Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus gone, but there has been damage done to my computer


  • Please log in to reply
28 replies to this topic

#1 vic59

vic59

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 25 February 2009 - 10:17 AM

Referred here from: http://www.bleepingcomputer.com/forums/t/204999/virus-gone-but-there-has-been-damage-done-to-my-computer/ ~ OB

I have a computer with Windows XP Home Edition & I use Firefox for the Internet.

When I try to start my computer in regular mode it starts off with colorful recatangles all over the screen, the only normal looking thing is the start in the lower left corner & the time in the lower right corner. I also get 1 or several boxes that say"A call to an OS function failed". Then the rectangles go away my background is gray & i can see all my regular icons but as soon as I click something the computer restarts not always immediately but that's all it does is continually restarts.

So I got into Safe mode & ran Malwarebytes, the first time I ran it, it found like 46 infected items I removed all of them & now when I run it it finds nothing infected but I am still having the same problems!

This was my original post in AII.

Here is my HJT log, Please help me! Thanks, Vicki

Attached Files


Edited by Orange Blossom, 26 February 2009 - 12:31 AM.


BC AdBot (Login to Remove)

 


#2 vic59

vic59
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 02 March 2009 - 12:25 PM

here's a copy of my log instead on an attachment:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:14 PM, on 2/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.juno.com/s/sp?r=al&cf=sp&...;N=PLHS&O=A
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
O2 - BHO: (no name) - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
O2 - BHO: C:\WINDOWS\system32\gsdrgfdrrgnd.dll - {D5BF4552-94F1-42BD-F434-3604812C807D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Aapp] C:\windows\system32\adprot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [odb] C:\WINDOWS\odb.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: WinMXDownloadWinMX3.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} (Nyoko Downloader Class) - http://www.riverbelle.com/download_helper/Nyoko.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/axhost.cab
O20 - AppInit_DLLs: gjggju.dll glfbct.dll fglcpp.dll svmbqg.dll ylurhu.dll tmmdjh.dll isgzlw.dll afplnk.dll jwxhqj.dll
O20 - Winlogon Notify: hgGwTjgH - hgGwTjgH.dll (file missing)
O20 - Winlogon Notify: urqOfcDw - C:\WINDOWS\
O22 - SharedTaskScheduler: erajhsf8743kjrngjnf - {D5BF4552-94F1-42BD-F434-3604812C807D} - (no file)
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file)
O22 - SharedTaskScheduler: Windows Installer Class - {020487CC-FC04-4B1E-863F-D9801796230B} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8726 bytes

Thanks for your help!

#3 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 02 March 2009 - 03:24 PM

vic59

1. Go HERE and download File Lister.Save it to your Desktop
Rt Click ->> Extract all ->> And extract it to your Desktop
Additional help on extracting zip files can be found HERE
Open the File Lister Folder.
Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
As the program runs, it will appear that nothing is happening.
When the program is fnished it will produce a log for you C:\Files.txt
Copy and paste the contents of that log in your reply.
Posted Image
Microsoft MVP - Windows Security

#4 vic59

vic59
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 02 March 2009 - 03:31 PM

Can I download it to a USB port device & then download it to my computer, I can't get on the internet with my computer right now.

#5 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 02 March 2009 - 03:50 PM

vic59


Yes you can, just reply with the results when ready :thumbup2:

Edited by bamajim, 02 March 2009 - 03:51 PM.

Posted Image
Microsoft MVP - Windows Security

#6 vic59

vic59
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 02 March 2009 - 04:12 PM

Thanks, I'll go run this at home tonight & get back to you with the log early tomorrow

I appreciate whatever help you can offer......Vicki

#7 vic59

vic59
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 03 March 2009 - 07:51 AM

It didn't work so good......when i rt clicked on the filelister file it gave me an error that said registry editing has been disabled by your administrator.

So now what should I do?

Thanks, Vicki

#8 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 03 March 2009 - 08:38 AM

vic59

You are the Administrator of this PC?

Alright lets fix a couple of things manually

1. Rerun Hijackthis (scan only) and place checks beside the following entriesO2 - BHO: (no name) - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
O2 - BHO: C:\WINDOWS\system32\gsdrgfdrrgnd.dll - {D5BF4552-94F1-42BD-F434-3604812C807D} - (no file)
O4 - HKLM\..\Run: [Aapp] C:\windows\system32\adprot
O4 - HKLM\..\Run: [odb] C:\WINDOWS\odb.exe
O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'Default user')
O20 - AppInit_DLLs: gjggju.dll glfbct.dll fglcpp.dll svmbqg.dll ylurhu.dll tmmdjh.dll isgzlw.dll afplnk.dll jwxhqj.dll
O20 - Winlogon Notify: hgGwTjgH - hgGwTjgH.dll (file missing)
O20 - Winlogon Notify: urqOfcDw - C:\WINDOWS\
O22 - SharedTaskScheduler: erajhsf8743kjrngjnf - {D5BF4552-94F1-42BD-F434-3604812C807D} - (no file)
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file)
O22 - SharedTaskScheduler: Windows Installer Class - {020487CC-FC04-4B1E-863F-D9801796230B} - (no file)

Close all other open windows except Hijackthis and Select "Fix checked"

Close Hijackthis.

2. Using Windows Explorer(Right click on "Start," select "Explore," and you will see the "tree' of file folders in the left side of the window. Click on the "+" next to any folder name to expand its contents)
Locate and Delete the following files (if found)C:\windows\system32\adprot
C:\WINDOWS\odb.exe
C:\WINDOWS\system32\ntos.exe

Close Windows Explorer ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log.

And see if FileLister Will run
Posted Image
Microsoft MVP - Windows Security

#9 vic59

vic59
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 03 March 2009 - 09:54 AM

Yes I am the administrator.....Thanks for the advise. I'll go home after work & try that!

Regards, Vicki

#10 vic59

vic59
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 04 March 2009 - 07:55 AM

Good morning,

The HJT stuff went just fine, I did not find those files mentioned with windows explorer

But when I I tried to open the filelister folder I got the same error "registry editing has been disabled by your administrator"

here's my new HJT log. Let me know what you think I should do next & thanks again for all your help!

Vicki

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:50 PM, on 3/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Owner\Application Data\U3\0774221395003C35\LaunchPad.exe
C:\WINDOWS\system32\ctfmon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.juno.com/s/sp?r=al&cf=sp&...;N=PLHS&O=A
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PromoReg] C:\DOCUME~1\Owner\LOCALS~1\Temp\wFtk.exe
O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\system32\advapi32h.exe
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\system32\advapi32h.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\system32\advapi32h.exe
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\system32\advapi32h.exe
O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: WinMXDownloadWinMX3.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} (Nyoko Downloader Class) - http://www.riverbelle.com/download_helper/Nyoko.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/axhost.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8658 bytes

#11 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 04 March 2009 - 09:00 AM

vic59

Good morning

We didn't make the progress I was hoping for. It will take a few runs at this to fix, so please be patient. Let's do this.

1. Rerun Hijackthis (scan only) and place checks beside the following entriesF2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\system32\advapi32h.exe
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\system32\advapi32h.exe
O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\system32\advapi32h.exe
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\system32\advapi32h.exe
O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Close all other open windows except Hijackthis and Select "Fix checked"

Close Hijackthis ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log
Posted Image
Microsoft MVP - Windows Security

#12 vic59

vic59
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 04 March 2009 - 10:48 AM

Thanks I'll try that & see what happens!

#13 vic59

vic59
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 05 March 2009 - 07:52 AM

Well what ever you had me delete it worked!!!!!!!!!!!!! I finally got that file lister file to open & here's the log.....let me know what's next. Thanks for all your help. Vicki

File Lister Version 1.0.6
+
+ By bamajim / bamajim.com
+++++++++++++++++++++++++++++++++

Report ran on --->>> 3/4/2009 5:21:39 PM


====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

====== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

BHO: (NO NAME) - -

====== Values under HKLM\~\Run ======

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"SunKistEM"="C:\\Program Files\\Digital Media Reader\\shwiconem.exe"
"IPInSightLAN 01"="\"C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPClient.exe\" -l"
"IPInSightMonitor 01"="\"C:\\Program Files\\Visual Networks\\Visual IP InSight\\SBC\\IPMon32.exe\""
"Motive SmartBridge"="C:\\PROGRA~1\\SBCSEL~1\\SMARTB~1\\MotiveSB.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\TBMon.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"lxdcmon.exe"="\"C:\\Program Files\\Lexmark 1300 Series\\lxdcmon.exe\""
"lxdcamon"="\"C:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"Malwarebytes Anti-Malware (reboot)"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"PromoReg"="C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\wFtk.exe"


====== Values under HKCU\~\Run ======

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"spc_w"="\"C:\\Program Files\\JUSearch\\juspc.exe\" -w"
"Washer"="C:\\Program Files\\Washer\\washer.exe /0"
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"Yahoo! Pager"="1"
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"userinit"="C:\\WINDOWS\\system32\\ntos.exe"


====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

1/31/2009 2:12:15 PM 13748 2080 C:\avenger.txt
2/20/2009 10:25:09 PM 103 2080 C:\BootErr.log
3/2/2009 5:21:44 PM 3566 2080 C:\Files.txt
1/31/2009 12:24:21 PM 4118192 C:\WINDOWS\$NtUninstallKB952069_WM9$
1/31/2009 12:24:21 PM 628400 C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst
1/31/2009 12:24:53 PM 2473748 C:\WINDOWS\$NtUninstallKB954211$
1/31/2009 12:24:53 PM 628500 C:\WINDOWS\$NtUninstallKB954211$\spuninst
1/31/2009 12:23:51 PM 875070 C:\WINDOWS\$NtUninstallKB954600$
1/31/2009 12:23:51 PM 628256 C:\WINDOWS\$NtUninstallKB954600$\spuninst
1/31/2009 12:23:30 PM 1733045 C:\WINDOWS\$NtUninstallKB955069$
1/31/2009 12:23:30 PM 628149 C:\WINDOWS\$NtUninstallKB955069$\spuninst
1/31/2009 12:26:28 PM 692303 C:\WINDOWS\$NtUninstallKB955839$
1/31/2009 12:26:28 PM 629327 C:\WINDOWS\$NtUninstallKB955839$\spuninst
1/31/2009 12:26:01 PM 856278 C:\WINDOWS\$NtUninstallKB956391$
1/31/2009 12:26:01 PM 626902 C:\WINDOWS\$NtUninstallKB956391$\spuninst
1/31/2009 12:23:15 PM 910715 C:\WINDOWS\$NtUninstallKB956802$
1/31/2009 12:23:15 PM 628091 C:\WINDOWS\$NtUninstallKB956802$\spuninst
1/31/2009 12:26:37 PM 767115 C:\WINDOWS\$NtUninstallKB956803$
1/31/2009 12:26:37 PM 628747 C:\WINDOWS\$NtUninstallKB956803$\spuninst
1/31/2009 12:24:34 PM 9021662 C:\WINDOWS\$NtUninstallKB956841$
1/31/2009 12:24:34 PM 631902 C:\WINDOWS\$NtUninstallKB956841$\spuninst
1/31/2009 12:24:10 PM 1081922 C:\WINDOWS\$NtUninstallKB957097$
1/31/2009 12:24:10 PM 628802 C:\WINDOWS\$NtUninstallKB957097$\spuninst
1/31/2009 12:23:41 PM 960516 C:\WINDOWS\$NtUninstallKB958644$
1/31/2009 12:23:41 PM 628228 C:\WINDOWS\$NtUninstallKB958644$\spuninst
1/31/2009 12:24:01 PM 961235 C:\WINDOWS\$NtUninstallKB958687$
1/31/2009 12:24:01 PM 628307 C:\WINDOWS\$NtUninstallKB958687$\spuninst
2/12/2009 4:29:47 PM 860677 C:\WINDOWS\$NtUninstallKB960715$
2/12/2009 4:29:47 PM 627205 C:\WINDOWS\$NtUninstallKB960715$\spuninst
1/31/2009 12:24:17 PM 14003 32 C:\WINDOWS\KB952069.log
1/31/2009 12:24:51 PM 9773 32 C:\WINDOWS\KB954211.log
1/31/2009 12:23:49 PM 9164 32 C:\WINDOWS\KB954600.log
1/31/2009 12:23:28 PM 8953 32 C:\WINDOWS\KB955069.log
1/31/2009 7:50:52 AM 35096 32 C:\WINDOWS\KB955839.log
1/31/2009 12:26:00 PM 14013 32 C:\WINDOWS\KB956391.log
1/31/2009 7:46:51 AM 14426 32 C:\WINDOWS\KB956802.log
1/31/2009 12:26:35 PM 15509 32 C:\WINDOWS\KB956803.log
1/31/2009 12:24:29 PM 11047 32 C:\WINDOWS\KB956841.log
1/31/2009 12:24:07 PM 9563 32 C:\WINDOWS\KB957097.log
1/31/2009 12:25:14 PM 19726 32 C:\WINDOWS\KB958215-IE7.log
1/31/2009 12:23:39 PM 9473 32 C:\WINDOWS\KB958644.log
1/31/2009 12:23:59 PM 9481 32 C:\WINDOWS\KB958687.log
1/31/2009 12:25:04 PM 9411 32 C:\WINDOWS\KB960714-IE7.log
2/12/2009 4:29:11 PM 13590 32 C:\WINDOWS\KB960715.log
2/12/2009 4:23:03 PM 19269 32 C:\WINDOWS\KB961260-IE7.log
2/27/2009 8:54:49 PM 5781 32 C:\WINDOWS\KB967715.log
2/12/2009 8:24:45 PM 289 32 C:\WINDOWS\kernel32.exe
1/31/2009 12:22:27 PM 317622 32 C:\WINDOWS\msxml4-KB954430-enu.LOG
2/18/2009 2:23:44 AM 237568 32 C:\WINDOWS\odb.exe
2/16/2009 9:30:41 PM 1409 32 C:\WINDOWS\QTFont.for
2/16/2009 9:30:41 PM 54156 34 C:\WINDOWS\QTFont.qfn
2/18/2009 2:23:38 AM 38400 32 C:\WINDOWS\Uluyeqicox.dll
1/29/2009 9:24:57 PM 2822 32 C:\WINDOWS\Wudf01005UnInst.log
2/28/2009 12:50:05 AM 2233 C:\WINDOWS\system32\wsnpoem
2/18/2009 2:23:47 AM 109 38 C:\WINDOWS\system32\2416148337.dat
2/28/2009 12:49:55 AM 40960 7 C:\WINDOWS\system32\advapi32h.exe
1/25/2009 6:22:28 PM 441 32 C:\WINDOWS\system32\TDSSblat.dat

====== Files under "\Administrator\Startup" Last 60 Days======



====== Files under "\All Users\Startup" Last 60 Days======


====== Folders under "\Program Files" Last 60 Days======

2/28/2009 12:42:29 AM 92792 C:\Program Files\WinPcap

====== Files under "\System32\Drivers" Last 60 Days======

1/25/2009 6:22:37 PM 0 32 C:\WINDOWS\system32\drivers\8f53e4b8.sys
2/5/2009 5:54:01 PM 9600 32 C:\WINDOWS\system32\drivers\hidusb.sys
2/5/2009 5:54:11 PM 12160 32 C:\WINDOWS\system32\drivers\mouhid.sys

====== Files Deleted under "%Temp%" ======

C:\DOCUME~1\Owner\LOCALS~1\Temp\110734
C:\DOCUME~1\Owner\LOCALS~1\Temp\114171
C:\DOCUME~1\Owner\LOCALS~1\Temp\183C7D9.dmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\1CFC88.dmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\1pp134.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\30455.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\3094875
C:\DOCUME~1\Owner\LOCALS~1\Temp\31v27.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\3jt142.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\3xqE7.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\4_jmm7.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\53411031
C:\DOCUME~1\Owner\LOCALS~1\Temp\56z4.htm
C:\DOCUME~1\Owner\LOCALS~1\Temp\56z4.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\5_odb.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\60325cahp25ca0.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\60325cahp25caa.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\6pv113.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\6_ldr.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\735a_appcompat.txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\8gv190.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\8h329.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\8t15F.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\962D4.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\9doCA.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\a2f6_appcompat.txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\AAX10.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\AAX14.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\AAX1E5.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\AAX1E6.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\AAX237.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\AAX2A4.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\AAX5.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\AAX6.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\AAX8.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\AAX9.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\AAXA.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\AAXB.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\AAXC.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\Acr96C8.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\AcrBA2D.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\AcrFA9A.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\avto.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\avto1.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\avto2.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\avto3.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\avto4.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\bbmet5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\bx1108.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\c962_appcompat.txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\ce0FE.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\ck5F7.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\cl81A0.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\cmy15C.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\CXX4.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\CXX5.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\CXX6.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\CXX7.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\CXX8.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\e.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_2W6Q30By6mCejTMTR628
C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_7CU3DTTdFfjPN8BzxlXl
C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_CUYpgx6E8NAfzJpjX24j
C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_e3qahVnpaghG9oPmvgoh
C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_ezLPasPfb3Bfe8RELkDV
C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_fqCBtWeMnf80vNRxQmc0
C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_oGgZET6vEOJXel2k5GlL
C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_r90CHMnmZh3qT3QCl5ik
C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_Vg7Rois2Wvno4X4zYijD
C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_YzfQVbqXNSCW1FwQjo3f
C:\DOCUME~1\Owner\LOCALS~1\Temp\ewhgef4ijrkgmjf9.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\external.txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\f763_appcompat.txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\f7c1B6.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\fdshsa873gf.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\file.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\First15.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\grv18A.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\gtseyhbe7.bat
C:\DOCUME~1\Owner\LOCALS~1\Temp\hbx11A.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\hd2onv00
C:\DOCUME~1\Owner\LOCALS~1\Temp\hll11F.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\hn850.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\i0x30.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\ik317C.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\IMT10.xml
C:\DOCUME~1\Owner\LOCALS~1\Temp\IMT11.xml
C:\DOCUME~1\Owner\LOCALS~1\Temp\IMT12.xml
C:\DOCUME~1\Owner\LOCALS~1\Temp\JETE029.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\jusched.log
C:\DOCUME~1\Owner\LOCALS~1\Temp\kb4197.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\lkdslkje38w3yughdf.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\Loader.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\mfsdatt.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\mir12g.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\NeroBackItUp.txt
C:\DOCUME~1\Owner\LOCALS~1\Temp\nrb1A5.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\pcf1B.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\q1.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\q2.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\q3.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\q4.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\q5.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\q6.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\q7.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\q8.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\q9.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\qc4103.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\qd31AC.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\r9g177.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\Sims2Logo.jpg
C:\DOCUME~1\Owner\LOCALS~1\Temp\swt-awt-win32-3346.dll
C:\DOCUME~1\Owner\LOCALS~1\Temp\swt-win32-3346.dll
C:\DOCUME~1\Owner\LOCALS~1\Temp\szg5A.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\temp0.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\temp2.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\teste1_p.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\teste2_p.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\teste3_p.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\teste4_p.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\tg.fl2
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp3B7E6.FOT
C:\DOCUME~1\Owner\LOCALS~1\Temp\TMP4.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp50AE6.FOT
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp567E6.FOT
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp851F6.FOT
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmp8D9D6.FOT
C:\DOCUME~1\Owner\LOCALS~1\Temp\TMPA.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmpCD8E6.FOT
C:\DOCUME~1\Owner\LOCALS~1\Temp\tmpD06E6.FOT
C:\DOCUME~1\Owner\LOCALS~1\Temp\tow12C.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\u2u4A.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\U3Launcher.log
C:\DOCUME~1\Owner\LOCALS~1\Temp\ues13B.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\v6oEF.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\vbb12.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\vjs14D.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\VP6.reg
C:\DOCUME~1\Owner\LOCALS~1\Temp\VP6Install.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\VP6VFW.dll
C:\DOCUME~1\Owner\LOCALS~1\Temp\w3g170.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\wFtk.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\wmplog00.sqm
C:\DOCUME~1\Owner\LOCALS~1\Temp\wndutl32.dll
C:\DOCUME~1\Owner\LOCALS~1\Temp\wnlDC.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\xaj165.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\zjl156.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\_adD.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF1389.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF16C3.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF2238.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF375.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF459D.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF75E7.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF766.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF77E5.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF7BDE.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF7C0B.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF7DC8.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF7F35.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF8034.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF807C.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF80AF.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF814D.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF81B2.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF8231.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF83DA.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF84AC.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF853C.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF8569.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF87B8.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF885E.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF8874.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF8899.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF88BA.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF88EA.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF89C5.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF8A26.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF8A35.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF8B40.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF8B76.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF91B.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF934A.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF95FF.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF9753.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF979B.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF98FC.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF997D.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF9BDA.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF9D23.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF9D3B.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF9E69.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFA15A.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFA7EB.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFAC68.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFAFBD.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFAFEB.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFB9B5.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFC915.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFCE04.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFD12E.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFD9A4.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFDC04.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFEC12.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFED21.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFED57.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFEE9.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFF3DE.tmp

208 Files deleted

====== Files and Folders under "All Users\Application Data" Last 60 Days======

2/8/2009 8:27:13 PM 158635 C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
2/8/2009 8:27:13 PM 158635 C:\Documents and Settings\All Users\Application Data\AdventureChronicles1\Shockwave
2/8/2009 8:27:13 PM 158635 C:\Documents and Settings\All Users\Application Data\AdventureChronicles1\Shockwave\data
2/8/2009 8:11:05 PM 31958342 C:\Documents and Settings\All Users\Application Data\Ashtons. Family Resort
2/8/2009 8:11:09 PM 31958342 C:\Documents and Settings\All Users\Application Data\Ashtons. Family Resort\cached
2/8/2009 8:11:09 PM 31958342 C:\Documents and Settings\All Users\Application Data\Ashtons. Family Resort\cached\Sounds
2/12/2009 8:24:18 PM 0 C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd
2/15/2009 6:51:42 PM 0 C:\Documents and Settings\All Users\Application Data\Gogii Games
2/15/2009 6:51:42 PM 0 C:\Documents and Settings\All Users\Application Data\Gogii Games\Book of Secrets

====== Possible Rootkit Scan (Note: Items listed here are not necessarily bad)======


====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\


====== Services ( Services that are Whitelisted are not shown) ======

8f53e4b8 (8f53e4b8)- C:\WINDOWS\system32\drivers\8f53e4b8.sys - System/Stopped
Afc (PPdus ASPI Shell)- C:\WINDOWS\system32\drivers\Afc.sys - Manual/Running
E100B (Intel® PRO Adapter Driver)- C:\WINDOWS\system32\DRIVERS\e100b325.sys - Manual/Stopped
EntDrv51 (EntDrv51)- \??\C:\WINDOWS\system32\drivers\EntDrv51.sys - Manual/Stopped
mxnic (Macronix MX987xx Family Fast Ethernet NT Driver)- C:\WINDOWS\system32\DRIVERS\mxnic.sys - Manual/Stopped
NaiAvTdi1 (NaiAvTdi1)- C:\WINDOWS\system32\drivers\mvstdi5x.sys - System/Stopped
P3 (Intel PentiumIII Processor Driver)- C:\WINDOWS\system32\DRIVERS\p3.sys - System/Stopped
pccsmcfd (PCCS Mode Change Filter Driver)- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys - Manual/Stopped
smwdm (smwdm)- C:\WINDOWS\system32\drivers\smwdm.sys - Manual/Stopped
SunkFilt (Alcor Micro Corp - 9360)- \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys - Manual/Stopped
SunkFilt39 (Alcor Micro Corp - 3239)- \??\C:\WINDOWS\System32\Drivers\sunkfilt39.sys - Manual/Running
Sunkfiltp (HP && Alcor Micro Corp for Phison)- \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys - Manual/Stopped
upperdev (upperdev)- C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys - Manual/Stopped
USBAAPL (Apple Mobile USB Driver)- C:\WINDOWS\system32\Drivers\usbaapl.sys - Manual/Stopped
wanatw (WAN Miniport (ATW))- C:\WINDOWS\system32\DRIVERS\wanatw4.sys - Manual/Stopped
Wdf01000 (Wdf01000)- C:\WINDOWS\system32\DRIVERS\Wdf01000.sys - Manual/Stopped
WpdUsb (WpdUsb)- C:\WINDOWS\system32\DRIVERS\wpdusb.sys - Manual/Stopped

====== Uninstall List From Registry ======

Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Ad-Aware SE Personal
Adobe Flash Player ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11
Ancient Quest of Saqqarah
Ashton's Family Resort
AT&T Yahoo! DSL Activation
Azkend
Beach Party Craze
MediaBar 2.0
Bicycle Card Games
BigFix
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
SoftV92 Data Fax Modem with SmartCP
Concentration™
County Fair
DVD Shrink 3.2
Enchanted Cavern
exPressit S.E. 2.1
Farmer Jane
Fugu The Blow Fish
HijackThis 2.0.2
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
Lexmark Photo Center
Digital Media Reader
JEOPARDY!®
Jungle Quest
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Security Update for Windows XP (KB883939)
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows Media Format SDK Hotfix - KB891122
Windows XP Hotfix - KB891781
Windows Genuine Advantage Validation Tool (KB892130)
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Update for Windows XP (KB894391)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Update for Windows XP (KB904942)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Security Update for Windows XP (KB916281)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Hotfix for Windows XP (KB926239)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Update for Windows XP (KB929338)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Update for Windows XP (KB931836)
Security Update for Windows XP (KB932168)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Update for Windows XP (KB936357)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows XP (KB938464)
Update for Windows XP (KB938828)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Hotfix for Windows Media Player 11 (KB939683)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows Internet Explorer 7 (KB942615)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Update for Windows XP (KB946627)
Security Update for Windows XP (KB946648)
Hotfix for Windows Internet Explorer 7 (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows Internet Explorer 7 (KB961260)
Keynote Connector
K-Lite Codec Pack
Sierra LandDesigner 3D
Lexmark 1300 Series
LimeWire 4.18.8
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Lucy's Expedition
LUXOR: Quest for the Afterlife
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Mahjong Roadshow™
Mahjongg Artifacts: Chapter 2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Money Tree
Move Networks Player for Internet Explorer
Mozilla Firefox (3.0.6)
Microsoft Compression Client Pack 1.0 for Windows XP
Nero OEM
Nero BurnRights
NeroVision Express 3 SE
Network Play System (Patching)
Microsoft National Language Support Downlevel APIs
OPERATION Mania
PrintMaster 7.00
Intel® PRO Network Adapters and Drivers
RealPlayer
Rollercoaster Rush™
Rooms: The Main Building
Sandlot Games Client Services 1.2.2
Sandlot Games Client Services
AT&T Self Support Tool
Serif DrawPlus 3.0
Sierra Utilities
Spybot - Search & Destroy 1.4
Learn2 Player (Uninstall Only)
The Great Tree
The Hidden Object Show Season 2
The Ultimate Home
Tradewinds Caravans™
Tropix™ 2 - The Quest for the Golden Banana
Virtual Pool 2
Virtual Pool Windows
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Web Publishing Wizard 1.52
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft User-Mode Driver Framework Feature Pack 1.5
Yahoo! Install Manager
The Sims Hot Date
Visual IP InSight(SBC)
Microsoft Money 2004
MSVC80_x86
Google Toolbar for Internet Explorer
Java™ 6 Update 7
WebFldrs XP
MSXML 4.0 SP2 (KB927978)
Microsoft Works
ArcSoft PhotoImpression 5
Lexmark Photo Center
XVID Codec Installation
McAfee VirusScan Enterprise
PowerDVD
Windows Backup Utility
Digital Media Reader
ArcSoft MediaConverter 2
MSXML 4.0 SP2 (KB954430)
Intel® Extreme Graphics Driver
Winkflash Transporter
Microsoft Money 2004 System Pack
PC Connectivity Solution
Adobe Reader 7.0.9
iTunes
Spybot - Search & Destroy
Microsoft .NET Framework 2.0 Service Pack 1
Apple Mobile Device Support
Apple Software Update
MSXML 4.0 SP2 (KB936181)
Digital Video
Microsoft .NET Framework 1.1
oobeFlagNetscape0
ArcSoft MediaConverter
QuickTime
ArcSoft ShowBiz DVD 2

======== Other Info ========

TOTAL PHYSICAL RAM: 527 MB

#14 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 05 March 2009 - 05:52 PM

vic59

Excellent.

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
    (How to extract (decompress) zipped or compressed files, help in the link here: )
2. Copy all the text contained in the bold below to your Clipboard by highlighting it and pressing (Ctrl+C):


Drivers to Delete:
8f53e4b8.sys

Files to delete:
C:\WINDOWS\odb.exe
C:\WINDOWS\Uluyeqicox.dll
C:\WINDOWS\system32\2416148337.dat
C:\WINDOWS\system32\advapi32h.exe
C:\WINDOWS\system32\TDSSblat.dat


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Select Load Script
  • Select Paste from Clipboard
  • The information should now appear in the Open window
  • Select Execute
  • Answer Yes When prompted "Are you sure you want to execute the current script?"
4. The Avenger will automatically do the following:
  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

Edited by bamajim, 05 March 2009 - 05:52 PM.

Posted Image
Microsoft MVP - Windows Security

#15 vic59

vic59
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 06 March 2009 - 08:19 AM

OK I'll go home & try this. I will be in touch over the weekend.

Thanks, Vicki




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users