Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Unknown/popup Ads


  • This topic is locked This topic is locked
5 replies to this topic

#1 jattin

jattin

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 15 June 2008 - 08:06 PM

I get some popup ads when browsing the net. I scanned my computer using 'SuperAntiSpyware' three times that caught different Malware/Adware. I will post all three logs along with DSS logs. Thanks.

Deckard's System Scanner v20071014.68
Run by Taz on 2008-06-15 19:35:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
37: 2008-06-16 00:35:31 UTC - RP410 - Deckard's System Scanner Restore Point
36: 2008-06-15 01:50:23 UTC - RP409 - System Checkpoint
35: 2008-06-13 23:18:44 UTC - RP408 - System Checkpoint
34: 2008-06-12 13:40:10 UTC - RP407 - Software Distribution Service 3.0
33: 2008-06-12 02:52:01 UTC - RP406 - Installed H-Class Clients1_2


-- First Restore Point --
1: 2008-05-16 01:09:39 UTC - RP374 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 2.99 GiB (less than 15%) free.


-- HijackThis (run as Taz.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:11 PM, on 6/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Harris\HCA\HRSUService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\Taz\Desktop\dss.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
D:\HIJACK~1\Taz.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/campaign.asp?cid=16313
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {5f59f6c8-8108-fe78-9424-0825fc7d8f42} - {24f8d7cf-5280-4249-87ef-80188c6f95f5} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C8C59261-1F86-4EAA-8581-18E17E5ACA08} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [444273d8] rundll32.exe "C:\WINDOWS\system32\qudgwjae.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online Enterprise Edition) - https://vpn-standard.harris.com/llclient/IV....com+AXXPEE.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://vpn-standard.harris.com/dana-cached...perSetupSP1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: xxywwwt - xxywwwt.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HRSUService - - C:\Program Files\Harris\HCA\HRSUService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9451 bytes

-- File Associations -----------------------------------------------------------

.ini - Notepad++_file - DefaultIcon - unable to read value
.ini - Notepad++_file - shell\open\command - notepad.exe %1
.txt - Notepad++_file - DefaultIcon - unable to read value
.txt - Notepad++_file - shell\open\command - notepad.exe %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 NEOFLTR_540_11743 (Juniper Networks TDI Filter Driver (NEOFLTR_540_11743)) - c:\windows\system32\drivers\neofltr_540_11743.sys <Not Verified; Juniper Networks; Secure Application Manager>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.6.0.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.6.0.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing)
S3 pepifilter (Volume Adapter) - c:\windows\system32\drivers\lv302af.sys (file missing)
S3 PID_PEPI (Logitech QuickCam IM(PID_PEPI)) - c:\windows\system32\drivers\lv302v32.sys (file missing)
S3 RimUsb (BlackBerry Device) - c:\windows\system32\drivers\rimusb.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 HRSUService - c:\program files\harris\hca\hrsuservice.exe
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSO Service>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-06-15 12:47:34 346 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-03-18 23:14:39 348 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-05-15 and 2008-06-15 -----------------------------

2008-06-15 16:02:13 0 d-------- C:\VundoFix Backups
2008-06-11 21:52:29 0 d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2008-06-11 21:52:27 0 d-------- C:\Program Files\Common Files\Crystal Decisions
2008-06-11 21:50:42 0 d-------- C:\temp
2008-06-09 17:51:10 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-09 17:48:43 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-09 17:48:43 0 d-------- C:\Documents and Settings\Taz\Application Data\SUPERAntiSpyware.com
2008-06-01 15:33:16 0 d-------- C:\Documents and Settings\Taz\LocalLow
2008-06-01 15:33:16 0 d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-05-31 20:03:43 45056 --a------ C:\WINDOWS\system32\WNASPI32.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-05-31 20:03:43 16512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-05-28 15:48:38 0 d-------- C:\Program Files\WinSCP
2008-05-23 18:47:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-05-18 10:19:00 0 d-------- C:\test


-- Find3M Report ---------------------------------------------------------------

2008-06-15 13:32:45 0 d-------- C:\Program Files\McAfee
2008-06-15 12:49:43 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-13 13:43:06 0 d-------- C:\Documents and Settings\Taz\Application Data\Skype
2008-06-13 13:05:01 0 d-------- C:\Documents and Settings\Taz\Application Data\skypePM
2008-06-12 15:07:38 94096 --a------ C:\Documents and Settings\Taz\Application Data\debuggee.mdmp
2008-06-12 13:04:42 0 d-------- C:\Program Files\Common Files
2008-06-12 13:04:36 0 d-------- C:\Program Files\Quicken
2008-06-11 21:52:02 0 d-------- C:\Program Files\Harris
2008-06-11 21:52:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-09 17:48:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 13:33:03 0 d-------- C:\Program Files\Harris Corporation
2008-05-27 08:38:17 0 d-------- C:\Program Files\lx_cats
2008-05-26 11:52:37 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-05-26 11:51:08 0 d-------- C:\Program Files\Logitech
2008-05-20 20:32:11 0 d-------- C:\Documents and Settings\Taz\Application Data\AdobeUM
2008-05-13 22:43:39 212 --a------ C:\WINDOWS\ildasmfnt.bin
2008-05-10 06:16:55 0 d-------- C:\Program Files\DataClipper
2008-05-10 06:07:36 0 d-------- C:\Program Files\TradeKeeper <TRADEK~1>
2008-05-08 13:22:20 0 d-------- C:\Program Files\Yuuguu
2008-05-03 18:18:01 0 d-------- C:\Documents and Settings\Taz\Application Data\GetRightToGo
2008-04-23 19:46:44 0 d-------- C:\Program Files\Common Files\Infragistics
2008-04-23 19:43:48 0 d-------- C:\Program Files\Infragistics
2008-04-23 14:29:44 0 d-------- C:\Documents and Settings\Taz\Application Data\Adobe
2008-04-19 21:44:06 0 d-------- C:\Program Files\iTunes
2008-04-19 21:43:51 0 d-------- C:\Program Files\iPod
2008-04-19 21:43:02 0 d-------- C:\Program Files\QuickTime
2008-04-19 21:39:15 0 d-------- C:\Program Files\Common Files\Apple
2008-04-19 21:36:58 0 d-------- C:\Program Files\Apple Software Update
2008-03-31 17:02:37 0 --a------ C:\LOG
2008-03-26 23:48:51 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24f8d7cf-5280-4249-87ef-80188c6f95f5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8C59261-1F86-4EAA-8581-18E17E5ACA08}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 02:01 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/13/2005 04:44 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/13/2005 04:41 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/13/2005 04:45 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [10/18/2006 06:04 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/18/2006 05:58 PM]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 04:30 PM C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 11:48 AM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 08:29 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 01:05 AM]
"@"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 06:40 PM]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [03/06/2006 03:48 PM]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [02/24/2006 09:54 AM]
"444273d8"="C:\WINDOWS\system32\qudgwjae.dll" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 02:54 PM]
"Router"="C:\Program Files\Router\Router.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [03/27/2007 05:22 PM]
"@"="" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 05:00 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [1/14/2008 1:38:16 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywwwt]
xxywwwt.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqpn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8713 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-15 19:40:02 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2300 @ 1.66GHz
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 1014.37 MiB / 488.8 MiB
Pagefile Memory (total/avail): 2441.23 MiB / 1986.76 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.53 MiB

C: is Fixed (NTFS) - 37.01 GiB total, 2.99 GiB free.
D: is Fixed (NTFS) - 12.55 GiB total, 5.83 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS541660J9SA00 - 54.49 GiB - 4 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 37.01 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 12.55 GiB - D:
\PARTITION3 - Unknown - 4.89 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Disabled:mIRC"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"D:\\Downloads\\utorrent.exe"="D:\\Downloads\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Disabled:SopCast Main Application"
"C:\\Documents and Settings\\Taz\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Taz\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Disabled:SopCast Adver"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\Harris Corporation\\Automatic Ingest 1.6.0.2\\Harris.Automation.UI.Client.exe"="C:\\Program Files\\Harris Corporation\\Automatic Ingest 1.6.0.2\\Harris.Automation.UI.Client.exe:*:Enabled:Harris.Automation.UI.Client"
"C:\\SandBox\\MI_CDF\\hca_clientvob\\bin\\Harris.Automation.UI.Client.exe"="C:\\SandBox\\MI_CDF\\hca_clientvob\\bin\\Harris.Automation.UI.Client.exe:*:Enabled:Harris.Automation.UI.Client"
"C:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\devenv.exe"="C:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\devenv.exe:*:Enabled:Microsoft Visual Studio 2005"
"C:\\Program Files\\Harris Corporation\\Automatic Ingest 1.6.0.3\\Harris.Automation.UI.Client.exe"="C:\\Program Files\\Harris Corporation\\Automatic Ingest 1.6.0.3\\Harris.Automation.UI.Client.exe:*:Enabled:Automatic Ingest"
"C:\\SandBox\\Releases\\TRUNK_MI_CDF\\hca_clientvob\\bin\\Harris.Automation.UI.Client.exe"="C:\\SandBox\\Releases\\TRUNK_MI_CDF\\hca_clientvob\\bin\\Harris.Automation.UI.Client.exe:*:Enabled:Automatic Ingest"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\SandBox\\MI_CDF_TB\\hca_clientvob\\bin\\Harris.Automation.UI.Client.exe"="C:\\SandBox\\MI_CDF_TB\\hca_clientvob\\bin\\Harris.Automation.UI.Client.exe:*:Enabled:Automatic Ingest"
"C:\\SandBox\\MI_CDF_1.8\\hca_clientvob\\bin\\Harris.Automation.UI.Client.exe"="C:\\SandBox\\MI_CDF_1.8\\hca_clientvob\\bin\\Harris.Automation.UI.Client.exe:*:Enabled:Automatic Ingest"
"C:\\Program Files\\Harris Corporation\\Automatic Ingest 1.8.0.0\\Harris.Automation.UI.Client.exe"="C:\\Program Files\\Harris Corporation\\Automatic Ingest 1.8.0.0\\Harris.Automation.UI.Client.exe:*:Enabled:Automatic Ingest"
"C:\\WINDOWS\\system32\\trvxgqox.exe"="C:\\WINDOWS\\system32\\trv"
"C:\\Program Files\\Harris Corporation\\Automatic Ingest 1.8.0.1\\Harris.Automation.UI.Client.exe"="C:\\Program Files\\Harris Corporation\\Automatic Ingest 1.8.0.1\\Harris.Automation.UI.Client.exe:*:Enabled:Automatic Ingest"
"C:\\Program Files\\Harris Corporation\\Harris Automatic Ingest Client 1.8.0.3\\Harris.Automation.UI.Client.exe"="C:\\Program Files\\Harris Corporation\\Harris Automatic Ingest Client 1.8.0.3\\Harris.Automation.UI.Client.exe:*:Enabled:Automatic Ingest"
"C:\\Program Files\\Harris Corporation\\Automatic Ingest 1.6.0.5\\Harris.Automation.UI.Client.exe"="C:\\Program Files\\Harris Corporation\\Automatic Ingest 1.6.0.5\\Harris.Automation.UI.Client.exe:*:Enabled:Automatic Ingest"
"C:\\Documents and Settings\\Taz\\Local Settings\\Temp\\_AZTMP4_\\PVRSERVER_111b.exe"="C:\\Documents and Settings\\Taz\\Local Settings\\Temp\\_AZTMP4_\\PVRSERVER_111b.exe:*:Enabled:PVRSERVER_111b"
"D:\\Downloads\\PVRSERVER_111b\\PVRSERVER_111b.exe"="D:\\Downloads\\PVRSERVER_111b\\PVRSERVER_111b.exe:*:Enabled:PVRSERVER_111b"
"D:\\Nfusion IPPVR\\IPPVR.exe"="D:\\Nfusion IPPVR\\IPPVR.exe:*:Enabled:IPPVR"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Disabled:SopCast Adver"
"C:\\Program Files\\Harris Corporation\\Harris Automatic Ingest Client 1.8.0.2\\Harris.Automation.UI.Client.exe"="C:\\Program Files\\Harris Corporation\\Harris Automatic Ingest Client 1.8.0.2\\Harris.Automation.UI.Client.exe:*:Enabled:Automatic Ingest"
"C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"D:\\Downloads\\Softwares\\Freeware\\utorrent.exe"="D:\\Downloads\\Softwares\\Freeware\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Taz\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TAZDIN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Taz
LOGONSERVER=\\TAZDIN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ESTsoft\ALZip\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\ImageConverter Plus;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ImageConverter Plus;C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0\Bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Taz\LOCALS~1\Temp
TMP=C:\DOCUME~1\Taz\LOCALS~1\Temp
USERDOMAIN=TAZDIN
USERNAME=Taz
USERPROFILE=C:\Documents and Settings\Taz
VS80COMNTOOLS=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Taz (admin)
Administrator (admin)
Guest (new local, guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
--> MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
ALZip --> "C:\Program Files\ESTsoft\ALZip\unins000.exe"
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AnswerWorks 5.0 English Runtime --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Broadcom Management Programs --> MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Cisco Unified Presenter Add-in --> C:\Documents and Settings\Taz\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\ciscounifiedaddin6x0\ciscounifiedaddin6x0.exe -uninstall
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Confidence Online™ Enterprise Edition --> C:\Documents and Settings\Taz\Application Data\WholeSecurity\CAT\WSUIEE.exe
Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
DataClipper 3.0.0 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\DataClipper\ST6UNST.LOG"
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Support 3.1 --> MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
Enterprise Library for .NET Framework 2.0 - January 2006 --> MsiExec.exe /I{7FD12C24-1C06-406C-8116-2EE8A92CE690}
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
EssentialPIM --> C:\Program Files\EssentialPIM\uninstall.exe
ExamDiff 1.7 --> "C:\Program Files\ExamDiff\unins000.exe"
Games, Music, & Photos Launcher --> MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Harris Automatic Ingest Client 1.8.0.5 --> MsiExec.exe /I{0B012684-6D27-40D7-8D88-AE2569AE8614}
Harris CDF (Windows Forms) 2.3.0.0 --> MsiExec.exe /I{9949C133-AEFE-4254-B03C-6FEE9114DAA1}
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "D:\HiJackThis\HijackThis.exe" /uninstall
Infragistics NetAdvantage for Windows Forms 2007 Vol. 1 CLR 2.0 --> MsiExec.exe /X{1B86345C-0B03-4B61-8C06-8F9A9AC7B7D8}
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Jasc Paint Shop Pro 8 --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Juniper Networks Network Connect 5.3.0 --> "C:\Program Files\Juniper Networks\Network Connect 5.3.0\uninstall.exe"
Juniper Networks Network Connect 5.4.0 --> "C:\Program Files\Juniper Networks\Network Connect 5.4.0\uninstall.exe"
Juniper Networks Network Connect 6.0.0 --> "C:\Program Files\Juniper Networks\Network Connect 6.0.0\uninstall.exe"
Juniper Networks Secure Application Manager --> C:\Program Files\Juniper Networks\Secure Application Manager\UninstallSAM.exe
Lexmark 2400 Series --> C:\Program Files\Lexmark 2400 Series\Install\x86\Uninst.exe
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Legacy USB Camera Driver Package --> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\10.51.2023\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"legacyqcam_10.51" /clone_wait /hide_progress
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
mDrWiFi --> MsiExec.exe /I{90CC4231-94AC-45CD-991A-0253BFAC0650}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Device Emulator version 1.0 - ENU --> MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005 --> C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005 --> MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools --> MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server 2005 Samples --> MsiExec.exe /I{DDF6E319-BCD9-4FE3-9D69-26B2F47BEF7C}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual J# 2.0 Redistributable Package --> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Professional Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {D93F9C7C-AB57-44C8-BAD6-1494674BCAF7} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSDN Library for Visual Studio 2005 --> msiexec /i {23959E96-A80F-4172-A655-210E9BB7BFBE}
MSDN Library for Visual Studio 2005 --> MsiExec.exe /X{23959E96-A80F-4172-A655-210E9BB7BFBE}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero 7 Ultra Edition --> MsiExec.exe /I{692854CC-97EF-4307-B787-8C6787B91033}
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
Pdf995 --> C:\Program Files\TaxCut06\pdf995\setup.exe uninstall
PdfEdit995 --> C:\Program Files\TaxCut06\pdf995\res\utilities\thinsetup.exe - uninstall
PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Quicken 2008 --> MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280}
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {94E2AAC1-CAE5-4F73-B0D1-C471BA1F8E2A} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Simply Track 2.6.1 P13 Pro --> "C:\Program Files\Simply Track\unins000.exe"
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SopCast 1.1.2 --> C:\Program Files\SopCast\uninst.exe
SopCore 1.1.1 --> C:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TaxCut Premium 2006 --> C:\PROGRA~1\TaxCut06\Program\removetc.exe
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
The Rosetta Stone --> C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
TortoiseCVS 1.8.13 --> "C:\Program Files\TortoiseCVS\unins000.exe"
TradeKeeper 3.4.5 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\TradeKeeper\ST6UNST.LOG"
TurboTax Deluxe 2007 --> C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
TurboTax Premier 2007 --> C:\Program Files\TurboTax\Premier 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2007\Uninstall.log" -NoGui
TurboTax Premier Investments 2006 --> C:\Program Files\TurboTax\Premier 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2006\Uninstall.log" -NoGui
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6b --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908250 --> "C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB912067 -->
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.0.7 --> "C:\Program Files\WinSCP\unins000.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yuuguu --> "C:\Program Files\Yuuguu\uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type40930 / Warning
Event Submitted/Written: 06/15/2008 06:57:47 PM
Event ID/Source: 3 / SQLBrowser
Event Description:
The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

Event Record #/Type40868 / Warning
Event Submitted/Written: 06/15/2008 03:57:15 PM
Event ID/Source: 3 / SQLBrowser
Event Description:
The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

Event Record #/Type40824 / Warning
Event Submitted/Written: 06/15/2008 01:32:56 PM
Event ID/Source: 3 / SQLBrowser
Event Description:
The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

Event Record #/Type40776 / Warning
Event Submitted/Written: 06/15/2008 00:49:20 PM
Event ID/Source: 3 / SQLBrowser
Event Description:
The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

Event Record #/Type40731 / Error
Event Submitted/Written: 06/14/2008 06:26:35 PM
Event ID/Source: 1000 / .NET Runtime 2.0 Error Reporting
Event Description:
Faulting application harris.automation.ui.client.exe, version 1.8.0.5, stamp 48501de0, faulting module mscorwks.dll, version 2.0.50727.1433, stamp 471ef729, debug? 0, fault address 0x00008ac9.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type32664 / Error
Event Submitted/Written: 06/15/2008 06:55:51 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type32663 / Error
Event Submitted/Written: 06/15/2008 06:55:37 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type32662 / Error
Event Submitted/Written: 06/15/2008 06:55:27 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type32661 / Error
Event Submitted/Written: 06/15/2008 06:55:19 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type32660 / Error
Event Submitted/Written: 06/15/2008 06:55:16 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}



-- End of Deckard's System Scanner: finished at 2008-06-15 19:40:02 ------------

First 'SuperAntiSpyware' Log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/09/2008 at 06:40 PM

Application Version : 4.15.1000

Core Rules Database Version : 3477
Trace Rules Database Version: 1468

Scan type : Quick Scan
Total Scan Time : 00:35:10

Memory items scanned : 495
Memory threats detected : 0
Registry items scanned : 476
Registry threats detected : 12
File items scanned : 19794
File threats detected : 4

Unclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{875A1348-7674-42aa-ADAC-B4F36A004A2D}

Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{2432F099-F8E2-43C9-B765-3AF002FFC6A7}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856}

Adware.AdSponsor/ISM
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{1BAC9A2A-4755-43c3-A430-D3512C5B8A4E}

Trojan.Unknown Origin
HKLM\Software\xpre
HKLM\Software\xpre#execount

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\aoprndtws
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
HKU\S-1-5-21-1366707977-1250417009-3846943065-1005\Software\Microsoft\aldd
HKU\S-1-5-21-1366707977-1250417009-3846943065-1005\Software\Microsoft\rdfa
C:\WINDOWS\SYSTEM32\MCRH.TMP
C:\WINDOWS\SYSTEM32\RRQSS.BAK1
C:\WINDOWS\SYSTEM32\RRQSS.INI

Adware.Tracking Cookie
.d2.zedo.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7h1kknk5.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7h1kknk5.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7h1kknk5.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7h1kknk5.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7h1kknk5.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\7h1kknk5.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.dynamic.media.adrevolver.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.dynamic.media.adrevolver.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
ads.adbrite.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.247realmedia.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.network.realmedia.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
www.burstbeacon.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
www.burstnet.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.ads.clicksor.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.myroitracking.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
clicktorrent.info [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
clicktorrent.info [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
clicktorrent.info [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
clicktorrent.info [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
clicktorrent.info [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
ad1.clickhype.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.msnportal.112.2o7.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]

Adware.RAC
C:\WINDOWS\WPAJTRYF67HAZYTRD.EXE

Second 'SuperAntiSpyware Log'

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/09/2008 at 10:22 PM

Application Version : 4.15.1000

Core Rules Database Version : 3477
Trace Rules Database Version: 1468

Scan type : Complete Scan
Total Scan Time : 01:05:40

Memory items scanned : 456
Memory threats detected : 0
Registry items scanned : 7759
Registry threats detected : 0
File items scanned : 40266
File threats detected : 11

Malware.Installer-Pkg/Gen
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{651956B7-1969-42AA-9453-E0B813019D54}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C0A0AA4D-C79B-48CA-8843-2B02B626C9E6}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.EXE

Adware.Tracking Cookie
.atdmt.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
www.burstnet.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.qinteractive.112.2o7.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.coolsavings.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.coolsavings.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]

Adware.RAC
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP400\A0097556.EXE


Third and latest 'SuperAntiSpyware' Log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/15/2008 at 03:54 PM

Application Version : 4.15.1000

Core Rules Database Version : 3482
Trace Rules Database Version: 1473

Scan type : Complete Scan
Total Scan Time : 02:09:10

Memory items scanned : 196
Memory threats detected : 0
Registry items scanned : 7844
Registry threats detected : 2
File items scanned : 41489
File threats detected : 8

Adware.Tracking Cookie
C:\Documents and Settings\Taz\Cookies\taz@atdmt[2].txt
C:\Documents and Settings\Taz\Cookies\taz@questionmarket[2].txt
C:\Documents and Settings\Taz\Cookies\taz@gomyhit[4].txt
C:\Documents and Settings\Taz\Cookies\taz@ad.yieldmanager[2].txt
C:\Documents and Settings\Taz\Cookies\taz@gomyhit[2].txt
C:\Documents and Settings\Taz\Cookies\taz@gomyhit[3].txt
C:\Documents and Settings\Taz\Cookies\taz@doubleclick[1].txt
C:\Documents and Settings\Taz\Cookies\taz@tribalfusion[2].txt
.2o7.net [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]
www.burstbeacon.com [ C:\Documents and Settings\Taz\Application Data\Mozilla\Firefox\Profiles\m5b6u56g.default\cookies.txt ]

Trojan.Unknown Origin
HKLM\Software\xpre
HKLM\Software\xpre#execount

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:24 AM

Posted 17 June 2008 - 07:38 AM

Hello Jattin and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 jattin

jattin
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 17 June 2008 - 11:30 PM

Thanks Thunder....Here are the logs as requested. I have included 2 HijackThis log...the first HiJackThis log is after running Malwarebytes but before Combofix and the second HiJackThis log is after running Malwarebytes and Combofix...I wasn't sure of when to run HiJackThis hence two logs...


MalwareBytes log

Malwarebytes' Anti-Malware 1.17
Database version: 865

10:32:19 PM 6/17/2008
mbam-log-6-17-2008 (22-32-19).txt

Scan type: Quick Scan
Objects scanned: 40960
Time elapsed: 12 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bndshell3.bho (Adware.AdBand) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bndshell3.bho.1 (Adware.AdBand) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\npqss.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\npqss.ini2 (Malware.Trace) -> Quarantined and deleted successfully.


HiJackThis log after running MalwareBytes (but not Combofix)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:05 PM, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/campaign.asp?cid=16313
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {5f59f6c8-8108-fe78-9424-0825fc7d8f42} - {24f8d7cf-5280-4249-87ef-80188c6f95f5} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C8C59261-1F86-4EAA-8581-18E17E5ACA08} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online Enterprise Edition) - https://vpn-standard.harris.com/llclient/IV....com+AXXPEE.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://vpn-standard.harris.com/dana-cached...perSetupSP1.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: xxywwwt - xxywwwt.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8918 bytes

ComboxFix log

ComboFix 08-06-16.5 - Taz 2008-06-17 23:08:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.453 [GMT -5:00]
Running from: C:\Documents and Settings\Taz\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Taz\Application Data\macromedia\Flash Player\#SharedObjects\YK97G289\www.broadcaster.com
C:\Documents and Settings\Taz\Application Data\macromedia\Flash Player\#SharedObjects\YK97G289\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Taz\Application Data\macromedia\Flash Player\#SharedObjects\YK97G289\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Taz\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Taz\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\dssfpsfp.ini
C:\WINDOWS\system32\eigyjvdm.ini
C:\WINDOWS\system32\ijvfknpi.ini
C:\WINDOWS\system32\ineWc01
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pulmdmex.ini
C:\WINDOWS\system32\rqtxntck.ini
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\T4
C:\WINDOWS\system32\T6

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.

2008-06-17 22:15 . 2008-06-17 22:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 22:15 . 2008-06-17 22:15 <DIR> d-------- C:\Documents and Settings\Taz\Application Data\Malwarebytes
2008-06-17 22:15 . 2008-06-17 22:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 22:15 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-17 22:15 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-16 21:15 . 2008-06-16 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-06-15 22:15 . 2008-06-15 22:15 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-15 22:15 . 2008-06-15 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-15 19:34 . 2008-06-15 19:34 <DIR> d-------- C:\Deckard
2008-06-11 21:52 . 2008-06-11 21:52 <DIR> d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2008-06-11 21:52 . 2008-06-11 21:52 <DIR> d-------- C:\Program Files\Common Files\Crystal Decisions
2008-06-11 14:13 . 2008-04-14 06:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 14:13 . 2008-04-14 06:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 17:51 . 2008-06-09 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-09 17:48 . 2008-06-09 17:48 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-09 17:48 . 2008-06-09 17:48 <DIR> d-------- C:\Documents and Settings\Taz\Application Data\SUPERAntiSpyware.com
2008-06-01 15:33 . 2008-06-01 15:33 <DIR> d-------- C:\Documents and Settings\Taz\LocalLow
2008-06-01 15:33 . 2008-06-01 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-05-31 20:03 . 2008-05-06 01:01 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-05-31 20:03 . 2008-05-06 01:01 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-05-28 15:48 . 2008-05-28 15:48 <DIR> d-------- C:\Program Files\WinSCP
2008-05-23 18:47 . 2008-05-26 11:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 03:55 --------- d-----w C:\Documents and Settings\Taz\Application Data\AdobeUM
2008-06-18 01:55 --------- d-----w C:\Program Files\TaxCut06
2008-06-18 01:37 --------- d-----w C:\Documents and Settings\Taz\Application Data\uTorrent
2008-06-18 00:44 --------- d-----w C:\Program Files\Harris Corporation
2008-06-17 21:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-17 16:57 --------- d-----w C:\Documents and Settings\Taz\Application Data\Skype
2008-06-17 16:39 --------- d-----w C:\Documents and Settings\Taz\Application Data\skypePM
2008-06-17 04:51 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-06-17 04:49 --------- d-----w C:\Program Files\Sonic
2008-06-17 04:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-17 04:30 --------- d--h--w C:\Documents and Settings\Taz\Application Data\Gtek
2008-06-17 04:30 --------- d--h--w C:\Documents and Settings\Guest\Application Data\Gtek
2008-06-17 04:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2008-06-16 17:21 --------- d-----w C:\Documents and Settings\Taz\Application Data\WholeSecurity
2008-06-16 14:08 --------- d-----w C:\Program Files\lx_cats
2008-06-16 03:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 18:32 --------- d-----w C:\Program Files\McAfee
2008-06-15 17:49 --------- d-----w C:\Program Files\Common Files\McAfee
2008-06-12 18:04 --------- d-----w C:\Program Files\Quicken
2008-06-12 02:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-12 02:52 --------- d-----w C:\Program Files\Harris
2008-06-10 04:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-10 03:35 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-26 16:52 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-05-26 16:51 --------- d-----w C:\Program Files\Logitech
2008-05-14 23:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-14 22:06 7,733 ----a-w C:\Documents and Settings\Taz\MyDevices01.bin
2008-05-14 19:32 6,641 ----a-w C:\Documents and Settings\Taz\MyDevices.bin
2008-05-14 02:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Harris Corporation
2008-05-10 11:16 --------- d-----w C:\Program Files\DataClipper
2008-05-10 11:07 --------- d-----w C:\Program Files\TradeKeeper
2008-05-08 18:22 --------- d-----w C:\Program Files\Yuuguu
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-05 13:06 --------- d-----w C:\Documents and Settings\Guest\Application Data\Juniper Networks
2008-05-03 23:18 --------- d-----w C:\Documents and Settings\Taz\Application Data\GetRightToGo
2008-04-29 16:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 16:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 16:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-24 00:46 --------- d-----w C:\Program Files\Common Files\Infragistics
2008-04-24 00:43 --------- d-----w C:\Program Files\Infragistics
2008-04-20 02:43 --------- d-----w C:\Program Files\QuickTime
2008-04-20 02:39 --------- d-----w C:\Program Files\Common Files\Apple
2008-04-20 02:36 --------- d-----w C:\Program Files\Apple Software Update
2008-04-20 02:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-03-27 04:48 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-03-27 04:48 249,856 ------w C:\WINDOWS\Setup1.exe
2008-03-26 18:51 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-03-28 21:40 421,888 ----a-w C:\Program Files\mozilla firefox\plugins\AvctDSView3InterfaceVieweru.dll
2006-03-28 21:40 45,056 ----a-w C:\Program Files\mozilla firefox\plugins\AvctDSViewAppTracker.dll
2006-03-28 21:40 249,856 ----a-w C:\Program Files\mozilla firefox\plugins\AvctInterfaceVieweru.dll
2006-03-28 21:40 57,344 ----a-w C:\Program Files\mozilla firefox\plugins\AvctKeyboard.dll
2006-03-28 21:40 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\avctRdpViewerJA.dll
2006-03-28 21:40 102,400 ----a-w C:\Program Files\mozilla firefox\plugins\avctRdpViewerZH.dll
2006-03-28 21:40 45,056 ----a-w C:\Program Files\mozilla firefox\plugins\AvctSerialViewer.dll
2006-03-28 21:40 696,320 ----a-w C:\Program Files\mozilla firefox\plugins\AvctVideoViewerJA.dll
2006-03-28 21:40 692,224 ----a-w C:\Program Files\mozilla firefox\plugins\AvctVideoViewerZH.dll
2006-03-28 21:40 73,728 ----a-w C:\Program Files\mozilla firefox\plugins\AvctVirtualMediaJA.dll
2006-03-28 21:40 69,632 ----a-w C:\Program Files\mozilla firefox\plugins\AvctVirtualMediaZH.dll
2006-03-28 21:40 86,016 ----a-w C:\Program Files\mozilla firefox\plugins\avctVncViewerJA.dll
2006-03-28 21:40 81,920 ----a-w C:\Program Files\mozilla firefox\plugins\avctVncViewerZH.dll
2006-03-28 21:40 1,047,552 ----a-w C:\Program Files\mozilla firefox\plugins\MFC71u.dll
2006-03-28 21:40 499,712 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp71.dll
2006-03-28 21:40 348,160 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr71.dll
2007-05-23 01:14 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-05-23 01:17 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24f8d7cf-5280-4249-87ef-80188c6f95f5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8C59261-1F86-4EAA-8581-18E17E5ACA08}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseCVS0]
@={5d1cb710-1c4b-11d4-bed5-005004b1f42f}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseCVS1]
@={5d1cb711-1c4b-11d4-bed5-005004b1f42f}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseCVS2]
@={5d1cb712-1c4b-11d4-bed5-005004b1f42f}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseCVS3]
@={5d1cb713-1c4b-11d4-bed5-005004b1f42f}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseCVS4]
@={5d1cb714-1c4b-11d4-bed5-005004b1f42f}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseCVS5]
@={5d1cb715-1c4b-11d4-bed5-005004b1f42f}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseCVS6]
@={5d1cb716-1c4b-11d4-bed5-005004b1f42f}

[HKEY_CLASSES_ROOT\CLSID\{5d1cb710-1c4b-11d4-bed5-005004b1f42f}]
2005-03-05 00:05 1073152 --a------ C:\Program Files\TortoiseCVS\TrtseShl.dll

[HKEY_CLASSES_ROOT\CLSID\{5d1cb711-1c4b-11d4-bed5-005004b1f42f}]
2005-03-05 00:05 1073152 --a------ C:\Program Files\TortoiseCVS\TrtseShl.dll

[HKEY_CLASSES_ROOT\CLSID\{5d1cb712-1c4b-11d4-bed5-005004b1f42f}]
2005-03-05 00:05 1073152 --a------ C:\Program Files\TortoiseCVS\TrtseShl.dll

[HKEY_CLASSES_ROOT\CLSID\{5d1cb713-1c4b-11d4-bed5-005004b1f42f}]
2005-03-05 00:05 1073152 --a------ C:\Program Files\TortoiseCVS\TrtseShl.dll

[HKEY_CLASSES_ROOT\CLSID\{5d1cb714-1c4b-11d4-bed5-005004b1f42f}]
2005-03-05 00:05 1073152 --a------ C:\Program Files\TortoiseCVS\TrtseShl.dll

[HKEY_CLASSES_ROOT\CLSID\{5d1cb715-1c4b-11d4-bed5-005004b1f42f}]
2005-03-05 00:05 1073152 --a------ C:\Program Files\TortoiseCVS\TrtseShl.dll

[HKEY_CLASSES_ROOT\CLSID\{5d1cb716-1c4b-11d4-bed5-005004b1f42f}]
2005-03-05 00:05 1073152 --a------ C:\Program Files\TortoiseCVS\TrtseShl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 16:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 16:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 16:45 118784]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 18:04 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 17:58 696320]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 282624 C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48 761947]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 02:08 483328]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2008-06-17 15:49:27 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywwwt]
xxywwwt.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
backup=C:\WINDOWS\pss\Cisco Systems VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 20:29 49152 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCRCATS]
--a------ 2006-02-24 09:54 65536 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe]
--a------ 2006-03-06 15:48 286720 C:\Program Files\Lexmark 2400 Series\lxcrmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 14:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 18:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-03-27 17:22 4670968 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"lxcr_device"=3 (0x3)
"HRSUService"=3 (0x3)
"LVSrvLauncher"=3 (0x3)
"NBService"=3 (0x3)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"CVPND"=3 (0x3)
"Apple Mobile Device"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\Taz\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\devenv.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"D:\\Downloads\\Softwares\\Freeware\\utorrent.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 NEOFLTR_540_11743;Juniper Networks TDI Filter Driver (NEOFLTR_540_11743);C:\WINDOWS\system32\Drivers\NEOFLTR_540_11743.SYS [2007-04-25 17:40]
R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-12-27 21:48]
S4 HRSUService;HRSUService;C:\Program Files\Harris\HCA\HRSUService.exe [2007-09-21 00:26]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-15 17:47:34 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-03-19 04:14:39 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 23:13:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-06-17 23:19:55 - machine was rebooted [Taz]
ComboFix-quarantined-files.txt 2008-06-18 04:19:45

Pre-Run: 11,869,163,520 bytes free
Post-Run: 11,730,169,856 bytes free

294 --- E O F --- 2008-06-12 13:44:08

HiJackThis log after running Malwarebytes and ComboFix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:28 PM, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
D:\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/campaign.asp?cid=16313
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {5f59f6c8-8108-fe78-9424-0825fc7d8f42} - {24f8d7cf-5280-4249-87ef-80188c6f95f5} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C8C59261-1F86-4EAA-8581-18E17E5ACA08} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online Enterprise Edition) - https://vpn-standard.harris.com/llclient/IV....com+AXXPEE.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://vpn-standard.harris.com/dana-cached...perSetupSP1.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: xxywwwt - xxywwwt.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8714 bytes


Thanks again....

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:24 AM

Posted 18 June 2008 - 08:19 AM

Hello Jattin,

Nearly there. :thumbsup:

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following, if still present :O2 - BHO: {5f59f6c8-8108-fe78-9424-0825fc7d8f42} - {24f8d7cf-5280-4249-87ef-80188c6f95f5} - (no file)
O2 - BHO: (no name) - {C8C59261-1F86-4EAA-8581-18E17E5ACA08} - (no file)
O20 - Winlogon Notify: xxywwwt - xxywwwt.dll (file missing)

Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Then, you can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 jattin

jattin
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 18 June 2008 - 09:43 AM

Thanks Thunder...looks like my laptop is clean now, thanks to you.

#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:24 AM

Posted 18 June 2008 - 09:57 AM

Glad we could help, Jattin :thumbsup:

Please read this Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Please also read Tony Klein's excellent article: How I got Infected in the First Place
and/or Grinlers tutorial on how malware is hidden and installed

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users