Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Ie Browser Startup & Diverted Google Searches


  • Please log in to reply
13 replies to this topic

#1 maryba

maryba

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 07 July 2008 - 03:16 PM

Three main problems:

1.
When starting a new session of IE, very slow - 30 or more seconds. And, in some cases, unsucessful start without doing a refresh (F5 key - or the icon, I suppose).

New session start includes both a first session and when clicking on a link which will open in a new, additional window.

2.
Just noticed in Windows Task Manager, that although I had only one visible IE window/session running, there were 7 additional IEXPLORE processes running. These additional processes continued to show even after I closed the one visible IE window.

3.
Whenever I've done a Google or Yahoo or MS Live search and I then click on one of the search result links, some apparent software running in background opens a new window showing a random URL. It is always preceeded by an initial, momentary link (visible in IE's Address bar) to
"hrena.com" (with parameters)
and then a quick, momentary link to
"x-max.net" (with parameters)
and ends with the browser window showing a random URL, usually some bogus third party site showing apparent paid search results.

I can then go back to the original Google/Yahoo/Live window and click on the same search result link and go throiugh the same new-window process again. Then, on the third try, I get a sucessful direct link to the clicked on search result.

In summary, there's a thingy attached to IE which diverts two clicks from a search engine results page and then relinquishes any further diverting for that search result. If I do a new search, it starts all over again.

This occurs only with IE. Doesn't happen with Firefox.

Those are the 3. Hope you can help. TIA.

Mike
==============



Following are scan logs:
======
main.txt
======


Deckard's System Scanner v20071014.68
Run by HP_Owner on 2008-07-07 14:38:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
46: 2008-07-07 19:39:09 UTC - RP1102 - Deckard's System Scanner Restore Point
45: 2008-07-07 06:14:39 UTC - RP1101 - System Checkpoint
44: 2008-07-06 05:14:39 UTC - RP1100 - System Checkpoint
43: 2008-07-05 04:14:38 UTC - RP1099 - System Checkpoint
42: 2008-07-04 03:14:46 UTC - RP1098 - System Checkpoint


-- First Restore Point --
1: 2008-05-21 23:52:58 UTC - RP1057 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:43:10 PM, on 7/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\mysql\bin\winmysqladmin.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\mysql\bin\mysqld.exe
C:\Program Files\PaperCut Print Logger\pcpl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\HP_Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Trellian BHO Impl - {24180B00-2EB6-11d7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll
O2 - BHO: 824223 helper - {34CF6660-9BD3-431A-BA32-6B511D4126DA} - C:\WINDOWS\system32\824223\824223.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Trellian &Toolbar - {71AAABE5-1F0F-11d7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe] "1&1 EasyLogin" HIDE
O4 - HKCU\..\Run: [1&1 EasyLogin] C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagea...en/preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .aiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .MPG: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: www.mosaic.com
O15 - Trusted Zone: www.mosaicsalessolutions.com
O15 - Trusted IP range: 63.77.193.76
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PaperCut Print Logger (PCPrintLogger) - PaperCut Software International Pty Ltd - C:\Program Files\PaperCut Print Logger\pcpl.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

--
End of file - 11156 bytes

-- File Associations -----------------------------------------------------------

.hlp - hlpfile - shell\open\command - winhelp.exe %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 mbmiodrvr - c:\windows\system32\mbmiodrvr.sys <Not Verified; cansoft@livewiredev.com; Windows ® 2000 DDK driver>

S3 SANDRA - c:\program files\sisoftware\sisoftware sandra standard 2004.sp1 (win32 x86)\sandra.sys <Not Verified; SiSoftware; SiSoftware Sandra>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - c:\program files\antivir personaledition classic\sched.exe <Not Verified; Avira GmbH; Scheduler>
R2 Apache2 - "c:\program files\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 Diskeeper - "c:\program files\executive software\diskeeper\dkservice.exe" <Not Verified; Executive Software International, Inc.; Diskeeper ™ Disk Defragmenter>
R2 MySql - c:\mysql\bin\mysqld (file missing)
R2 PCPrintLogger (PaperCut Print Logger) - "c:\program files\papercut print logger\pcpl.exe" pcprintlogger <Not Verified; PaperCut Software International Pty Ltd; PaperCut NG>

S2 AdobeActiveFileMonitor4.0 (Adobe Active File Monitor V4) - c:\program files\adobe\photoshop elements 4.0\photoshopelementsfileagent.exe
S2 ccEvtMgr (Symantec Event Manager) - "c:\program files\common files\symantec shared\ccevtmgr.exe" (file missing)
S2 ccProxy (Symantec Network Proxy) - "c:\program files\common files\symantec shared\ccproxy.exe" (file missing)
S2 ccSetMgr (Symantec Settings Manager) - "c:\program files\common files\symantec shared\ccsetmgr.exe" (file missing)
S2 SymWSC (SymWMI Service) - "c:\program files\common files\symantec shared\security center\symwsc.exe" (file missing)
S3 MSControlService (Microsoft cache control) - c:\windows\system32\windows (file missing)
S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-07 14:41:11 414 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-06-07 and 2008-07-07 -----------------------------

2008-06-27 16:03:34 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-06-27 16:03:33 0 d-------- C:\Program Files\OpD2d


-- Find3M Report ---------------------------------------------------------------

2008-05-24 11:03:56 12343209 --a------ C:\x
2008-05-22 07:54:09 0 d-------- C:\Program Files\Common Files
2008-05-21 14:21:17 0 d-------- C:\Program Files\appgini 4.03 trial
2008-04-30 01:17:20 2528 --a------ C:\Documents and Settings\HP_Owner\Application Data\$_hpcst$.hpc


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34CF6660-9BD3-431A-BA32-6B511D4126DA}]
05/23/2008 05:12 PM 13824 --a------ C:\WINDOWS\system32\824223\824223.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 06:04 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/03/2004 08:43 PM]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [06/07/2004 08:53 PM]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [06/07/2004 08:42 PM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/11/2003 10:02 PM]
"PS2"="C:\WINDOWS\system32\ps2.exe" [10/16/2002 06:57 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [04/14/2004 10:43 PM]
"IS CfgWiz"="c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe" [01/20/2004 07:25 PM]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [10/10/2007 05:44 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [09/09/2005 02:18 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [08/07/2004 04:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe"="1&1 EasyLogin HIDE" []
"1&1 EasyLogin"="C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe" [01/24/2008 07:31 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:00 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 01:39 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/08/2007 07:18 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
WinMySQLadmin.lnk - C:\mysql\bin\winmysqladmin.exe [6/27/2006 10:14:45 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 9:05:56 AM]
Monitor Apache Servers.lnk - C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe [3/18/2004 11:15:54 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^AcceleRun.lnk]
path=C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup\AcceleRun.lnk
backup=C:\WINDOWS\pss\AcceleRun.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Giganews Accelerator.lnk]
path=C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup\Giganews Accelerator.lnk
backup=C:\WINDOWS\pss\Giganews Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]
path=C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup\Reality Fusion GameCam SE.lnk
backup=C:\WINDOWS\pss\Reality Fusion GameCam SE.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^HP_Owner^Start Menu^Programs^Startup^RMP2.lnk]
path=C:\DOCUME~1\HP_Owner\Start Menu\Programs\Startup\RMP2.lnk
backup=C:\WINDOWS\pss\RMP2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
"C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jEdit Server]
"C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe" -Xms64M -Xmx192M -jar "C:\Program Files\jEdit\jedit.jar" -background -nogui

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
"C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wise-FTP Scheduler]
C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{188e81e4-9fb4-11d9-8924-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480




-- End of Deckard's System Scanner: finished at 2008-07-07 14:44:01 ------------


======
extra.txt
======



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.93GHz
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 759.48 MiB / 444.99 MiB
Pagefile Memory (total/avail): 2142.45 MiB / 1621.97 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1936.49 MiB

C: is Fixed (NTFS) - 29.94 GiB total, 7.07 GiB free.
D: is Fixed (FAT32) - 7.3 GiB total, 2.36 GiB free.
E: is CDROM (No Media)
F: is Fixed (FAT32) - 5.27 GiB total, 1.04 GiB free.
G: is Fixed (NTFS) - 51.98 GiB total, 21.54 GiB free.
H: is Fixed (NTFS) - 186.31 GiB total, 7.43 GiB free.
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
L: is Removable (No Media)

\\.\PHYSICALDRIVE2 - Maxtor 4R060J0 - 57.27 GiB - 2 partitions
\PARTITION0 - Unknown - 5.28 GiB - F:
\PARTITION1 (bootable) - Installable File System - 51.98 GiB - G:

\\.\PHYSICALDRIVE1 - SAMSUNG SP2014N - 186.31 GiB - 1 partition
\PARTITION0 - Installable File System - 186.31 GiB - H:

\\.\PHYSICALDRIVE0 - ST340015A - 37.27 GiB - 2 partitions
\PARTITION0 - Unknown - 7.32 GiB - D:
\PARTITION1 (bootable) - Installable File System - 29.94 GiB - C:

\\.\PHYSICALDRIVE4 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE6 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Norton Personal Firewall v2004 (Symantec Corporation) Disabled
FW: COMODO Firewall Pro v3.0 (COMODO)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.3.65
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.2.148
(Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\\Program Files\\AntiVir PersonalEdition Classic\\avcenter.exe"="C:\\Program Files\\AntiVir PersonalEdition Classic\\avcenter.exe:*:Enabled:Start AntiVir PersonalEdition Classic"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"G:\\drives - from other computers\\fujitsu - original from Pentium II - 4gb\\WINDOWS NT (G)\\Program Files\\WS_FTP\\WS_FTP95.exe"="G:\\drives - from other computers\\fujitsu - original from Pentium II - 4gb\\WINDOWS NT (G)\\Program Files\\WS_FTP\\WS_FTP95.exe:*:Enabled:WS_FTP 95"
"C:\\mysql\\bin\\mysqld.exe"="C:\\mysql\\bin\\mysqld.exe:*:Enabled:mysqld"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:java"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Disabled:Microsoft Fax Console"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\WINDOWS\\system32\\javaw.exe"="C:\\WINDOWS\\system32\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Disabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Disabled:Internet Explorer"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=UPSTAIRS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Owner
LOGONSERVER=\\UPSTAIRS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;c:\php;C:\Program Files\Executive Software\Diskeeper;C:\Program Files\jEdit;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
USERDOMAIN=UPSTAIRS
USERNAME=HP_Owner
USERPROFILE=C:\Documents and Settings\HP_Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

HP_Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /I{C98E5F1B-5C2B-4FD1-BDF9-F3779DCAAA16}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1&1 EasyLogin --> C:\Program Files\1&1\1&1 EasyLogin\Uninstall.exe
AcceleRun 1.3 --> "C:\Program Files\AcceleRun\unins000.exe"
AceHTML 5 Freeware --> C:\WINDOWS\iun6002.exe "C:\Program Files\Visicom Media\AceHTML 5 Freeware\irunin.ini"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe GoLive CS2 English --> msiexec /i {46548E80-0409-0000-7E8A-45000F855001}
Adobe Help Center 2.0 --> MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Photoshop Elements 4.0 --> msiexec /I {EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Agere Systems PCI Soft Modem --> agrsmdel
Alleycode HTML Editor 2.16.2 --> "C:\Program Files\Alleycode\unins000.exe"
Amaya --> "C:\Program Files\Amaya9.99-3\Uninstall.exe"
AnalogX ITR Client --> C:\Program Files\AnalogX\ITR\itrcu.exe
Apache HTTP Server 2.0.49 --> MsiExec.exe /I{3A862C7D-0504-48BC-AEF8-7F7479C7C158}
AppGini Free Trial Edition 4.03 --> "C:\Program Files\appgini 4.0 trial\AppGini\unins000.exe"
AppGini Professional Edition (upgrade to 3.2) --> "C:\Program Files\AppGini3.2\unins000.exe"
AppGini Professional Edition 3.3 --> "C:\Program Files\AppGiniPro3.3\unins000.exe"
Arachnophilia --> C:\WINDOWS\uninst.exe -f"C:\Program Files\arachnophilia\DeIsL1.isu"
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\Setup.exe" -l0x9
Avira AntiVir PersonalEdition Classic --> C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Belarc Advisor 6.1 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Canon CanoScan Toolbox 4.9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\setup.exe" -l0x9 anything
Canon ScanGear Starter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x9 anything
CC_ccProxyMSI --> MsiExec.exe /I{A398F2DC-D706-4bb2-AC38-5532CD229D08}
CC_ccStart --> MsiExec.exe /I{7BB102D2-98A8-4204-988D-00461CA6ADD1}
ccCommon --> MsiExec.exe /I{A86C8E47-3F08-4918-8FB6-19972BC9C0C6}
Code Generator Pro --> MsiExec.exe /I{649A74E6-45BD-4D3E-AF0D-8A002E902886}
Dataviewer Pro 3.7.0.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A295C320-3327-4D7A-9855-1A05888AACC9}\Setup.exe"
dbQwikSite 5 Personal Edition --> C:\PROGRA~1\DBQWIK~1\UNWISE.EXE C:\PROGRA~1\DBQWIK~1\INSTALL.LOG
Dexpot 1.4 --> "C:\Program Files\Dexpot\uninstall.exe"
DHE Editor 1.00.0280 --> C:\PROGRA~1\DHEEDI~1\Setup.exe /remove
DHE Editor 1.8 --> "C:\Program Files\DHE Editor v8\unins000.exe"
Diskeeper Server Standard Edition --> MsiExec.exe /I{B7C3BD73-4A75-4CA5-9868-959814572B0A}
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
ExcelMySQlMagic Demo --> "C:\Program Files\ExcelMySQlMagicDemo\unins000.exe"
Giganews Accelerator --> MsiExec.exe /I{7A8726E0-B7A2-4A8C-A592-7F361FB27CD8}
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Hello Engines! Professional --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14292520-03AE-47F7-BA50-D5DF1CB9EDFB}\Setup.exe" -l0x9
Help and Support Additions --> C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 4.2 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.2 --> C:\Program Files\HP\Digital Imaging\{5E1494D4-3562-4FFB-B35C-600F80F6934C}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photo & Imaging 3.5 - HP Devices --> C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 4.0 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update --> MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
HPIZ402 --> MsiExec.exe /X{8D9768AE-DE42-4A04-A461-2361A58C384D}
in2site 1.006 --> C:\Program Files\in2site 1and1 us\Uninstal.exe
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{35AFD495-EC2E-4B2B-B9DB-30EEBC74049D}
J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
jEdit 4.3pre8 --> "C:\Program Files\jEdit\unins000.exe"
KBD --> C:\HP\KBD\KBD.EXE uninstalled
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
Logical Decisions Demo --> c:\ldw51\uninst\fimain.exe
Manual CanoScan LiDE 60 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B72D50-1C7E-491C-8086-9E060051D316}\setup.exe" -l0x9
McMartin's GedReporter 1.1.2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\McMartin's GedReporter 1.1.2\Uninst.isu"
Meeting Service Record and Playback --> MsiExec.exe /I{1D243F00-1389-4C63-A7E9-B17E967D1901}
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Expression Web --> MsiExec.exe /X{90120000-0026-0000-0000-0000000FF1CE}
Microsoft Expression Web MUI (English) --> MsiExec.exe /X{90120000-0026-0409-0000-0000000FF1CE}
Microsoft Expression Web Trial --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WEBDESIGNER /dll ESETUP.DLL
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Plus! Dancer LE --> MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Motherboard Monitor 5 --> "C:\Program Files\Motherboard Monitor 5\unins000.exe"
MOV Converter 3 --> C:\Program Files\ImTOO\MOV Converter 3\Uninstall.exe
Mozilla Firefox (1.0.7) --> C:\WINDOWS\UninstallFirefox.exe /ua "1.0.7 (en-US)"
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
MyGeneration (remove only) --> "C:\Program Files\MyGeneration\uninstall.exe"
MySQL Connector/ODBC 3.51 --> MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}
MySQL Servers and Clients 4.0.13 --> C:\WINDOWS\IsUninst.exe -fC:\mysql\Uninst.isu
NASA World Wind 1.3 --> "C:\Program Files\NASA\World Wind 1.3\Uninstall_World_Wind_1.3.exe"
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security --> MsiExec.exe /I{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}
Norton Internet Security --> MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security --> MsiExec.exe /I{D885E48B-80E2-47FC-A923-C2317F9FF845}
Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Personal Firewall --> MsiExec.exe /I{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}
Norton Personal Firewall (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}.exe /X
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
NVIDIA GART Driver --> C:\WINDOWS\system32\nvugart.exe Uninstall C:\WINDOWS\system32\nvgart.nvu,NVIDIA GART Driver
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
OpD2d --> C:\WINDOWS\unvise32.exe C:\Program Files\OpD2d\uninstal.log
OpenMG Secure Module 4.7.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
PaperCut Print Logger 1.4 --> "C:\Program Files\PaperCut Print Logger\unins000.exe"
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PC Wizard 2004.1.61 --> "C:\Program Files\PC Wizard 2004\unins000.exe"
PCCloneEX --> C:\PROGRAM FILES\PCCloneEX\Uninstall.EXE
Photosmart 320,370,7400,8100,8400 Series --> C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
PHP 5.1.4 --> C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\INSTALL.LOG
PhpMySQLWizard Demo 1.5 --> "C:\Program Files\PhpMySQLDemo\unins000.exe"
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Python 2.3 pywin32 extensions (build 200) --> "C:\Python23\Removepywin32.exe" -u "C:\Python23\pywin32-wininst.log"
Python 2.3 PyXML-0.8.3 --> "C:\Python23\RemovePyXML.exe" -u "C:\Python23\PyXML-wininst.log"
Python 2.3 ZSI-1.5.0 --> "C:\Python23\RemoveZSI.exe" -u "C:\Python23\ZSI-wininst.log"
Python 2.3.3 --> C:\Python23\UNWISE.EXE C:\Python23\INSTALL.LOG
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Ranking Toolbox 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2388C625-9532-467F-ADEA-B92E027B85E3}\setup.exe" -l0x9 -removeonly
Rapid CSS 2007 v8.2 --> "C:\Program Files\Rapid CSS 2007\unins000.exe"
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RMP2 --> "C:\Program Files\RMP2\unins000.exe"
Road Runner Medic 5.3 --> C:\WINDOWS\unins000.exe
SimoHealth 1.2.0 --> "C:\Program Files\SimoHealth 1.2.0\unins000.exe"
SimpleFamilyTree (remove only) --> "C:\Program Files\SimpleFamilyTree\uninstall.exe"
SiSoftware Sandra Standard 2004.SP1 (Future Publishing Ltd Edit --> "C:\Program Files\SiSoftware\SiSoftware Sandra Standard 2004.SP1 (Win32 x86)\unins000.exe"
Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Social Security Benefit Calculator --> MsiExec.exe /I{5E7FC920-890C-4806-A71F-EB768D453DF2}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SphereXP 1.0.758 --> C:\Program Files\SphereXP\uninst.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins002.exe"
ToolbarBrowser v2.4 --> "C:\Program Files\TRELLIAN\Toolbar\unToolbarBrowser\unins000.exe"
Trellian SEO Toolkit v2.0 --> "C:\Program Files\TRELLIAN\SEO Toolkit v2.0\unins000.exe"
Trellian WebPage --> "C:\Program Files\Trellian\Trellian WebPage\unins000.exe"
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Ulead GIF Animator 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AF3E926-ED59-11D4-A44B-0000E86D2305}\Setup.exe"
Updates from HP --> C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 309731
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Earth 3D (Beta) --> MsiExec.exe /I{619B8475-0F48-41B7-A370-5147F7092989}
Virtual Trumpet --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Virtual Trumpet\ST6UNST.LOG"
VisualWade 1.2.163 --> MsiExec.exe /I{A2098B2F-68CC-44BF-A918-6EDBA7571920}
WinAVIVideoConverter --> "C:\Program Files\WinAVIVideoConverter\unins000.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wintree Version 3.0 d --> "C:\Program Files\DECROCK\WINTREE\unins000.exe"
WinZip --> G:\DRIVES~1\FUJITS~1\WINDOW~1\PROGRA~1\WinZip\winzip32.exe /uninstall
Wise-FTP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F22C63FE-DBA4-4FDA-9306-55AA627CE6C7}\Setup.exe" -l0x9
XanaduSpace --> "C:\Program Files\XanaduSpace\Uninstall.exe"
Yahoo! Photos Print-at-Home Tool --> C:\WINDOWS\unins001.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type11289 / Error
Event Submitted/Written: 07/07/2008 01:58:38 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application WINZIP32.EXE, version 3.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type11288 / Error
Event Submitted/Written: 07/06/2008 10:28:26 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module mshtml.dll, version 6.0.2900.2180, fault address 0x0012bd68.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type11287 / Error
Event Submitted/Written: 07/06/2008 10:26:52 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module mshtml.dll, version 6.0.2900.2180, fault address 0x0012bd68.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type11274 / Error
Event Submitted/Written: 07/04/2008 05:50:37 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module mshtml.dll, version 6.0.2900.2180, fault address 0x0012bd68.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type11273 / Error
Event Submitted/Written: 07/04/2008 05:50:25 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module mshtml.dll, version 6.0.2900.2180, fault address 0x0012bd68.
Processing media-specific event for [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7521 / Warning
Event Submitted/Written: 07/04/2008 11:45:11 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type7520 / Error
Event Submitted/Written: 07/04/2008 11:30:03 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Adobe Active File Monitor V4 service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type7517 / Warning
Event Submitted/Written: 07/01/2008 04:02:05 AM
Event ID/Source: 57 / Ftdisk
Event Description:
The system failed to flush data to the transaction log. Corruption may occur.

Event Record #/Type7516 / Warning
Event Submitted/Written: 07/01/2008 02:14:16 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk7\D during a paging operation.

Event Record #/Type7515 / Warning
Event Submitted/Written: 07/01/2008 02:14:16 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk7\D during a paging operation.



-- End of Deckard's System Scanner: finished at 2008-07-07 14:44:01 ------------

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:01 PM

Posted 09 July 2008 - 04:32 AM

Hello Maryba and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 maryba

maryba
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 11 July 2008 - 11:30 AM

Hi Thunder,

Thanks for your initial response.

In preparing to perform the steps you've listed, I've encountered a possible complication concerning the Windows Recovery console:
I don't have a Windows (Home SP2) installation CD and when I linked to the URL you provided (http://support.microsoft.com/kb/310994) to d/l the Windows Recovery console, I couldn't see any link for downloading the console software - the general discussion seemed to center on creating floppies (no FD drive) or using the console existent on the Windows installation CD.

I would appreciate your directing me to whatever I may have missed. Or, if the console software is no longer available, what are the odds of my needing recovery anyway?

Awaiting your guidance.

Mike
====

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:01 PM

Posted 11 July 2008 - 04:52 PM

Hello Mike,

Just scroll down to the bottom of http://support.microsoft.com/kb/310994
and download the WinXp SP2 file (either Home or Pro, depending on your system) to your desktop.

Then drag it on ComboFix.exe and the automated installation of the Recovery Console will be taken care of by ComboFix.
Once installed, you can continue running the ComboFix scan. :thumbsup:

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 maryba

maryba
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 11 July 2008 - 05:32 PM

Thunder,

I hope the correct file is "WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe" - that's what I d/l'd and will use. It'll be 2-3 hours from now so please let me know if I picked wrong one.

Thanks for your help so far.

Mike
===

#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:01 PM

Posted 11 July 2008 - 06:17 PM

Hello Mike,

If you're running WinXP Home, then that's the right one. :thumbsup:

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 maryba

maryba
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 11 July 2008 - 09:55 PM

Hi Thunder,

Well, some of the stuff has been accomplished:
- ran MalwareBytes (log below)
- experienced a Windows auto-restart
- reran HJT to get log (below)
- d/l'd Combofix and dragged the Microsoft file onto the Combofix icon
- combofix started and got to screen saying starting Registry backup
- then got to Autoscan message box saying "Scanning for infected files..."
- but, within 2-3 minutes, got message saying Recovery Console already installed - can't remember user option but it may have been "Cancel" or "Ok" - whatever it was, I clicked it
- then Autoscan message box disappeared and nothing further happened.

I tried to get online to get this message to you but couldn't - even though system said I was connected to network. Reset modem (power off/on) but no change. Did get back online after computer cold(re)start.

Never saw evidence of a Combofix log being produced so am assuming it didn't complete execution.

Preliminary testing seems to show that one of original problems - the search diversion - has been fixed. Just so happens that the other main problen, the 30-50 second delay when starting a new IE session, had already cleared up earlier today after I had done a cold(re)start then - i.e., before doing any of the MalwareBytes and attempted Combofix scans this evening.

Do I need to attempt a rerun of Combofix?

Mike
====


mbam-log-7-11-2008 (20-32-01).txt

Malwarebytes' Anti-Malware 1.20
Database version: 941
Windows 5.1.2600 Service Pack 2

8:32:01 PM 7/11/2008
mbam-log-7-11-2008 (20-32-01).txt

Scan type: Quick Scan
Objects scanned: 40600
Time elapsed: 6 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 9
Registry Data Items Infected: 9
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{34cf6660-9bd3-431a-ba32-6b511d4126da} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34cf6660-9bd3-431a-ba32-6b511d4126da} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e405.e405mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e405.e405mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSControlService (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\824223 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\824223\824223.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Desktop\AdwareALERT - Remove Vundo - Get Rid of Spyware & Adware today!.htm (Rogue.AdwareAlert) -> Quarantined and deleted successfully.







hijackthis - 071108.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:14 PM, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\mysql\bin\winmysqladmin.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\mysql\bin\mysqld.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\PaperCut Print Logger\pcpl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Trellian BHO Impl - {24180B00-2EB6-11d7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Trellian &Toolbar - {71AAABE5-1F0F-11d7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe] "1&1 EasyLogin" HIDE
O4 - HKCU\..\Run: [1&1 EasyLogin] C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagea...en/preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .aiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .MPG: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: www.mosaic.com
O15 - Trusted Zone: www.mosaicsalessolutions.com
O15 - Trusted IP range: 63.77.193.76
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PaperCut Print Logger (PCPrintLogger) - PaperCut Software International Pty Ltd - C:\Program Files\PaperCut Print Logger\pcpl.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

--
End of file - 10495 bytes

#8 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:01 PM

Posted 12 July 2008 - 05:33 AM

Hello Mike,

Yes please, just double click to run ComboFix and let it take it's course.

Please post the log in your next reply.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#9 maryba

maryba
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 12 July 2008 - 08:40 AM

Thunder,

I assume that means don't drag the Windows icon onto the Combofix icon to start.

Since it thinks I already have Recovery console installed, does this mean that RC will be there if I need it I need it post-scan?

And, if I should have anything similar to my last Combofix attempt - i.e., premature shutdown - should I just retry again? Or, should I get back to you?

Mike

#10 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:01 PM

Posted 12 July 2008 - 09:02 AM

That's correct, Mike

No need to drag and drop anything anymore.

Just double click the ComboFix icon an let it run.

If it doesn't complete as supposed to within 15 minutes,
just check if there's a ComboFix.txt to be found, and report back. :thumbsup:

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#11 maryba

maryba
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 12 July 2008 - 12:18 PM

Thunder,

Here's combofix's log.

Mike
====


ComboFix 08-07-11.1 - HP_Owner 2008-07-12 11:39:10.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.477 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\AlxRes_dll_IMAGE_bg_popup.gif
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\AlxRes_dll_IMAGE_window_sliver.gif
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\oeminfo.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 )))))))))))))))))))))))))))))))
.

2008-07-11 20:22 . 2008-07-11 20:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 20:22 . 2008-07-11 20:22 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2008-07-11 20:22 . 2008-07-11 20:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-11 20:22 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-11 20:22 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-10 11:21 . 2008-07-10 11:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-10 11:21 . 2008-07-10 11:21 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-07 15:29 . 2008-07-07 15:29 <DIR> d-------- C:\Program Files\appgini 4.1 trial
2008-07-07 14:38 . 2008-07-07 14:38 <DIR> d-------- C:\Deckard
2008-06-27 16:03 . 2008-06-27 16:22 <DIR> d-------- C:\Program Files\OpD2d
2008-06-27 16:03 . 2003-03-16 00:15 90,112 --a------ C:\WINDOWS\unvise32.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 19:21 --------- d-----w C:\Program Files\appgini 4.03 trial
2007-02-15 03:23 2,240,441 ----a-w C:\Program Files\v3.3 upgrade 2959ab438dfb.zip
2006-11-27 02:25 774,144 ----a-w C:\Program Files\xRngInterstitial.dll
2006-11-17 03:16 6 ----a-w C:\Documents and Settings\HP_Owner\ex.bat
2008-02-07 10:42 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe"="1&1 EasyLogin HIDE" [X]
"1&1 EasyLogin"="C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe" [2008-01-24 07:31 1545216]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 19:18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-03 20:43 118784]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 20:53 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 20:42 659456]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 18:57 81920]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
"IS CfgWiz"="c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe" [2004-01-20 19:25 124056]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-10 17:44 249896]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 02:18 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-08-07 16:20 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 08:52 218232]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
WinMySQLadmin.lnk - C:\mysql\bin\winmysqladmin.exe [2006-06-27 10:14:45 936448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 09:05:56 65588]
Monitor Apache Servers.lnk - C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe [2004-03-18 11:15:54 41042]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^AcceleRun.lnk]
path=C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup\AcceleRun.lnk
backup=C:\WINDOWS\pss\AcceleRun.lnkCommon Startup

[HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Giganews Accelerator.lnk]
path=C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup\Giganews Accelerator.lnk
backup=C:\WINDOWS\pss\Giganews Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]
path=C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup\Reality Fusion GameCam SE.lnk
backup=C:\WINDOWS\pss\Reality Fusion GameCam SE.lnkCommon Startup

[HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^DOCUME~1^HP_Owner^Start Menu^Programs^Startup^RMP2.lnk]
path=C:\DOCUME~1\HP_Owner\Start Menu\Programs\Startup\RMP2.lnk
backup=C:\WINDOWS\pss\RMP2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2004-12-22 17:45 71280 C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
--a------ 2004-10-04 20:53 176216 C:\Program Files\Executive Software\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2006-06-27 11:01 169984 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2004-04-21 20:28 286720 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jEdit Server]
--a------ 2004-08-07 14:36 28779 C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-08-04 10:06 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
--a------ 2004-01-20 19:25 124056 c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--a------ 2003-05-08 12:00 49152 C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-08-07 16:20 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
--a------ 2004-08-04 10:06 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
--a------ 2004-11-02 16:59 218240 c:\Program Files\Common Files\Symantec Shared\Security Center\usrprmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-05-18 16:28 36972 C:\Program Files\Java\jre1.5.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-08 19:18 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2005-10-25 03:41 95960 C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-08-07 16:03 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wise-FTP Scheduler]
--a------ 2004-05-12 11:47 542720 C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-06-29 19:06 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2003-04-04 04:21 50176 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\AntiVir PersonalEdition Classic\\avcenter.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"G:\\drives - from other computers\\fujitsu - original from Pentium II - 4gb\\WINDOWS NT (G)\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"C:\\mysql\\bin\\mysqld.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2007-09-05 19:46]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2007-09-05 19:46]
R2 PCPrintLogger;PaperCut Print Logger;C:\Program Files\PaperCut Print Logger\pcpl.exe PCPrintLogger []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{188e81e4-9fb4-11d9-8924-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-07-12 17:00:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-VTTimer - VTTimer.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 11:49:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\Program Files\\1&1\\1&1 EasyLogin\\EasyLogin.exe"="\"1&1 EasyLogin\" HIDE"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySql]
"ImagePath"="C:\mysql\bin\mysqld"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\mysql\bin\mysqld.exe
C:\Program Files\PaperCut Print Logger\pcpl.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-07-12 12:03:23 - machine was rebooted [HP_Owner]
ComboFix-quarantined-files.txt 2008-07-12 17:03:19
ComboFix2.txt 2008-02-27 09:06:14

Pre-Run: 8,335,368,192 bytes free
Post-Run: 8,439,771,136 bytes free

190

#12 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:01 PM

Posted 12 July 2008 - 04:16 PM

Well done Mike,

Your logs look fine now :thumbsup:

I see however some entries from Norton/Symantec.
Are these leftovers from a previous install ?
Did you remove all components through Control Panel > Software from the Software list ?
If it's just leftovers, it might be good to download and run the appropriate [url="http://"http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039"]Norton Removal tool[/url]

You can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Your JavaVM is also out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update7.
  • Scroll down to where it says The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right.
  • Check the box that says: Accept License Agreement
  • The page will refresh.
  • Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windowsi586-p.exe to install the newest version.
No more problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#13 maryba

maryba
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 14 July 2008 - 03:42 AM

Hi Thunder,

Well, I dood it!

All except for getting rid of the Norton/Symantec stuff. I tried the link you provided - twice about 5 hours apart. "Page not Found" message both times.

I then went into Add/Remove programs and tried to remove the several components there but midway through the first one, got an error message (of somekind - sorry but I didn't take notes - would be glad to redo and advise you what I see if you think it's worthwhile).

But, I did uninstall Combofix and remove all Java runtimes (v5.0 and v4.xxx) and installed the newly d/l'd v6.

I did see another Symantec product in the Add/Revove list, LiveReg. Have no idea whether it's functional or important to keep. Personally, I've always had a poor attitude about any Symantec or McAfee product and would avoid them like the plague - so if you can ok LiveReg's removal, I'm all for it.

Concerning ongoing maintenance and problem avoidance, do you have any freeware suggestions for adware/malware blockers? And, should I keep and occasionally use MalWareByte to keep things clean?

Also, I've got an older Firefox installed. Would it be particularly important, from a security standpoint, to get the current version?

All operationa and performance issues have been resolved. Thanks so much. Would certainly appreciate your thoughts on the above-mentioned items.

Mike

p.s. Are you really from and/or located in Belgium? I'm very impressed with your written English. Although, I guess practically everyone else on the planet other than Americans is bi-lingual! Sigh! So many languages, so little time.
==

#14 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:01 PM

Posted 14 July 2008 - 05:02 AM

Hello Mike,

You're right, the link to the Norton Removal tool got somehow borked.
This is the correct link : http://service1.symantec.com/Support/tsgen...005033108162039

I did see another Symantec product in the Add/Revove list, LiveReg. Have no idea whether it's functional or important to keep.

Please remove that one as well, and anything from Norton/Symantec you find there.
Reboot your system and run the removal tool to clean up leftovers. :thumbsup:

Concerning ongoing maintenance and problem avoidance, do you have any freeware suggestions for adware/malware blockers?

Please read this Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

And, should I keep and occasionally use MalWareByte to keep things clean?

MBAM is an excellent security program to fight current infections.
Just remember to update it before running it occasionaly. :)

Also, I've got an older Firefox installed. Would it be particularly important, from a security standpoint, to get the current version?

Keeping your software updated and installing the latest, stable versions is always a good idea.
Usually these newer versions are built and published to take care of either security leaks or to improve performance.

And yes, I'm Belgian. :)

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users