Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Started With Outerinfo Infection


  • Please log in to reply
1 reply to this topic

#1 slipre2

slipre2

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 13 June 2008 - 09:56 AM

Hello, I began with a very slow internet, then more than enough pop ups, i assume through the outerinfo which I removed from the control panel. I then ran your combo fix and the dss. Here is a copy of the report. I am completely computer illiterate and just loved your step by step instructions. But because I know nothing, I am not even sure how to read the reports. I don't know if I have been repaired? or if there is more to look into.. Thanks for your support!
ComboFix 08-06-11.7 - Owner 2008-06-13 8:29:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.31 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\FunWebProducts
C:\Documents and Settings\Owner\Application Data\YMANTE~1
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Installr\2.bin\F3EZSETP.DLL
C:\Program Files\FunWebProducts\Installr\Cache\0A224EF4.exe
C:\Program Files\FunWebProducts\Installr\Cache\files.ini
C:\Program Files\FunWebProducts\ScreenSaver\Images\050FEDD2.urr
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak
C:\Program Files\outlook
C:\Program Files\outlook\p.zip
C:\WINDOWS\BM1fae33bf.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Fonts\CALIBRIB.TTF
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\dtewjmwm.ini
C:\WINDOWS\system32\joledthw.ini
C:\WINDOWS\system32\jwtoinwq.dll
C:\WINDOWS\system32\khfDsrsS.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mwmjwetd.dll
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\paqhtspd.dll
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\SsrsDfhk.ini
C:\WINDOWS\system32\SsrsDfhk.ini2
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\tuvWonMf.dll
C:\WINDOWS\system32\vldresif.ini
C:\WINDOWS\system32\vlwudyvc.dll
C:\WINDOWS\system32\whtdeloj.dll
C:\WINDOWS\system32\xjfocykm.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))
.

2008-06-11 23:09 . 2008-06-11 23:09 4,286 --a------ C:\WINDOWS\system32\Jamster.ico
2008-06-11 19:14 . 2008-06-11 19:14 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-06-11 19:11 . 2008-06-12 19:42 <DIR> d-------- C:\Program Files\4PLAY 4
2008-06-11 19:11 . 1996-03-03 11:07 1,015,568 --a------ C:\WINDOWS\system32\MSJT3032.DLL
2008-06-11 19:11 . 2008-06-11 19:11 302,352 --a------ C:\WINDOWS\system32\MSWNG300.DLL
2008-06-11 19:11 . 1996-03-03 11:07 250,640 --a------ C:\WINDOWS\system32\MSRD2X32.DLL
2008-06-11 19:11 . 1996-03-03 11:08 243,984 --a------ C:\WINDOWS\system32\VBAR2232.DLL
2008-06-11 19:11 . 1996-03-03 11:08 38,912 --a------ C:\WINDOWS\system32\im31jpg.dil
2008-06-11 19:11 . 1996-03-03 11:07 35,600 --a------ C:\WINDOWS\system32\MSJINT32.DLL
2008-06-11 19:11 . 1996-03-03 11:08 33,792 --a------ C:\WINDOWS\system32\im31pcx.dil
2008-06-11 19:11 . 1996-03-03 11:07 23,824 --a------ C:\WINDOWS\system32\MSJTER32.DLL
2008-06-11 19:11 . 1996-03-03 11:08 20,480 --a------ C:\WINDOWS\system32\im31bmp.dil
2008-06-11 19:08 . 1996-03-03 11:04 60,416 --a------ C:\WINDOWS\ST4UNST.EXE
2008-06-11 19:04 . 2008-06-12 10:02 <DIR> d-------- C:\WINDOWS\system32\logXv07
2008-06-11 19:04 . 2008-06-11 19:04 <DIR> d-------- C:\Temp\dmpxp32
2008-06-10 14:16 . 2008-06-12 19:34 <DIR> d-------- C:\Program Files\BearShare Pro
2008-06-10 14:16 . 2008-06-12 16:49 <DIR> d-------- C:\DOWNLOADS
2008-06-10 14:16 . 2008-06-12 16:51 <DIR> d-------- C:\!Temp
2008-06-01 20:11 . 2008-06-01 20:11 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SpinTop
2008-06-01 09:59 . 2008-06-02 12:34 <DIR> d-------- C:\Program Files\GHOST Hunters The Haunting Of Majesty Manor
2008-05-30 09:07 . 2008-06-12 21:20 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-05-26 09:29 . 2008-05-26 16:45 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\MysteryStudio
2008-05-25 22:01 . 2008-05-25 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Astar Games
2008-05-25 20:55 . 2008-05-25 20:55 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SultansLabyrinth
2008-05-25 19:12 . 2008-05-25 19:12 <DIR> d-------- C:\Program Files\bfgclient
2008-05-25 19:11 . 2008-05-25 19:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-05-25 17:51 . 2008-05-25 17:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Abra Academy2
2008-05-21 16:23 . 2008-05-21 16:23 268 --ah----- C:\sqmdata00.sqm
2008-05-21 16:23 . 2008-05-21 16:23 244 --ah----- C:\sqmnoopt00.sqm
2008-05-21 16:23 . 2008-05-21 16:23 172 --ah----- C:\sqmnoopt01.sqm
2008-05-21 16:23 . 2008-05-21 16:23 148 --ah----- C:\sqmnoopt02.sqm
2008-05-21 16:23 . 2008-05-21 16:23 148 --ah----- C:\sqmdata02.sqm
2008-05-21 16:23 . 2008-05-21 16:23 136 --ah----- C:\sqmdata03.sqm
2008-05-21 16:23 . 2008-05-21 16:23 136 --ah----- C:\sqmdata01.sqm
2008-05-21 14:45 . 2008-06-03 07:25 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-05-21 12:20 . 2008-05-21 12:20 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-05-19 19:04 . 2008-05-24 21:35 <DIR> d-------- C:\Program Files\Travelogue 360 Rome
2008-05-19 19:03 . 2008-05-24 20:56 <DIR> d-------- C:\Program Files\Spirit Of Wandering The Legend
2008-05-18 19:10 . 2008-05-18 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gogii
2008-05-16 21:28 . 2008-05-16 21:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-16 21:28 . 2008-05-16 21:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-15 08:36 . 2008-05-21 09:15 <DIR> d-------- C:\Program Files\MySpace
2008-05-15 08:36 . 2008-05-15 08:36 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\MySpace

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 12:29 --------- d-----w C:\Program Files\Lx_cats
2008-06-13 01:41 --------- d-----w C:\Program Files\Google
2008-06-13 01:04 --------- d-----w C:\Documents and Settings\Owner\Application Data\InstallShield
2008-06-13 01:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 00:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-13 00:44 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-13 00:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-06-12 16:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-10 08:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-04 00:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-06-03 11:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-02 17:41 --------- d-----w C:\Documents and Settings\Owner\Application Data\Flood Light Games
2008-06-02 17:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-06-01 14:42 --------- d-----w C:\Program Files\RealArcade
2008-05-31 00:04 --------- d-----w C:\Documents and Settings\Owner\Application Data\PlayFirst
2008-05-31 00:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-27 23:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-27 23:13 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-05-27 00:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
2008-05-26 00:12 0 ----a-w C:\Program Files\temp01
2008-05-21 17:22 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-21 16:39 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-19 23:52 --------- d-----w C:\Program Files\Yahoo! Games
2008-05-19 02:18 --------- d-----w C:\Documents and Settings\Owner\Application Data\ForgottenRiddles
2008-05-17 05:16 --------- d-----w C:\Program Files\Yahoo!
2008-05-17 04:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
2008-05-02 23:10 --------- d-----w C:\Program Files\MSBuild
2008-05-02 15:51 --------- d-----w C:\Program Files\Microsoft Money 2005
2008-05-02 02:59 --------- d-----w C:\Documents and Settings\Owner\Application Data\Mysteryville2
2008-05-01 20:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-05-01 19:22 --------- d-----w C:\Documents and Settings\Owner\Application Data\Friday's games
2008-05-01 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Reflexivev1005
2008-04-29 15:52 2,966 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-04-26 02:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\JollyBear
2008-04-25 17:11 --------- d-----w C:\Documents and Settings\Owner\Application Data\SprillBermudeEng
2008-04-24 22:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\MegauploadToolbar
2008-04-24 15:48 --------- d-----w C:\Program Files\MegauploadToolbar
2008-04-24 15:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\Megaupload
2008-04-24 15:46 --------- d-----w C:\Program Files\Megaupload
2008-04-23 19:00 --------- d-----w C:\Program Files\SweetIM
2008-04-23 18:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\SweetIM
2008-04-18 23:27 --------- d-----w C:\Documents and Settings\Owner\Application Data\FloodLightGames
2008-04-18 23:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\FloodLightGames
2008-04-18 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\MonteCristo
2008-04-18 13:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-04-18 02:38 --------- d-----w C:\Program Files\ReflexiveArcade
2008-04-17 17:05 --------- d-----w C:\Program Files\Microsoft Works
2008-04-17 17:05 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-17 17:04 --------- d-----w C:\Program Files\Microsoft Expression
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2007-12-19 15:06 56,912 ----a-w C:\Documents and Settings\Owner\g2mdlhlpx.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 18:04 135168]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 23:24 32768]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 18:07 90112 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 11:32 7204864]
"nwiz"="nwiz.exe" [2005-09-18 11:32 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 11:32 86016]
"HostManager"="C:\Program Files\Common Files\AOL\1130671179\EE\AOLHostManager.exe" [2004-11-03 16:03 125528]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 09:21 69632]
"lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-05-04 18:24 200704]
"EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [2005-06-08 11:19 94208]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-05-03 13:20 299008]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-30 06:22 98304]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-27 21:11 185896]
"SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 19:31 111928]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2008-05-12 08:15:18 3656]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"hubbsi"= {7b1eeccd-0a6d-4ad5-8ac1-4af5722b3885} - blank [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1130671179\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\WINDOWS\\system32\\lxcgcoms.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-07 16:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97401071-4932-11da-95ca-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b462ef81-4ca6-11da-8ce3-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-06-13 13:08:03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-08 07:00:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-06-11 23:04:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-12 23:04:43 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 08:49:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\explorer.exe [1656] 0xFEF88DA0

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\COMMON~1\AOL\113067~1\EE\AOLServiceHost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-06-13 9:03:54 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-06-13 14:03:37

Pre-Run: 77,946,970,112 bytes free
Post-Run: 79,750,967,296 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

278 --- E O F --- 2008-06-10 08:04:48

``````````````````````````````````````````````````````````````````````````````
Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-13 09:40:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
116: 2008-06-13 14:40:52 UTC - RP468 - Deckard's System Scanner Restore Point
115: 2008-06-13 13:27:22 UTC - RP467 - ComboFix created restore point
114: 2008-06-13 00:46:55 UTC - RP466 - Removed GameTap
113: 2008-06-13 00:36:49 UTC - RP465 - Removed Norton Security Scan
112: 2008-06-12 00:10:52 UTC - RP464 - Last known good configuration


-- First Restore Point --
1: 2008-06-12 00:10:09 UTC - RP353 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 223 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-13 09:43:10
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Digital Media Reader\shwiconEM.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1130671179\EE\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1130671179\EE\AOLServiceHost.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Owner\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {860c2f6b-ca82-4282-9187-beccbb66f0af} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130671179\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://office.microsoft.com (HKCU)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Vegas%20Heist/Images/stg_drm.ocx
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.0.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} () - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Azada/Images/armhelper.ocx
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: hubbsi - {7b1eeccd-0a6d-4ad5-8ac1-4af5722b3885} - blank (file missing)
O22 - SharedTaskScheduler: {7b1eeccd-0a6d-4ad5-8ac1-4af5722b3885} - hubbsi - (no file)
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS


--
End of file - 10619 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys
R3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-13 09:18:39 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-06-11 18:04:00 270 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-06-08 02:00:00 260 --a------ C:\WINDOWS\Tasks\Disk Cleanup.job
2008-04-12 18:04:43 392 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2008-05-13 and 2008-06-13 -----------------------------

2008-06-13 08:29:26 0 d-------- C:\cmdcons
2008-06-13 08:25:13 68096 --a------ C:\WINDOWS\zip.exe
2008-06-13 08:25:13 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-13 08:25:13 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-13 08:25:13 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-13 08:25:13 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-13 08:25:13 98816 --a------ C:\WINDOWS\sed.exe
2008-06-13 08:25:13 80412 --a------ C:\WINDOWS\grep.exe
2008-06-13 08:25:13 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-11 19:11:27 243984 --a------ C:\WINDOWS\system32\VBAR2232.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-06-11 19:11:26 302352 --a------ C:\WINDOWS\system32\MSWNG300.DLL <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-06-11 19:11:26 250640 --a------ C:\WINDOWS\system32\MSRD2X32.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-11 19:11:26 23824 --a------ C:\WINDOWS\system32\MSJTER32.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-11 19:11:26 35600 --a------ C:\WINDOWS\system32\MSJINT32.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet Database Engine>
2008-06-11 19:11:25 1015568 --a------ C:\WINDOWS\system32\MSJT3032.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-11 19:11:24 0 d-------- C:\Program Files\4PLAY 4
2008-06-11 19:08:43 60416 --a------ C:\WINDOWS\ST4UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-11 19:04:28 0 d-------- C:\WINDOWS\system32\logXv07
2008-06-10 14:16:32 0 d-------- C:\DOWNLOADS
2008-06-10 14:16:32 0 d-------- C:\!Temp
2008-06-10 14:16:00 0 d-------- C:\Program Files\BearShare Pro
2008-06-01 20:11:45 0 d-------- C:\Documents and Settings\Owner\Application Data\SpinTop
2008-06-01 09:59:01 0 d-------- C:\Program Files\GHOST Hunters The Haunting Of Majesty Manor
2008-05-30 09:07:05 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-05-26 09:29:44 0 d-------- C:\Documents and Settings\Owner\Application Data\MysteryStudio
2008-05-25 22:01:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Astar Games
2008-05-25 20:55:25 0 d-------- C:\Documents and Settings\Owner\Application Data\SultansLabyrinth
2008-05-25 19:12:23 0 --a------ C:\Program Files\temp01
2008-05-25 19:12:20 0 d-------- C:\Program Files\bfgclient
2008-05-25 19:11:50 0 d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-05-25 17:51:45 0 d-------- C:\Documents and Settings\Owner\Application Data\Abra Academy2
2008-05-21 14:45:36 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-05-21 12:20:51 0 d-------- C:\Program Files\Windows Live Favorites
2008-05-19 19:04:44 0 d-------- C:\Program Files\Travelogue 360 Rome
2008-05-19 19:03:32 0 d-------- C:\Program Files\Spirit Of Wandering The Legend
2008-05-18 19:10:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Gogii
2008-05-15 08:36:08 0 d-------- C:\Documents and Settings\Owner\Application Data\MySpace
2008-05-15 08:36:00 0 d-------- C:\Program Files\MySpace


-- Find3M Report ---------------------------------------------------------------

2008-06-13 09:30:24 0 d-------- C:\Program Files\Lx_cats
2008-06-13 06:53:31 0 d-------- C:\Program Files\Common Files
2008-06-12 20:41:30 0 d-------- C:\Program Files\Google
2008-06-12 20:04:06 0 d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-06-12 19:48:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-12 19:44:26 0 d-------- C:\Program Files\Common Files\AOL
2008-06-12 11:32:32 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-02 12:41:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Flood Light Games
2008-06-01 09:42:58 0 d-------- C:\Program Files\RealArcade
2008-05-30 19:04:40 0 d-------- C:\Documents and Settings\Owner\Application Data\PlayFirst
2008-05-27 18:22:19 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-27 18:13:56 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-05-21 12:22:33 0 d-------- C:\Program Files\Windows Live Toolbar
2008-05-21 11:39:43 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-19 18:52:58 0 d-------- C:\Program Files\Yahoo! Games
2008-05-18 21:18:55 0 d-------- C:\Documents and Settings\Owner\Application Data\ForgottenRiddles
2008-05-17 00:16:56 0 d-------- C:\Program Files\Yahoo!
2008-05-09 11:03:33 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2008-05-02 18:10:05 0 d-------- C:\Program Files\MSBuild
2008-05-02 10:51:46 0 d-------- C:\Program Files\Microsoft Money 2005
2008-05-01 21:59:26 0 d-------- C:\Documents and Settings\Owner\Application Data\Mysteryville2
2008-05-01 14:22:12 0 d-------- C:\Documents and Settings\Owner\Application Data\Friday's games
2008-04-29 10:52:55 2966 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-04-25 15:25:06 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-04-25 12:11:44 0 d-------- C:\Documents and Settings\Owner\Application Data\SprillBermudeEng
2008-04-24 17:57:43 0 d-------- C:\Documents and Settings\Owner\Application Data\MegauploadToolbar
2008-04-24 10:48:54 0 d-------- C:\Documents and Settings\Owner\Application Data\Megaupload
2008-04-24 10:48:11 0 d-------- C:\Program Files\MegauploadToolbar
2008-04-24 10:46:25 0 d-------- C:\Program Files\Megaupload
2008-04-23 14:00:00 0 d-------- C:\Program Files\SweetIM
2008-04-18 18:27:16 0 d-------- C:\Documents and Settings\Owner\Application Data\FloodLightGames
2008-04-17 21:38:12 0 d-------- C:\Program Files\ReflexiveArcade
2008-04-17 12:05:16 0 d-------- C:\Program Files\Microsoft Works
2008-04-17 12:05:08 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-17 12:04:26 0 d-------- C:\Program Files\Microsoft Expression
2008-03-24 18:01:27 4096 --a------ C:\WINDOWS\d3dx.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [11/15/2004 06:04 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 11:24 PM]
"SoundMan"="SOUNDMAN.EXE" [09/26/2005 06:07 PM C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/18/2005 11:32 AM]
"nwiz"="nwiz.exe" [09/18/2005 11:32 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/18/2005 11:32 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1130671179\EE\AOLHostManager.exe" [11/03/2004 04:03 PM]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [04/27/2005 09:21 AM]
"lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [05/04/2005 06:24 PM]
"EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [06/08/2005 11:19 AM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [05/03/2005 01:20 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/30/2005 06:22 AM]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/07/2005 12:46 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/27/2008 09:11 PM]
"SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [03/27/2008 07:31 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:00 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [5/12/2008 8:15:18 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [5/3/2005 10:07:32 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"hubbsi"= {7b1eeccd-0a6d-4ad5-8ac1-4af5722b3885} - blank [ ]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97401071-4932-11da-95ca-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b462ef81-4ca6-11da-8ce3-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480




-- End of Deckard's System Scanner: finished at 2008-06-13 09:44:02 ------------

`````````````````````````````````````````````````````````````

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Sempron™ Processor 3300+
Percentage of Memory in Use: 74%
Physical Memory (total/avail): 222.42 MiB / 57.11 MiB
Pagefile Memory (total/avail): 542.5 MiB / 301.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1902.07 MiB

C: is Fixed (NTFS) - 88.85 GiB total, 74.23 GiB free.
D: is Fixed (FAT32) - 4.3 GiB total, 2.72 GiB free.
E: is CDROM (CDFS)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3100011A - 93.16 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 88.85 GiB - C:
\PARTITION1 - Unknown - 4.31 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: v (McAfee) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1130671179\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1130671179\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\WINDOWS\\system32\\lxcgcoms.exe"="C:\\WINDOWS\\system32\\lxcgcoms.exe:*:Enabled:2300 Series"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"="C:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe:*:Enabled:iMesh"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
AV_APPDATA=C:\DOCUME~1\Owner\APPLIC~1
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-8B569441EE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\YOUR-8B569441EE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=YOUR-8B569441EE
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Adobe® Photoshop® Album Starter Edition 3.0.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\aolunins_us.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
Gregg College Keyboarding & Document Processing Home 10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8CA5FEB6-681F-4914-9DE1-642DF2FB275C}\setup.exe" -l0x9 GDPHOME
Hidden Relics --> "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\Hidden Relics.rguninst" "AddRemove"
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iMesh --> C:\PROGRA~1\IMESHA~1\iMesh\UNWISE.EXE C:\PROGRA~1\IMESHA~1\iMesh\INSTALL.LOG
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LEGO Racers --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\LEGO Media\Games\LEGO Racers\Uninst.isu"
Lexmark 2300 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcgUNST.EXE -NOLICENSE
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe
Lexmark Skin: Helix --> C:\PROGRA~1\LEXMAR~3\Skin1\UNWISE.EXE C:\PROGRA~1\LEXMAR~3\Skin1\INSTALL.LOG
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Mega Manager --> C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
Megaupload Toolbar --> C:\Program Files\MegauploadToolbar\uninstall.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Starter Edition 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
Microsoft Expression Web --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WEBDESIGNER /dll ESETUP.DLL
Microsoft Expression Web --> MsiExec.exe /X{90120000-0026-0000-0000-0000000FF1CE}
Microsoft Expression Web MUI (English) --> MsiExec.exe /X{90120000-0026-0409-0000-0000000FF1CE}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook 2003 with Business Contact Manager Update --> MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
ProCAM II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EDE78DA-3CD8-41DA-A68C-897A53DDBB15}\Setup.exe" TekSoft
Pure Networks Port Magic --> C:\Program Files\Pure Networks\Port Magic\PortAOL.exe -Uninstall -ShowUI
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealArcade --> "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst" "AddRemove"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Step By Step Interactive Training (KB898458) -->
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Sentinel System Driver --> C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Smilebox --> "C:\Documents and Settings\Owner\Application Data\Smilebox\uninstall.exe"
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
Sunset Studio Deluxe --> "C:\Program Files\Sunset Studio Deluxe\ReflexiveArcade\unins000.exe"
SweetIM for Messenger 2.5 --> MsiExec.exe /X{EC6BD2CC-2DCF-4AD8-A8DD-DF89D29EEF3F}
Symantec Technical Support Web Controls --> MsiExec.exe /X{5FCDE341-328B-434B-9F21-AF5BADB57852}
Tony Hawk's Pro Skater 2 --> C:\PROGRA~1\ACTIVI~1\THPS2\UNINST~1\UNINST~1.EXE C:\Program Files\Activision\THPS2\uninstall\Tony Hawk's Pro Skater 2.log
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type21761 / Success
Event Submitted/Written: 06/13/2008 08:56:09 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type21756 / Warning
Event Submitted/Written: 06/13/2008 08:49:52 AM
Event ID/Source: 19011 / MSSQL$MICROSOFTSMLBIZ
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type21738 / Success
Event Submitted/Written: 06/13/2008 07:15:02 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type21737 / Warning
Event Submitted/Written: 06/13/2008 07:14:15 AM
Event ID/Source: 19011 / MSSQL$MICROSOFTSMLBIZ
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type21702 / Success
Event Submitted/Written: 06/12/2008 09:24:34 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type10000 / Warning
Event Submitted/Written: 06/13/2008 09:27:05 AM
Event ID/Source: 3 / Print
Event Description:
Printer ;k.jkj.k was deleted.

Event Record #/Type9999 / Warning
Event Submitted/Written: 06/13/2008 09:27:01 AM
Event ID/Source: 4 / Print
Event Description:
Printer ;k.jkj.k is pending deletion.

Event Record #/Type9976 / Error
Event Submitted/Written: 06/13/2008 08:52:48 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053

Event Record #/Type9975 / Error
Event Submitted/Written: 06/13/2008 08:52:44 AM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the ImapiService service.

Event Record #/Type9974 / Error
Event Submitted/Written: 06/13/2008 08:52:14 AM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.



-- End of Deckard's System Scanner: finished at 2008-06-13 09:44:02 ------------

BC AdBot (Login to Remove)

 


#2 screen317

screen317

  • Malware Response Team
  • 236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:05:57 PM

Posted 04 July 2008 - 03:25 AM

Hello and welcome to BleepingComputer.

My apologies for the delay. We're all volunteers, and we've been swamped.

Please delete your copy of ComboFix and download the latest version from here.

1. Save it to your Desktop.
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log, as well as a fresh HijackThis log, in your next reply.


-screen317




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users