:05:45 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-29 11:05:38 0 d-------- C:\WINDOWS\LastGood
2008-05-29 10:48:17 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-05-24 23:36:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-20 08:37:54 0 d-------- C:\Documents and Settings\Spare\Application Data\WTablet
2008-05-20 06:36:56 0 d-------- C:\Documents and Settings\NetworkService\Application Data\WTablet
2008-05-18 09:15:41 0 d-------- C:\Documents and Settings\Owner\Application Data\WTablet
2008-05-18 09:14:32 0 d-------- C:\WINDOWS\system32\WTablet
2008-05-18 09:14:22 0 d-------- C:\Program Files\Tablet
2008-05-17 16:12:05 0 d-------- C:\Documents and Settings\Owner\Application Data\MailFrontier
2008-05-17 15:39:11 27301152 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-08 12:41:32 0 d-------- C:\WINDOWS\Prefetch
2008-05-08 12:21:20 0 d-------- C:\WINDOWS\system32\scripting
2008-05-08 12:21:17 0 d-------- C:\WINDOWS\l2schemas
2008-05-08 12:21:15 0 d-------- C:\WINDOWS\system32\en
2008-05-08 12:10:38 0 d-------- C:\WINDOWS\network diagnostic
2008-05-02 06:10:30 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter>


-- Find3M Report ---------------------------------------------------------------

2008-05-30 00:11:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Launchy
2008-05-29 00:36:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-27 23:46:54 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-05-27 20:55:51 0 d-------- C:\Program Files\Common Files
2008-05-27 17:28:09 900 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-27 11:18:59 0 d-------- C:\Program Files\Yahoo!
2008-05-27 01:42:57 0 d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-05-25 08:44:13 0 d-------- C:\Program Files\SiteAdvisor
2008-05-22 10:18:06 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-18 21:58:33 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-17 15:41:39 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-12 15:06:47 0 d-------- C:\Program Files\OpenOffice.org 2.3
2008-05-11 19:58:01 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-05-08 12:22:03 0 d-------- C:\Program Files\Messenger
2008-05-08 12:21:14 0 d-------- C:\Program Files\Movie Maker
2008-05-08 12:14:59 0 d-------- C:\Program Files\Windows NT
2008-04-23 17:25:10 0 d-------- C:\Documents and Settings\Owner\Application Data\WeatherWatcher
2008-04-23 17:09:59 0 d-------- C:\Program Files\Apple Software Update
2008-04-20 23:48:10 0 d-------- C:\Program Files\Java
2008-04-20 23:33:13 0 d-------- C:\Documents and Settings\Owner\Application Data\Notepad++
2008-04-20 21:23:51 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-14 14:51:11 0 d--h----- C:\Program Files\Zero G Registry
2008-04-14 13:11:03 0 d-------- C:\Documents and Settings\Owner\Application Data\Amazon
2008-04-06 19:22:48 0 d-------- C:\Documents and Settings\Owner\Application Data\Auslogics
2008-04-04 10:35:59 0 d-------- C:\Documents and Settings\Owner\Application Data\VSRevoGroup
2008-04-04 09:51:11 0 d-------- C:\Program Files\Belarc
2008-04-03 22:41:24 0 d-------- C:\Program Files\iTunes
2008-04-03 22:40:58 0 d-------- C:\Program Files\iPod
2008-04-03 22:34:13 0 d-------- C:\Program Files\QuickTime
2008-04-03 11:26:40 0 d-------- C:\Documents and Settings\Owner\Application Data\CyberPower Audio Editing Lab
2008-03-15 12:41:08 160597 --a------ C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [10/05/2006 11:11 PM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [06/18/2002 12:01 AM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [03/30/2007 11:42 AM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [06/15/2001 06:34 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/04/2007 06:14 PM]
"LTMSG"="LTMSG.exe" [07/14/2003 11:52 AM C:\WINDOWS\ltmsg.exe]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 05:44 PM]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 12:04 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [05/24/2002 08:46 AM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/04/2007 06:14 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [04/02/2008 09:07 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"@"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [5/17/2005 12:29:30 AM]
ERUNT AutoBackup.lnk - G:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]
Launchy.lnk - G:\Program Files\Launchy\Launchy.exe [6/5/2007 1:31:50 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - G:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 4:15:54 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8406 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-30 00:20:17 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.00GHz
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 1279.53 MiB / 627.79 MiB
Pagefile Memory (total/avail): 6054.27 MiB / 5439.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1888.89 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 70.12 GiB total, 24.47 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
G: is Fixed (NTFS) - 186.31 GiB total, 112.83 GiB free.
H: is Removable (Unformatted)

\\.\PHYSICALDRIVE2 -

\\.\PHYSICALDRIVE0 - MAXTOR 4K080H4 - 74.53 GiB - 2 partitions
\PARTITION0 - Unknown - 4.41 GiB
\PARTITION1 (bootable) - Installable File System - 70.12 GiB - C:

\\.\PHYSICALDRIVE1 - WDC WD20 00JD-60KLB0 SCSI Disk Device - 186.31 GiB - 1 partition
\PARTITION0 - Installable File System - 186.31 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;G:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-ZE8CXVR8TT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LANG=C
LOGONSERVER=\\YOUR-ZE8CXVR8TT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program files\PC-Doctor for Windows XP\WINDSAPI;C:\Program Files\Common Files\GTK\2.0\bin;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;G:\Program Files\doxygen\bin;G:\PROGRA~1\ATT\Graphviz\bin;C:\Program Files\Common Files\Adobe\AGL;G:\Program Files\android_sdk_windows_m3-rc37a\android_sdk_windows_m3-rc37a\tools;G:\Program Files\Java\jdk1.6.0_04\bin;C:\Program Files\QuickTime\QTSystem\;G:\Program Files\VTK 5.0\bin;G:\Program Files\Java\jdk1.6.0_04\bin;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102

ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=G:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=YOUR-ZE8CXVR8TT
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
VS80COMNTOOLS=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Spare (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> G:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
10-Strike SearchMyDiscs --> "G:\Program Files\10-Strike SearchMyDiscs\unins000.exe"
7Lands version 1.0.5.812 --> "G:\Program Files\7Lands_Eng\unins000.exe"
abrViewer.NET v2 --> MsiExec.exe /I{7EF6CE03-C8B6-44CC-A937-A02809B98232}
Ad-Aware 2007 --> MsiExec.exe /X{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Photoshop Elements 6.0 --> msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Premiere Elements 4.0 --> msiexec /I {3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}
Adobe Premiere Elements 4.0 --> MsiExec.exe /I{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}
Adobe Premiere Elements 4.0 Templates --> msiexec /I {F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}
Adobe Premiere Elements 4.0 Templates --> MsiExec.exe /I{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Adobe® Photoshop® Album Starter Edition 3.0.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
Advanced File Organizer 3.0 --> "G:\Program Files\Advanced File Organizer\unins000.exe"
AFPL Ghostscript 8.54 --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.54\uninstal.txt"
AFPL Ghostscript Fonts --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
Age Of Japan --> "g:\Program Files\Realore\Age Of Japan\unins000.exe"
Age Of Japan II --> "G:\Program Files\Realore\Age Of Japan II\unins000.exe"
Aimersoft DVD Ripper(Build 1.0.19) --> "G:\Program Files\Aimersoft\DVD Ripper\unins000.exe"
Aimersoft Video Converter(Build 1.0.21) --> "G:\Program Files\Aimersoft\Video Converter\unins000.exe"
Amazon MP3 Downloader 1.0.3 --> G:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
Anthelion2 1.0 --> "G:\Program Files\Anthelion2\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Aqua Words --> "G:\Program Files\Realore\Aqua Words\unins000.exe"
ArchMage 1.03 --> g:\Program Files\ArchMage\uninst.exe
ArtStudio --> MsiExec.exe /I{ED64D9B8-8B92-4A2F-8ED8-8A83DECDD87A}
Arvale 1.0 --> "G:\Program Files\Arvale\unins000.exe"
Atomic Pop --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93AC2663-6946-490E-B4A4-FD126F318084}\setup.exe"
Audacity 1.2.6 --> "G:\Program Files\Audacity\unins000.exe"
Audible Download Manager --> G:\Program Files\Audible\Bin\AudibleDM_iTunesSetup.exe /Uninstall
AudibleManager --> G:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
AusLogics Disk Defrag --> "G:\Program Files\AusLogics Disk Defrag\unins000.exe"
AviScreen Classic Version 1.3 --> "G:\Program Files\bobyte\AviScreen classic\unins000.exe"
Azangara version 1.31 --> "G:\Program Files\Azangara\unins000.exe"
Beiks English Dictionary and Thesaurus for PalmOS --> C:\WINDOWS\ctpu.exe -uC:\Program Files\Beiks\English Dictionary and Thesaurus\install.log -lC:\WINDOWS\ResEnu.dll
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Beyond Contacts --> MsiExec.exe /X{CA68F6B0-1F26-4AFB-9415-E47DDF390F59}
BlasterBall Wild --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42450D0B-8F0B-4EA2-90F6-6047F634ACC7}\setup.exe"
Blender (remove only) --> "G:\Program Files\Blender Foundation\Blender\uninstall.exe"
BoardGames Collection 1.20 --> "G:\Program Files\BoardGames Collection\unins000.exe"
Bookstories 1.0 --> "G:\Program Files\Gambana\Bookstories\unins000.exe"
Brave Dwarves 2 Summer Pack 1.41 --> "G:\Program Files\Brave Dwarves 2 Summer Pack\unins000.exe"
Brave Dwarves Back for Treasures Set 5 1.1 --> "g:\Program Files\Brave Dwarves Back for Treasures Set 5\unins000.exe"
Breakout Shooting 1.1 --> "G:\Program Files\RealApex\BreakoutShooting\unins000.exe"
Bryce 6 Upgrade from 5.0/5.5/6.0 --> C:\WINDOWS\unvise32.exe G:\Program Files\DAZ\Bryce 6\Bryce Uninstall.log
Bryce Lightning 2.0 c --> C:\WINDOWS\unvise32.exe G:\Program Files\DAZ\Bryce Lightning 2.0\Bryce Lightning Uninstall.log
BUFKIT_AWWT_Simulations_Release_2 --> C:\WINDOWS\st6unst.exe -n "g:\Program Files\BUFKIT_AWWT_Simulations_Release_2\ST6UNST.LOG"
Bufkit_DLAC2_Convective --> C:\WINDOWS\st6unst.exe -n "g:\Program Files\Bufkit_DLAC2_Convective\ST6UNST.LOG"
Button Shop --> G:\Program Files\Button Shop\uninstall.exe
CamStudio --> G:\Program Files\CamStudio\uninstall.exe
Camtasia Studio 3 --> G:\Program Files\TechSmith\Camtasia Studio 3\CSuninst.EXE
CCleaner (remove only) --> "G:\Program Files\CCleaner\uninst.exe"
Celtx (0.9.9.5) --> C:\Program Files\Celtx\uninstall\helper.exe
CheckIt Diagnostics --> C:\PROGRA~1\CheckIt\DIAGNO~1\UNWISE.EXE C:\PROGRA~1\CheckIt\DIAGNO~1\INSTALL.LOG
ConceptDraw Project 3 --> MsiExec.exe /I{304A577F-7615-4F77-BF29-34D598E5FB04}
ConceptDraw VI --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63910E59-C5D4-4596-A8D0-B9E3F26A3CD0}\setup.exe" -l0x9 -removeonly
ConceptDraw WebWave --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{293E1AEA-3E56-4D9F-9608-3006DD6D9035}\setup.exe" -l0x9 -removeonly
Corel Painter Essentials 2 --> MsiExec.exe /X{B946D46E-1302-48B4-84EE-B74C3191D975}
CorelDRAW Graphics Suite 12 --> MsiExec.exe /I{465DC07E-3390-401A-A190-6078D73AB4C6}
CorelDRAW Graphics Suite 12 Setup Files --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD65CAC7-6D63-4D56-BED0-B610281256DF}\setup.exe" -l0x9 -removeonly
CyberPower Audio Editing Lab 12.8 --> "G:\Program Files\CyberPower Audio Editing Lab\unins000.exe"
Dark Age of Camelot - Epic Edition --> "G:\Mythic\Darkness\unins000.exe"
Data Lifeguard Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
DAZ|Studio 1.5.1.0 --> C:\WINDOWS\unvise32.exe G:\Program Files\DAZ\Studio\DAZ Studio Uninstall.log
Debugging Tools for Windows --> MsiExec.exe /I{5C741A01-05D6-4306-BA6A-DC8401285AE8}
DebugMode Wink --> "g:\Program Files\DebugMode\Wink\uninst.exe"
Deep Paint --> G:\Program Files\Right Hemisphere\Deep Paint\unwise.exe
Detto Migration Kit --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DA9F6EF5-E48A-4E45-BC57-AA16193763B7}\Setup.exe"
DivX Content Uploader --> G:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> G:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> G:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> G:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documents To Go --> MsiExec.exe /X{17EDA59D-5D72-4189-A2AD-1C43E74058AE}
doxygen 1.4.7 --> "G:\Program Files\doxygen\system\unins000.exe"
DRAWings® Embroidery Effect --> MsiExec.exe /X{A8BD6A41-6283-4002-8B86-78263793E8B7}
DriverMax 3 --> "G:\Program Files\Innovative Solutions\DriverMax\unins000.exe"
Duplicate File Finder 1.1.0.3 --> "G:\Program Files\Duplicate File Finder\unins000.exe"
DVD Decrypter (Remove Only) --> "G:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "G:\Program Files\DVD Shrink\unins000.exe"
DVDFab HD Decrypter 3.1.2.6 --> "G:\Program Files\DVDFab HD Decrypter 3\unins000.exe"
DVR-MS Sample Code --> MsiExec.exe /I{DDEC8435-4C46-4386-A221-1FBE5B82FC48}
Easy Internet Sign-up --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B5DDB2C-0807-47FD-9C11-80EA761902C0}\Setup.exe"
Elprime Media Recovery 1.0 --> "G:\Program Files\Elprime Media Recovery\unins000.exe"
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
ERUNT 1.1j --> "G:\Program Files\ERUNT\unins000.exe"
EverNote --> C:\Program Files\InstallShield Installation Information\{00C297B1-02F3-4BEE-8B57-7BCA695A41DA}\setup.exe -runfromtemp -l0x0009 -removeonly
Evernote --> C:\Program Files\InstallShield Installation Information\{0D025345-1033-4F35-A5CE-68CDCDE6CC03}\setup.exe -runfromtemp -l0x0009 -removeonly
ExtractNow --> "C:\Program Files\ExtractNow\unins000.exe"
FastStone Image Viewer 3.4 --> G:\Program Files\FastStone Image Viewer\uninst.exe
FileAmigo 7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDF10B21-34CD-453A-942A-4BA44858BBAC}\Setup.exe" -l0x9 anything
Finale NotePad 2007 --> G:\Program Files\Finale NotePad 2007\uninstallNP.exe
FlashSpring Pro 2.2.4 --> "G:\Program Files\FlashSpring Pro 2\unins000.exe"
Folder Marker Home v 2.0 --> "G:\Program Files\Folder Marker\unins000.exe"
Foxy Jumper 2 Winter Adventures --> G:\Program Files\Alawar\Foxy Jumper 2 WA\Uninstall.exe
Fraps --> "G:\Fraps\uninstall.exe"
Funky Farm Thanksgiving Edition 1.2 --> G:\Program Files\Funky Farm Thanksgiving\uninst.exe
GameBox Solitaire 1.0 --> "G:\Program Files\GameBox Solitaire\unins000.exe"
GemMaster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B40514BB-56EC-11D5-A8E1-00A0CC663B7C}\setup.exe"
GIMP 2.4.0 --> "G:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Graphviz --> G:\PROGRA~1\ATT\UNWISE.EXE G:\PROGRA~1\ATT\INSTALL.LOG
GTK+ 2.10.11 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
HelpMaker (Remove Only) --> "G:\Program Files\vahelp\unins000.exe"
HelpSmith 1.3 --> "G:\Program Files\HelpSmith\unins000.exe"
HijackThis 2.0.2 --> "G:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp instant support --> C:\PROGRA~1\HEWLET~1\hpis\Uninstall.exe /s CeS
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.3 - Scanjet 4600 Series --> MsiExec.exe /I{3E270C95-8327-4C2F-A8E1-902CC2604A20}
HP Photo Printing Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\hpiunPC.dll
hp photosmart 7350 series --> rundll32 hpzcon05.dll,VendorJettison hp photosmart 7350 series
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HTML Help Workshop --> G:\Program Files\HTML Help Workshop\setup.exe Uninstall
Iconoid Version 3.8.4 --> "G:\Program Files\Iconoid\unins000.exe"
Image Mender 1.1 --> G:\Program Files\Image Mender\Uninstall.exe
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
ImgBurn (Remove Only) --> "G:\Program Files\ImgBurn\uninstall.exe"
Inactive HP Printer Drivers (Remove only) --> RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 prntunin.inf
Inactive HP ScanJet Drivers (Remove only) --> RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 sjunin.inf
Inkscape 0.45 --> "g:\Program Files\Inkscape\uninst.exe"
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
InterVideo WinDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
IrfanView (remove only) --> G:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java DB 10.3.1.4 --> MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Development Kit 6 Update 4 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160040}
jEdit 4.2 --> "C:\Program Files\jEdit\unins000.exe"
Jets'n'Guns 1.034 --> G:\Program Files\Jets'n'Guns\uninst.exe
Jing --> MsiExec.exe /I{2BE9075D-2CB6-4510-94A3-28E72290FC60}
K-Lite Codec Pack 3.6.5 Full --> "G:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KeyWords --> "G:\Program Files\KeyWords\unins000.exe"
LADSPA_plugins-win-0.4.15 --> "G:\Program Files\Audacity\Plug-Ins\unins000.exe"
Launchy 1.0 --> "G:\Program Files\Launchy\unins000.exe"
LEAD Screen Capture and Speech Decoders --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{494CDB1B-5801-4D56-BEC0-4744D3BFC20E}\setup.exe"
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Liquid Story Binder XE 1.71 --> "G:\Program Files\Black Obelisk Software\Liquid Story Binder XE\unins000.exe"
Magic Ball 3 --> G:\Program Files\Alawar\MagicBall3\Uninstall.exe
MagicScore --> "G:\Program Files\MagicScore Music Software\MagicScore School 5.x\unins000.exe"
Mahjongg Artifacts --> G:\Program Files\Alawar\Mahjongg Artifacts\Uninstall.exe
McAfee SiteAdvisor --> C:\Program Files\SiteAdvisor\6261\uninstall.exe
MediaCoder 0.6.1 --> G:\Program Files\MediaCoder\uninst.exe
MediaMonkey 3.0 --> "G:\Program Files\MediaMonkey\unins000.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Bootvis --> MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Color Control Panel Applet for Windows XP --> MsiExec.exe /X{CE378F36-E404-4244-A33F-F50A2A6D31BD}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft DirectX 9.0 SDK Update (Summer 2003) --> MsiExec.exe /I{102D4B06-C63B-4A3D-B230-03C7D5692474}
Microsoft MSDN 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft MSDN 2005 Express Edition - ENU\install.exe
Microsoft Office 2000 SR-1 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft OpenType Font File Properties Extension --> MsiExec.exe /I{45EA11B5-874D-480E-89B9-2545505BBE3E}
Microsoft Photo Info --> MsiExec.exe /I{08823E70-05FD-4CC3-8019-ABE5B85FC8BE}
Microsoft PhotoDraw 2000 --> "G:\Program Files\Microsoft Office\Office\Setup\PhotoDraw\setup.exe"
Microsoft Platform SDK (3790.1830) --> MsiExec.exe /I{BA96A695-E9CE-4B2A-919A-540B73E7A78E}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 --> "C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual C++ 2005 Express Edition - ENU\setup.exe
Microsoft Visual C++ 2005 Express Edition - ENU --> MsiExec.exe /X{AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}
Microsoft Visual C++ 2005 Express Edition - ENU Service Pack 1 (KB926748) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {9BB5DD65-D02F-43FC-94AF-E8932A4EFB73} /package {AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# 2.0 Redistributable Package --> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual J# 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual J# 2005 Express Edition - ENU\setup.exe
Microsoft Visual J# 2005 Express Edition - ENU --> MsiExec.exe /X{94160B78-D7C5-4706-8E03-9D8B3763C7DB}
Microsoft Visual J# 2005 Express Edition - ENU Service Pack 1 (KB926750) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {2E131283-ECA2-41F2-BBE0-D7FA123CE6B5} /package {94160B78-D7C5-4706-8E03-9D8B3763C7DB}
Microsoft Visual Web Developer 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Web Developer 2005 Express Edition - ENU\setup.exe
Microsoft Visual Web Developer 2005 Express Edition - ENU --> MsiExec.exe /X{221125DC-6A40-4900-B844-591F5E1195B0}
Microsoft Visual Web Developer 2005 Express Edition - ENU Service Pack 1 (KB926751) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {D07A13F7-D30C-47DD-AD95-7D0105811327} /package {221125DC-6A40-4900-B844-591F5E1195B0}
Microsoft Works and Money 2001 Setup Launcher --> C:\Program Files\Microsoft Works and Money 2001\Setup\Launcher.exe d:\
Mozilla Firefox (2.0.0.14) --> G:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.0) --> G:\Program Files\Mozilla Firefox 3 Beta 5\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14) --> G:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MP3 Recorder Studio 5.8 --> "G:\Program Files\MP3 Recorder Studio\unins000.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
My Photo Center --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\My Photo Center\Uninst.isu"
MyFonts Order M767332 --> MsiExec.exe /I{1E8CE6CE-AC5A-7E70-3D71-31BE7C7A0C68}
Nero 7 Essentials --> MsiExec.exe /X{DB4C031D-B2F8-47F1-A274-59A8F3B61033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetBeans IDE 6.0.1 --> "G:\Program Files\NetBeans 6.0.1\uninstall.exe"
Notepad++ --> G:\Program Files\Notepad++\uninstall.exe
Nuclear Ball --> "G:\Program Files\Nuclear Ball\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenAL 1.1 Core PC SDK (Release 1.0) --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4D27E76A-E313-4E30-8D67-AAE7AFB34215}
OpenOffice.org 2.4 --> MsiExec.exe /I{2BB8FBB4-CFF9-434E-AA0A-40F5379C1602}
PageFour 1.50 --> "G:\Program Files\IMBT\PageFour\unins000.exe"
Palm Desktop --> MsiExec.exe /X{B1D78321-7AB1-45A7-A084-885AF75B8F3D}
PassAlong Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC4732F4-665D-4E6B-8E50-74D6B6FBE5A9}\setup.exe" -l0x9
PC-Doctor for Windows --> C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\PC-DOC~1\INSTALL.LOG
PDAmill GameBox Classics for Palm OS (Full Version) --> C:\WINDOWS\UnGins.exe "C:\Program Files\PDAmill\Classics for Palm Full\install.log"
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photo Story 3 for Windows --> MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
PigPen --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F20ADFD-5679-11D5-A8E1-00A0CC663B7C}\setup.exe"
PIXELA ImageMixer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13413C6C-C640-40B8-917E-CA3062826B18}\setup.exe"
PixelToolbox 1.1 --> C:\WINDOWS\unvise32.exe G:\Program Files\AxiomX\PixelToolbox\uninstal.log
PopCap Browser Plugin --> C:\Program Files\PopCap Games\PopCap Browser Plugin\Uninstall.exe
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 1.5 combined Win32 extensions --> C:\PROGRA~1\Python\UNWISE~1.EXE C:\PROGRA~1\Python\W32INST.LOG
Python 1.5.2 (final) --> C:\PROGRA~1\Python\UNWISE.EXE C:\PROGRA~1\Python\INSTALL.LOG
Python 2.4.3 --> MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
Python 2.5.1 --> MsiExec.exe /I{31800004-6386-4999-A519-518F2D78D8F0}
Quicken Financial Center --> C:\PROGRA~1\QUICKE~1\rem\UNWISE.EXE /s C:\PROGRA~1\QUICKE~1\rem\INSTALL.LOG
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RealWorld Cursor Editor --> MsiExec.exe /I{4B2DEF0C-51B4-4250-A082-7C3CD4FB2828}
RecordNow --> MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
RecordNow Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Revo Uninstaller 1.60 --> G:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
S3 Gamma --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3 Gamma'
S3 Savage4 Family Display Switch2 Utility --> S3Uninst.exe -reg 5 HKLM\SOFTWARE\S3\S3Uninst\S3Switch2
SabreWing 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4FD84C01-F268-4E99-A7D5-533D04722C4B}\setup.exe"
Sandboxie version 2.86 --> C:\WINDOWS\Installer\SandboxieInstall.exe
Scribus 1.3.3.9 --> G:\Program Files\Scribus 1.3.3.9\uninst.exe
Secunia PSI (RC1) --> "G:\Program Files\Secunia\PSI (RC1)\uninstall.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sizer (remove only) --> G:\Program Files\Sizer\Uninstall.exe
Snowy Treasure Hunter 2 --> G:\Program Files\Alawar\SnowyTreasureHunter2\Uninstall.exe
Snowy. Space Trip --> G:\Program Files\Alawar\SnowySpaceTrip\Uninstall.exe
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Speedway --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42977380-5628-11D5-A8E1-00A0CC53785B}\setup.exe"
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Sqirlz Water Reflections --> C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
Stellarium 0.8.2 --> "G:\Program Files\Stellarium\unins000.exe"
Strike Ball 2 Deluxe --> G:\Program Files\Alawar\StrikeBall2Deluxe\Uninstall.exe
SUPER © Version 2008.bld.30 (Mar 22, 2008) --> G:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SyncToy --> MsiExec.exe /I{B5688129-7595-4E5B-9990-CEF981A31264}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tcl 8.0.5 for Windows --> C:\PROGRA~1\Tcl\UNWISE.EXE C:\PROGRA~1\Tcl\INSTALL.LOG
The Rise of Atlantis 1.0 --> "G:\Program Files\The Rise of Atlantis\unins000.exe"
TI Connect 1.6 --> MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
TI StudyCards Creator --> MsiExec.exe /I{B3B2CC77-13A5-43E3-ABB3-73E6B64EC700}
Tiny Cars 2 --> "G:\Program Files\Realore\Tiny Cars 2\unins000.exe"
Titan Backup --> G:\PROGRA~1\TITANB~1\UNWISE.EXE G:\PROGRA~1\TITANB~1\INSTALL.LOG
Torque Game Engine 1.5.2 SDK (remove only) --> "G:\Torque\TGE_1_5_2\uninst-tsdk.exe"
Torque ShowTool Pro (remove only) --> "G:\Program Files\TorqueShowToolPro\uninst-TorqueShowToolPro.exe"
Torsion 1.0.852 --> "G:\Program Files\Torsion\unins000.exe"
TrueCrypt --> "G:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u
Turtix --> g:\Program Files\Alawar\Turtix\Uninstall.exe
Turtle Odyssey 2 --> "G:\Program Files\Realore\Turtle Odyssey 2\unins000.exe"
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Uru - Ages Beyond Myst --> "G:\Program Files\Ubi Soft\Cyan Worlds\Uru - Ages Beyond Myst\UninstallerData\Uninstall Uru - Ages Beyond Myst.exe"
User Profile Hive Cleanup Service --> MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6f --> G:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Desktop Manager Powertoy for Windows XP --> MsiExec.exe /I{F251B999-08A9-4704-999C-9962F0DFD88E}
VTK 5.0 --> G:\Program Files\VTK 5.0\Uninstall.exe
vue --> "G:\Program Files\vue\UninstallerData\Uninstall vue.exe"
Wacom Tablet --> C:\Program Files\Tablet\Wacom\Remove.exe /u
Watermark Factory 2 --> "G:\Program Files\Watermark Factory 2\unins000.exe"
Weather Watcher --> "G:\Program Files\Weather Watcher\unins000.exe"
Winamp --> "G:\Program Files\Winamp\UninstWA.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinMerge 2.6.0.0 --> "G:\Program Files\WinMerge\unins000.exe"
WinPatrol 2007 --> C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
Wondershare iPod Slideshow 1.0.0 --> "G:\Program Files\Wondershare\iPod Slideshow\unins000.exe"
Word Challenge Extreme --> G:\Program Files\Alawar\Word Challenge Extreme\uninstal.exe
XML Paper Specification Shared Components Pack 1.0 -->
Yet Another Free RayTracer for Windows 0.0.9 Optimized for Pent --> "G:\Program Files\YafRay\unins000.exe"
YouTube Uploader --> MsiExec.exe /X{171818BA-E0AD-313D-B45A-1BC9D77ADA86}
Zamby and the Mystical Crystals --> g:\Program Files\Zamby and the Mystical Crystals\uninstall.exe
ZoneAlarm Security Suite --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type6869 / Warning
Event Submitted/Written: 05/27/2008 09:06:08 PM
Event ID/Source: 3 / SQLBrowser
Event Description:
The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

Event Record #/Type6851 / Success
Event Submitted/Written: 05/27/2008 09:05:53 PM
Event ID/Source: 2570 / Adobe Active File Monitor 6.0
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type6848 / Error
Event Submitted/Written: 05/27/2008 08:55:12 PM
Event ID/Source: 0 / pctsSvc.exe
Event Description:
The service process could not connect to the service controller

Event Record #/Type6824 / Warning
Event Submitted/Written: 05/27/2008 05:04:38 PM
Event ID/Source: 3 / SQLBrowser
Event Description:
The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

Event Record #/Type6809 / Success
Event Submitted/Written: 05/27/2008 05:04:12 PM
Event ID/Source: 2570 / Adobe Active File Monitor 6.0
Event Description:
Adobe Active File Monitor Service has Started.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type26929 / Warning
Event Submitted/Written: 05/30/2008 00:12:20 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-ZE8CXVR8TT27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-ZE8CXVR8TT27 can't undo changes that you allow.

For more information please see the following:
%YOUR-ZE8CXVR8TT275

Scan ID: {B0702FDE-30D6-4D15-8C66-D13FB2F4DE10}

User: YOUR-ZE8CXVR8TT\Owner

Name: %YOUR-ZE8CXVR8TT271

ID: %YOUR-ZE8CXVR8TT272

Severity: 1.1.1592.05

Category: 1.1.1592.06

Path Found: %YOUR-ZE8CXVR8TT276

Alert Type: %YOUR-ZE8CXVR8TT278

Detection Type: 1.1.1592.02

Event Record #/Type26928 / Warning
Event Submitted/Written: 05/30/2008 00:12:20 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-ZE8CXVR8TT27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-ZE8CXVR8TT27 can't undo changes that you allow.

For more information please see the following:
%YOUR-ZE8CXVR8TT275

Scan ID: {7A6F8B95-4730-40D3-831C-FC831BDC083E}

User: YOUR-ZE8CXVR8TT\Owner

Name: %YOUR-ZE8CXVR8TT271

ID: %YOUR-ZE8CXVR8TT272

Severity: 1.1.1592.05

Category: 1.1.1592.06

Path Found: %YOUR-ZE8CXVR8TT276

Alert Type: %YOUR-ZE8CXVR8TT278

Detection Type: 1.1.1592.02

Event Record #/Type26927 / Warning
Event Submitted/Written: 05/30/2008 00:12:20 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-ZE8CXVR8TT27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-ZE8CXVR8TT27 can't undo changes that you allow.

For more information please see the following:
%YOUR-ZE8CXVR8TT275

Scan ID: {F0EEA2F4-FDA4-4873-9609-766C4E0F2F32}

User: YOUR-ZE8CXVR8TT\Owner

Name: %YOUR-ZE8CXVR8TT271

ID: %YOUR-ZE8CXVR8TT272

Severity: 1.1.1592.05

Category: 1.1.1592.06

Path Found: %YOUR-ZE8CXVR8TT276

Alert Type: %YOUR-ZE8CXVR8TT278

Detection Type: 1.1.1592.02

Event Record #/Type26926 / Warning
Event Submitted/Written: 05/30/2008 00:12:18 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-ZE8CXVR8TT27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-ZE8CXVR8TT27 can't undo changes that you allow.

For more information please see the following:
%YOUR-ZE8CXVR8TT275

Scan ID: {A53C2317-4B92-47E0-8D63-4C4A76D56465}

User: YOUR-ZE8CXVR8TT\Owner

Name: %YOUR-ZE8CXVR8TT271

ID: %YOUR-ZE8CXVR8TT272

Severity: 1.1.1592.05

Category: 1.1.1592.06


Path Found: %YOUR-ZE8CXVR8TT276

Alert Type: %YOUR-ZE8CXVR8TT278

Detection Type: 1.1.1592.02

Event Record #/Type26925 / Warning
Event Submitted/Written: 05/30/2008 00:12:18 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%YOUR-ZE8CXVR8TT27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %YOUR-ZE8CXVR8TT27 can't undo changes that you allow.

For more information please see the following:
%YOUR-ZE8CXVR8TT275

Scan ID: {299C2481-4862-4955-AEA7-D77221970160}

User: YOUR-ZE8CXVR8TT\Owner

Name: %YOUR-ZE8CXVR8TT271

ID: %YOUR-ZE8CXVR8TT272

Severity: 1.1.1592.05

Category: 1.1.1592.06

Path Found: %YOUR-ZE8CXVR8TT276

Alert Type: %YOUR-ZE8CXVR8TT278

Detection Type: 1.1.1592.02



-- End of Deckard's System Scanner: finished at 2008-05-30 00:20:17 ------------




Kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 29, 2008 11:41:55 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/05/2008
Kaspersky Anti-Virus database records: 812078
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 411271
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 12:02:50

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\MailFrontier\reginfo.xml Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-10302006-222641.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_634.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\MailFrontier\ASD.log Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.jp2\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.jp2\content-prefs.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.jp2\cookies.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.jp2\downloads.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.jp2\formhistory.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.jp2\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.jp2\parent.lock Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.jp2\permissions.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.jp2\places.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.jp2\places.sqlite-journal Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.jp2\places.sqlite-stmtjrnl Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.jp2\search.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{CEAF7E11-AFF8-4EA4-9A27-D4A31C13E9AF} Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.jp2\XUL.mfl Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF4DE1.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF9405.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_459.trc Object is locked skipped
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP264\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\$NtUninstallKB823182$\cryptui.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\$NtUninstallKB823182$\spuninst\spuninst.bat Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\$NtUninstallKB823182$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\$NtUninstallKB823182$\spuninst\spuninst.inf Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndis.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\netshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833998$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833998$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Internet Logs\YOUR-ZE8CXVR8TT.ldb Object is locked skipped
C:\WINDOWS\ModemLog_Agere Win Modem.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{405D690D-78AF-42B0-830B-244AD4B10D98}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\SYSTEM32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT055b1.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT055b4.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP265\change.log Object is locked skipped

Scan process completed.


I hope this wasn't too much for one post.
Thank you for your help!

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:53 PM

Posted 29 June 2008 - 02:18 PM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new HijackThis log. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 oddly

oddly
  • Topic Starter

  • Members
  • 168 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 29 June 2008 - 04:10 PM

Hi suebaby41 and thank you for your help!

I'm still here and trying to learn.

Things sped up on both systems after I uninstalled Spyware Doctor, but I still have those windows that open and shut at startup. Here is a new HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:23:43 PM, on 6/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
G:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\Macrium\Reflect\ReflectService.exe
G:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\LTMSG.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
G:\Program Files\UPHClean\uphclean.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
G:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\WINDOWS\system32\fxssvc.exe
G:\Program Files\Launchy\Launchy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.outdrs.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: (no name) - {2F2FBF0D-254F-11D5-B1E5-0050DAD7AF62} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - G:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - G:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [StorageGuard] C:\Program Files\VERITAS Software\Update Manager\sgtray.exe /r
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SandboxieControl] "G:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Startup: ERUNT AutoBackup.lnk = G:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Launchy.lnk = G:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to EverNote - res://G:\Program Files\EverNote\EverNote\enbar.dll/2000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - G:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - G:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.erightsoft.com
O16 - DPF: ppctlcab -
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} -
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} -
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141233614749
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141237300702
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} -
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/install/gtdownls.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Plug-in 1.4.2_05) -
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Plug-in 1.4.2_06) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?326
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} -
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - G:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - G:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - G:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - G:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 13004 bytes

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:53 PM

Posted 30 June 2008 - 01:17 PM

A few things you may do prior to cleaning:During the cleaning process, if any other issues appear, please let us know.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:53 PM

Posted 30 June 2008 - 01:43 PM

You may want to print this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step 1

I noticed that your Java Runtime Environment is out of date.

Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove the older versions of Java Runtime Environment..
  • Close any programs you may have running, ESPECIALLY your web browser
  • Click Start > Control Panel.
  • Click Add/Remove Programs.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove all versions of Java.
  • Reboot your computer after all Java components are removed.
Please download the latest Java Runtime Environment.
  • Scroll down to where it says Java Runtime Environment (JRE) 6 Update 6. The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right. When a new window opens, you will see
    NOTE: This page offers files for different platforms - please be sure to download the proper file(s) for your platform.
    Required: You must accept the license agreement to download the product.
  • Click to place a check mark by Accept License Agreement.
  • Make the selection corresponding to your computer platform. For Windows, click on Windows Offline Installation, Multi-languagelink to download. Save it to your desktop.
  • On your desktop, double-click on jre-6u6-windows-i586-p.exe to install the newest version.
After you have installed the Java software on your computer, you must restart your browser. You can verify that Java Runtime Environment (RTE) has been installed correctly by clicking on the Verify Installation button on the Welcome To Java and Verify Installation page.

Step 2

In normal mode, run an online antivirus check from at least two and preferably three of the following sites
BitDefender
Computer Associates Online Virus Scan
Panda's ActiveScan
Trend Micro Housecall
Windows Live Safety Center Free Online Scan
This scanner from Trend does not require an Active X to run.
  • Detects and removes malware ( viruses, worms, trojans, etc. )
  • Detects and removes grayware and spyware
  • Restores damage caused by malware to your system.
  • Notifies about vulnerabilities in installed programs and connected network services.
  • Multi-platform support for: Windows, Linux, Solaris.
  • Easy-to-use with the Microsoft Internet Explorer and Mozilla Firefox.
When you have completed the scans, if you get a report of files that can’t be cleaned / deleted, make a note of the file location of anything that cannot be deleted so you can delete it yourself. Please post that list in your next reply.

Step 3

Please download Ad-Aware 2008.
Please check this link, Ad-Aware 2007/2008 for instructions on how to download, install and use Ad-Aware. Run this program as soon as possible.

Step 4

I recommend using Spyware Blaster along with Spyware Guard.Step 5

Windows Defender is a free program that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. It features Real-Time Protection, a monitoring system that recommends actions against spyware when it is detected and minimizes interruptions and helps you stay productive.

Please download and install Windows Defender.
  • Confirm that your computer meets the minimum system requirements to install Windows Defender.
  • Visit the Windows Defender page in the Microsoft Download Center. Click the Continue button and follow the directions on the succeeding pages to download the program and start the Installation Wizard.
  • Follow the steps in the Installation Wizard. You will be asked if you want to participate in the Microsoft SpyNet online community. We suggest you choose the first option,
  • Use recommended settings.
  • Click Next to continue.
  • Click Install to begin installing Windows Defender.
  • When installation is complete, click Finish. Windows Defender will begin to scan your computer.
  • For more information, See How to install and set up Windows Defender
Step 6

ATF-Cleaner features include:
  • Cleaning of all user temp folders, administrator only can use this feature.
  • Cleaning of the Java cache, which seems to be harboring more and more malware.
  • Cleaning the cache, cookies, history, download history, visited links and saved passwords. You have the option of checking no if you want to save your passwords.
Please download the ATF-Cleaner by Atribune.
Instructions:
  • Double-click ATF-Cleaner.exe to run the program.
  • Check the boxes to the left of:
    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch (Windows XP) only
    • Java Cache
  • The rest are optional - if you want to remove them all, check Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
If you use the Firefox browser:
  • Click Firefox at the top and choose: Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use the Opera browser:
  • Click Opera at the top and choose: Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
If needed, Tutorial on ATF Cleaner with pictures.
Do not run it yet.

Step 7

Please disconnect from the Internet. Please close ALL browser windows (including this one).


O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

The O6's above should only be present for one or more of the following reasons:
  • You set the restrictions on purpose.
  • You used an anti-spyware program like Spybot -S&D's Home Page and Option Lock down features in the Immunize section of Spybot-S&D.
  • Your workplace administrator or network administrator set the restrictions.
If none of the above reasons apply, check them to be fixed with HijackThis.

Now we will address the HijackThis fixes.

Please run HijackThis and click Scan Place checks next to the following entries (make sure not to miss any):

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file
O2 - BHO: (no name) - {2F2FBF0D-254F-11D5-B1E5-0050DAD7AF62} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: ppctlcab -
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} -
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Plug-in 1.4.2_05) -
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Plug-in 1.4.2_06) -
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} -
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - G:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe


Optional fixes are not required to start automatically as you can start them manually if you need them.

Your computer may be sluggish due to the many programs loading during startup and running in the background that are not necessary. Windows has a facility for starting programs at startup time. Some of these programs are required for your computer and the applications installed on it to run correctly. A good example of such a program is a virus-checking application that must always run, constantly checking for and isolating or removing files with viruses. Other such programs are not strictly required, or are optional. In some cases, you can gain significant performance enhancements by disabling the automatic startup of these programs. In many cases, the functionality offered by the programs is still available by starting the programs manually by, for example, starting the program from the Windows Start->Programs menu. Media players and instant messaging programs often fall into this category. In fact, it is common for many modern software applications, when installed, to add programs at startup that add items to the system tray or shortcut (context) menus in Windows Explorer to provide quick access to the features and functions of these applications. While they may be useful, they do increase boot time and consume system resources. It is advised that you disable these programs so that they do not take up necessary resources or slow the boot time.

Other than ScanRegistry, SystemTray, StateMgr, antivirus program entries, and firewall program entries, very few others need to load and run.

Read the articles below to see if it applies to your computer problem with being slow to respond.
Slow_Computer_Check_here_first_it_may_not_be_malware.
Help! My computer is slow!
50 Tips for a Super Fast PC
4 Ways to Speed Up Your Computer's Performance
It's not always malware: How to fix the top 10 Internet Explorer issues

If you decide that you want to stop the Optional Fixes in your startup, let me know and I will give you a list with instructions. You would not be removing the program itself, just removing them from your startup.

If you did not add the listed domain to the Trusted Zones yourself, have HijackThis fix it.

O15 - Trusted Zone: http://www.erightsoft.com

Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.

Step 8

Let’s run ATF-Cleaner to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer.

Step 9

Please run HijackThis in Normal Mode and post a new HijackThis log so I can make sure that all the malware was deleted according to plan.

Please post the list of filenames and locations for any files that can’t be cleaned / deleted that were reported after you completed the online scans.

Please advise me of any problems you still have.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#6 oddly

oddly
  • Topic Starter

  • Members
  • 168 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 01 July 2008 - 11:21 AM

Hi,

I started last night and I'm about halfway through my first online virus scan. I just wanted to let you know that this will probably take a while. I have a lot of files and programs and it usually takes about 20 hours for my Zonealarm suite to scan my computer.

Also on this part of the fix;

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

The O6's above should only be present for one or more of the following reasons:

1. You set the restrictions on purpose.
2. You used an anti-spyware program like Spybot -S&D's Home Page and Option Lock down features in the Immunize section of Spybot-S&D.
3. Your workplace administrator or network administrator set the restrictions.

If none of the above reasons apply, check them to be fixed with HijackThis.



I have used Spybot Search and Destroy to immunize my computer. Do you think i should skip this, or fix this entry and not immunize?

#7 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:53 PM

Posted 01 July 2008 - 06:44 PM

Just skip the O6 entry. As long as it is something that you did, there is no problem.

Take your time doing the steps. I know what you mean about programs taking a long time to scan since you have a lot of files. I have two hard drives and unless it is a program that I can set to scan just C:, the scan takes a long time. I just start the scan and leave the computer to do something else.

If you have any more questions, please let me know.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#8 oddly

oddly
  • Topic Starter

  • Members
  • 168 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 06 July 2008 - 09:57 AM

Hi suebaby,

I updated Java

I'm having some issues with the online scans.

1. Windows One-care didn't find any problems


2. Bitdefender found three files that are part of my hp system and I can't find a way to exempt a files from cleanup (if you think I should):

c:\hp\bin\autoplay.exe ( I think this is required for my cd drive)
c:\hp\bin\terminator.exe
c:\hp\bin\processlogger.exe

I think the last two are for hp's backweb service? So it should be ok to remove them, but I just don't know about the first file.

3. TrendMicro Housecall didn't find any of these, but found one grayware file classified as adware in C:\Windows\System 32\drivers\stc\hosts\127.0.0.1. However, when I try to fix it I get this error;

Housecall client cannot be executed due to internal errors

and it also says to contact my system administrator.

I did download the new ad-aware 2008 and it didn't find any problems except some cookies which iy removed with no trouble.

#9 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:53 PM

Posted 06 July 2008 - 03:00 PM

2. Bitdefender found three files that are part of my hp system and I can't find a way to exempt a files from cleanup (if you think I should):

c:\hp\bin\autoplay.exe ( I think this is required for my cd drive)
c:\hp\bin\terminator.exe
c:\hp\bin\processlogger.exe

I think the last two are for hp's backweb service? So it should be ok to remove them, but I just don't know about the first file.

There should be a list of files that have a check mark by them. Click on them to remove the check mark for files you know to be legitimate.

3. TrendMicro Housecall didn't find any of these, but found one grayware file classified as adware in C:\Windows\System 32\drivers\stc\hosts\127.0.0.1. However, when I try to fix it I get this error;

Do you mean etc instead of stc? It looks like Trend Micro picked up a change in your hosts files. Have you made changes in your hosts file like using the mvps hosts file?
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#10 oddly

oddly
  • Topic Starter

  • Members
  • 168 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 06 July 2008 - 03:39 PM

Thanks, I'll re-run bit defender and uncheck the autoplay.exe file.

You are right, it is supposed to be etc, I haven't made any deliberate changes to the hosts file. Unless Zonealarm or winpatrol has done it, but I think they only warn if something tries to change the hosts file,

#11 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:53 PM

Posted 07 July 2008 - 07:51 AM

It is probably not a good idea to try to delete the 127.0.0.1. I do not have any idea why Trend Micro would identify this in the host file.

127.0.0.1 is the standard IP address used for a loopback network connection.
This means that if you try to connect to 127.0.0.1, you are immediately looped back to your own machine.

I recommend using the MVPS Hosts file.

Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
  • Click the start button on the task bar at the bottom of your screen
  • Click run
  • In the dialog box, type services.msc
  • hit enter, then locate dns client
  • Highlight it, then doubleclick it.
  • On the dropdown box, change the setting from automatic to manual.
  • Click OK.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#12 oddly

oddly
  • Topic Starter

  • Members
  • 168 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 08 July 2008 - 06:15 PM

Hi again, :thumbsup:

I've finally finished all the steps and ran a disk defrag. I also downloaded and am using the MVPS hosts file. Spybot S&D also modifies the hosts file so. perhaps, that is why mine seemed suspicious to Trend Micro's scan.

The computer is faster going to the choose user screen and much faster when browsing the drives. I still get those odd windows after the icons load that just open and shut down immediately. I would like to try stopping the optional services if you think that the computer is ready for the optional fixes. Perhaps my winpatrol settings are stopping a service or something that is opening those windows.

Anyway, here is the latest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:19 PM, on 7/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\Macrium\Reflect\ReflectService.exe
G:\Program Files\Sandboxie\SbieSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
G:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\LTMSG.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
G:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
G:\Program Files\Launchy\Launchy.exe
G:\Program Files\SpywareGuard\sgmain.exe
G:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.outdrs.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - G:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - G:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - G:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [StorageGuard] C:\Program Files\VERITAS Software\Update Manager\sgtray.exe /r
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SandboxieControl] "G:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Startup: ERUNT AutoBackup.lnk = G:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Launchy.lnk = G:\Program Files\Launchy\Launchy.exe
O4 - Startup: SpywareGuard.lnk = G:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to EverNote - res://G:\Program Files\EverNote\EverNote\enbar.dll/2000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - G:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - G:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141233614749
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141237300702
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jr...ows-i586-jc.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/install/gtdownls.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?326
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - G:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - G:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - G:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 12612 bytes

#13 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:53 PM

Posted 08 July 2008 - 09:12 PM

Your log looks good.

Remember that you are not removing the program itself, you are just removing it from your startup.


Please run HijackThis and click Scan. Place checks next to the following entries.

SiteAdv.exe (McAfee's SiteAdvisor) process can be removed to free up resources without compromising system performance. Part of McAfee's SiteAdvisor Program. When installed, SiteAdvisor alerts you about whether a site is safe or not when you visit it. The 4608 in the path is the version number and will change as they release new ones. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"

sgtray.exe (VERITAS StorageGuard Tray Application) process can be removed to free up resources without compromising system performance. sgtray.exe is a utility from VERITAS Software Corporation which installs itself on the system tray bar, and serves to remind you to backup your files. This is a non-essential process. Disabling or enabling it is down to user preference. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:


O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

NvCpl.dll,NvStartup initializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

hpsysdrv.exe (HP Utility To Monitor Recoveries) process can be removed to free up resources without compromising system performance. hpsysdrv.exe is a utility from HP which monitors how many recoveries have been made in Microsoft Office suite. This is a non-essential process. Disabling or enabling it is down to user preference. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

hpztsb05.exe (HPDJ Taskbar Utility) process can be removed to free up resources without compromising system performance. hpztsb04.exe (HPDJ Taskbar Utility) is (1) Ghostscript device driver for printers understanding Hewlett-Packard's Printer Command Language. or (2) Creates 1 or all 3 icons on taskbar. The 1st one has a yellow border around it warning that ink is low on the printer. The 2nd one is HP Device Detection Software and the 3rd one is about a card being inserted into the Hp printer. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

HPWuSchd2.exe and HPWuSchd.exe (HP software updates) process can be removed to free up resources without compromising system performance. This is the HP software updates. If a shortcut doesn't exist, create your own and run it manually. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

You have NvMcTray.dll,NvTaskbarInit running at Startup. This is a System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

You have iTunesHelper.exe running at Startup. iTunesHelper.exe is a process belonging to Itunes MP3 streaming tool by Apple which allows you to play MP3's. This process speeds up iTunes when it starts, and the program also monitors for connected iPod devices. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

You have jusched.exe running at Startup. It checks with Sun's Java updates site to see if newer Java versions are available. This program is not required to start automatically. You can do this manually by visiting http://java.sun.com or just run the Java Plug-In Control Panel. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

WMPNSCFG.exe (Windows Media Player) process can be removed to free up resources without compromising system performance. A program associated with Windows Media Player. According to this technote, wmpnscfg.exe is used to alert users when a new media device is found on the network. Wmpnscfg is also responsible for starting the Windows Media Player Network Sharing Service (NSS) and then waits for notifications from the service. When wmpnscfg is notified that a new media device is available on the network, it displays a popup in the system tray that informs the user about the availability of the new device. If the user clicks the popup, wmpnscfg launches Windows Media Player, which displays a dialog box that asks the user to either allow or deny sharing with the new device. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time.

James Dooley, Development Lead, Windows Media Devices Group, Microsoft Corp.
wrote:

  • To exit that app, run (Note that "/Close" is case sensitive):
    \Program Files\Windows Media Player\wmpnscfg.exe" /Close
  • To make it not run again, open the registry key
    HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Preferences\HME and set the DWORD value DisableDiscovery to 2.
  • If you had a UPnP Media Renderer or control point on your local network, you'd also be able to disable it by right-clicking on its taskbar icon (which only shows if it finds a UPnP
    Media Renderer or control point) and choose "Disable Future Notifications".
  • As to why it starts running when you've disabled media sharing, that's a bug
    in WMP 11 Beta2.

It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

SbieCtrl.exe (SandBoxie) process can be removed to free up resources without compromising system performance. Related to SandBoxie Sand box application. Data may flow from the hard disk into the sandbox. But data never flows back from the sandbox into the hard disk. Note: Located in C:\Program Files\Sandboxie\. This is a valid program but it is not required to run on startup. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - HKCU\..\Run: [SandboxieControl] "G:\Program Files\Sandboxie\SbieCtrl.exe"

DvzIncMsgr.exe (DataViz Inc Messenger) process can be removed to free up resources without compromising system performance. Installed with DataViz "Documents to Go" software. This is a valid program but it is not required to run on startup. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe

AUTOBACK.EXE ( ERUNT AutoBackup) process can be removed to free up resources without compromising system performance. ERUNT backup utility - when added to the user's startup folder automatically backs up the registry each time the system boots, resulting in numerous backups that can be restored if desired. This is a valid program but it is not required to run on startup. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - Startup: ERUNT AutoBackup.lnk = G:\Program Files\ERUNT\AUTOBACK.EXE

osa.exe or Osa9.exe launches common MS Office components to help speed up the launch of Office programs. Some users claim there's no difference with or without it (Osa9.exe is the Office 2000 variant). This program is not required to start automatically as you can run it when you need to. It is advised that you disable this program so that it does not take up necessary resources. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office\OSA9.EXE

msmsgs.exe (MSN Messenger Internet chat tool) is the main process relating to the MSN Messenger Internet chat tool installed by default on most Windows computers. The Windows Messenger (IM, MSN Messenger) from Microsoft provides Online Chat and Instant Messaging. If you don't use Windows Messenger, you can
  • Rename the "Messenger" folder.
  • Uninstall, Stop, Disable or Remove "Windows Messenger (IM, MSN Messenger)".
A tray bar is also installed alongside this process for easy access to its features which include Internet chat, file sharing and audio/video conferencing. This is a non-essential process. Disabling or enabling it is down to user preference. process can be removed to free up resources without compromising system performance. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

AppleMobileDeviceService.exe (Apple Mobile Device) process can be removed to free up resources without compromising system performance. Used by iTunes to communicate with the Apple iPhone when it is connected to your computer. This is a valid program, but it is up to you whether or not you want it to run on startup. Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. Many users have reported this process slows their boot time. To change the service to Manual.
  • Right-click on My Computer and choose Manage.
  • Expand the Services and Applications section and click on Services.
  • On the right-side of the screen, find the entry for Apple Mobile Device and double-click on it.
  • Change the Startup Type: to Manual.
  • Hit the OK button and close the Computer Management screen.
It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

IDriverT.exe (InstallDriver Table Manager) process can be removed to free up resources without compromising system performance. IDriverT.exe is a process which belongs to the InstallShield product installation service which should only appear when you are installing a new piece of software. This program is not required to start automatically as you can start it manually if you need it. To change to Manual:
  • Right-click on My Computer and choose Manage.
  • Expand the Services and Applications section and click on Services.
  • On the right-side of the screen, find the entry for InstallDriver Table Manager and double-click on it.
  • Change the Startup Type: to Manual.
  • Hit the OK button and close the Computer Management screen.
Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

ipodservice.exe is a process belonging to Apple's iTunes peer-to-peer download tool. The ipodservice.exe process is a utility used to download mp3 files for your iPod. If you do not use it, or do not have an iPod, you can safely disable this process. This process can be removed to free up resources without compromising system performance. It is advised that you disable this program so that it does not take up necessary resources. To disable ipodservice, click Start > Settings > Control Panel > Performance and Maintenance > Administrative Tools > Services. Find the IpodService, Right-click and select Properties. Change the setting in StartUp type: to Disabled or click Start > Run. Type services.msc Find the IpodService, Right-click and select Properties. Change the setting in StartUp type to Disabled to disable the service. Item(s) to fix in HijackThis:

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

NMIndexingService.exe (Nero) process can be removed to free up resources without compromising system performance. nmindexingservice.exe is a Nero Home from Nero AG belonging to Nero Home. NMIndexingService.exe is related to Ahead Nero Multimedia Applications. It is used for media files quick indexing. This file is normally located at "C:\Program Files\Common Files\Ahead\Lib\". Like most of the indexing programs bundled with many applications, it is not as useful as it is claimed to be. You can disable it to save computer resources. This program is not required to start automatically as you can start it manually if you need it. It is advised that you disable this program so that it does not take up necessary resources. To change the service to Manual.
  • Right-click on My Computer and choose Manage.
  • Expand the Services and Applications section and click on Services.
  • On the right-side of the screen, find the entry for NMIndexingService and double-click on it.
  • Change the Startup Type: to Manual.
  • Hit the OK button and close the Computer Management screen.
Many users have reported this process slows their boot time. It may be worthwhile to fix it with HijackThis. Item(s) to fix in HijackThis:

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.

If you have any questions, please ask. If you would like for me to look at your HijackThis log after you complete the Optional Fixes, I would be glad to do so.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#14 oddly

oddly
  • Topic Starter

  • Members
  • 168 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 09 July 2008 - 09:51 PM

Thanks for all your help! I really do appreciate it. The only entry I didn't fix was the ipod service since I use it so often. Startup is quite a bit faster now and I'm not using as much cpu either. Here is the new log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:11 PM, on 7/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\Macrium\Reflect\ReflectService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
G:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\LTMSG.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Launchy\Launchy.exe
G:\Program Files\SpywareGuard\sgmain.exe
G:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
G:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.outdrs.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - G:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - G:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - G:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Launchy.lnk = G:\Program Files\Launchy\Launchy.exe
O4 - Startup: SpywareGuard.lnk = G:\Program Files\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to EverNote - res://G:\Program Files\EverNote\EverNote\enbar.dll/2000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - G:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - G:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141233614749
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141237300702
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jr...ows-i586-jc.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/install/gtdownls.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?326
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - G:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - G:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - G:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 10294 bytes

#15 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:53 PM

Posted 12 July 2008 - 09:09 AM

Tips To Protect Your Computer
  • Avoid inviting the monsters in by clicking on links in instant messages.
  • Avoid opening email attachments.
  • Avoid visiting every poker site on the net.
  • Avoid downloading all that free cute junk.
  • Avoid using the peer-to-peer file sharing.
  • Avoid getting those handy toolbar doodads for your browsers.
  • There are horrible critters out there just waiting to pounce on your system if you only pass by where they are lurking, which may be at some seemingly innocent web site. Be careful because some of these monsters are so vicious that no one can possibly save you once you let them in.
  • Remember that new bad stuff emerges every week of the year. Take responsibility for protecting your system because you are its first and best defense.
Tools Downloaded To Clean Your Computer

I asked you to install some tools. Whether or not you need to keep these programs must be decided by you. If you choose to uninstall them, follow these directions:
  • Click Start > Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight the program, click Remove.
  • Close the Add or Remove Programs and the Control Panel windows.
Optional Tools:
  • Ad-Aware 2007/2008 scans, detects, and removes spyware on your computer.
  • ATF-Cleaner features include:
    • Cleaning of all user temp folders, administrator only can use this feature.
    • Cleaning of the Java cache, which seems to be harboring more and more malware.
    • Cleaning the cache, cookies, history, download history, visited links and saved passwords.
    • Scan weekly if you have high Internet use.
  • HijackThis may be uninstalled; however, if you should ever encounter another problem and seek help in this forum or others like it, you will need to download this application.
Restore the default settings for files/folders.
  • Go to My Computer.
  • Select the Tools menu and click Folder Options.
  • Click the View tab.
  • Under Advanced Settings, click the Restore Defaults button in the lower right corner.
  • Click Apply and then the OK and close My Computer.
Please take the time to read the "Steps To Keep Your Computer Clean And Secure" below.

Steps To Keep Your Computer Clean And Secure:

Please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. After cleaning, you will need to disable the System Restore function For Windows XP.
    Files placed in the System volume information folder are source files for the System Restore function that is available in Windows XP operating system. Files that were healed were moved in their original INFECTED state into this folder and it is necessary to DELETE them by following these steps:
    • Close all open programs. Then right-click My Computer on the Windows desktop
    • Click on Properties.
    • Click on the System Restore tab.
    • Check Turn off System Restore on all drives.
    • Restart the system.
    • Enable System Restore by going through the first four steps again and uncheck the item mentioned in Step D.
    • You can find instructions on how to disable and enable system restore in the Windows XP System Restore Guide.
  • Make your Internet Explorer more secure: This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it asks you if you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use IE-SPYAD: Install IE SPYAD. Add another level of protection to your Internet Explorer browser by blocking certain sites that are known to contain malware. IE SPYAD puts several thousand sites in your restricted zone so you'll be protected when you visit innocent looking sites that aren't actually innocent at all. If you happen on a site within its list, they can't hijack you or install anything. Program is free and is updated about once a month. Please follow readme instructions for install; it is a little different. Single user PC use IE Spyad1. Multi user XP PC use IE Spyad2.
  • Use a Firewall: - I cannot stress how important it is that you use a Firewall on your computer.  Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Computer Safety On line - Software Firewalls. For more information about firewalls, and why a two-way firewall is better than the Windows XP one-way firewall, please read Understanding and Using Firewalls.
  • Use An Antivirus Software and Keep It Updated: - It is very important that your computer has an antivirus software running on your machine.  This alone can save you a lot of trouble with malware in the future.  It is imperative that you update your antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out. For an article on antivirus programs and a listing of some available ones see the link below:
    Computer Safety On line - Anti-Virus
  • Visit Microsoft's Windows Update Site Frequently: It is important that you visit Microsoft Windows Update regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • You should scan your computer with Spybot S&D on a regular basis just as you would an anti- virus software. A tutorial on installing & using this product can be found here:
    Using Spybot - Search & Destroy to remove Spyware from Your Computer
  • You should scan your computer with Ad-Aware 2007/2008 as well as Spybot S&D and your anti-virus program on a regular basis. A tutorial on installing & using this product can be found here:
    Ad-Aware 2007/2008.
  • Update SpywareBlaster (at least weekly): SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firec settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line Anti Malware
  • Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    • Click the start button on the task bar at the bottom of your screen
    • Click run
    • In the dialog box, type services.msc
    • hit enter, then locate dns client
    • Highlight it, then doubleclick it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK.
  • Use an alternative instant messenger program:.Trillian and Miranda IM These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Please read Tony Klein's excellent article: How I got Infected in the First Place
  • Please read Understanding Spyware, Browser Hijackers, and Dialers
  • Please read Simple and easy ways to keep your computer safe and secure on the Internet.
  • If you are using Internet Explorer, please consider using an alternate browser: Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built in popup blocker (as an added benefit!) that I have ever seen.
    Another good browser is Opera . Opera 9 comes loaded with the tools to keep you productive and safe. Try it today, it's absolutely free. Some of the Opera features are: Customization, BitTorrent, Content blocker, Add your favorite search engines, Thumbnail preview of tabs, Widgets, Transfer manager, Tabbed browsing, Password manager, Sessions (You can save a collection of open tabs as a session, for later retrieval, or start with the pages you had open when Opera was last closed.), Keyboard Shortcuts, Cookie control, a multitude of languages, Validate code, Toggle graphics and style sheets, and Special features such as Full-screen mode, Kiosk mode.
  • Update all these programs regularly: Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
  • If your computer was infected by a website, a program, IM, MSN, or p2p, check this site because it is Time To Fight Back.
Follow these steps and your potential for being infected again will reduce dramatically.
Good luck!
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users