Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown infection---hijack and rist logs included


  • This topic is locked This topic is locked
20 replies to this topic

#1 ArcticJoe

ArcticJoe

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 04 April 2009 - 01:09 PM

Unknown infection. Link to old thread http://www.bleepingcomputer.com/forums/t/214964/cant-access-spybot-and-other-problems/

tried to run dds. was unable to and only got a log of nonsense. Below, i will post the HJT logfile as well as the RIST log.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Joe at 2009-04-04 13:00:47
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 88 GB (61%) free of 144 GB
Total RAM: 958 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:42 PM, on 4/4/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\taskeng.exe
C:\Users\Joe\Desktop\RSIT.exe
C:\Program Files\trend micro\Joe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [Windows Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: dlbt_device - - C:\Windows\system32\dlbtcoms.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8417 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-22 35840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-03-28 176128]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-13 159744]
"HP Health Check Scheduler"=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-10 317128]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-04 13556256]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-04 92704]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-27 515416]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"Windows Sidebar"=C:\Program Files\Windows Sidebar\Sidebar.exe [2008-01-19 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Joe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adc41b1c-32e7-11dc-9ce6-001b24403fac}]
shell\AutoRun\command - G:\LaunchU3.exe


======File associations======

.js - open - NOTEPAD.EXE %1
.scr - open - C:\Windows\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2009-04-04 13:00:47 ----D---- C:\rsit
2009-03-29 14:06:46 ----D---- C:\Windows\Sun
2009-03-28 09:34:48 ----A---- C:\Windows\system32\lsdelete.exe
2009-03-27 18:47:55 ----HDC---- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-26 21:56:50 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-03-26 21:56:50 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-25 19:05:41 ----A---- C:\Windows\system32\infocardapi.dll
2009-03-25 19:05:39 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-25 19:05:37 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-03-25 19:05:37 ----A---- C:\Windows\system32\icardres.dll
2009-03-25 19:05:37 ----A---- C:\Windows\system32\icardagt.exe
2009-03-25 19:05:32 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-03-25 19:05:25 ----A---- C:\Windows\system32\PresentationHost.exe
2009-03-25 18:54:58 ----A---- C:\Windows\system32\dfshim.dll
2009-03-25 18:54:46 ----A---- C:\Windows\system32\mscoree.dll
2009-03-25 18:54:43 ----A---- C:\Windows\system32\netfxperf.dll
2009-03-25 18:54:06 ----A---- C:\Windows\system32\mscorier.dll
2009-03-25 18:53:47 ----A---- C:\Windows\system32\mscories.dll
2009-03-22 20:50:56 ----D---- C:\VundoFix Backups
2009-03-22 15:22:03 ----D---- C:\Program Files\MSSOAP
2009-03-22 15:22:03 ----D---- C:\Program Files\Common Files\MSSoap
2009-03-22 14:59:15 ----A---- C:\Windows\system32\javaws.exe
2009-03-22 14:59:15 ----A---- C:\Windows\system32\javaw.exe
2009-03-22 14:59:15 ----A---- C:\Windows\system32\deploytk.dll
2009-03-22 14:59:01 ----A---- C:\Windows\system32\java.exe
2009-03-22 14:54:03 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-03-22 14:43:33 ----D---- C:\ProgramData\NOS
2009-03-22 14:43:33 ----D---- C:\Program Files\NOS
2009-03-22 14:26:26 ----A---- C:\Windows\system32\msshooks.dll
2009-03-22 14:26:24 ----A---- C:\Windows\system32\msscb.dll
2009-03-22 14:26:12 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-03-22 14:26:12 ----A---- C:\Windows\system32\propsys.dll
2009-03-22 14:26:12 ----A---- C:\Windows\system32\propdefs.dll
2009-03-22 14:26:12 ----A---- C:\Windows\system32\msstrc.dll
2009-03-22 14:26:12 ----A---- C:\Windows\system32\mssprxy.dll
2009-03-22 14:26:12 ----A---- C:\Windows\system32\mssitlb.dll
2009-03-22 14:26:12 ----A---- C:\Windows\system32\msshsq.dll
2009-03-22 14:26:11 ----A---- C:\Windows\system32\thawbrkr.dll
2009-03-22 14:26:11 ----A---- C:\Windows\system32\srchadmin.dll
2009-03-22 14:26:11 ----A---- C:\Windows\system32\korwbrkr.dll
2009-03-22 14:26:09 ----A---- C:\Windows\system32\xmlfilter.dll
2009-03-22 14:26:09 ----A---- C:\Windows\system32\wsepno.dll
2009-03-22 14:26:09 ----A---- C:\Windows\system32\rtffilt.dll
2009-03-22 14:26:09 ----A---- C:\Windows\system32\offfilt.dll
2009-03-22 14:26:09 ----A---- C:\Windows\system32\nlhtml.dll
2009-03-22 14:26:09 ----A---- C:\Windows\system32\msscntrs.dll
2009-03-22 14:26:09 ----A---- C:\Windows\system32\mimefilt.dll
2009-03-22 14:26:09 ----A---- C:\Windows\system32\chsbrkr.dll
2009-03-22 14:26:08 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-03-22 14:26:08 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-03-22 14:26:08 ----A---- C:\Windows\system32\chtbrkr.dll
2009-03-22 14:26:07 ----A---- C:\Windows\system32\tquery.dll
2009-03-22 14:26:07 ----A---- C:\Windows\system32\mssvp.dll
2009-03-22 14:26:07 ----A---- C:\Windows\system32\mssrch.dll
2009-03-22 14:26:07 ----A---- C:\Windows\system32\mssphtb.dll
2009-03-22 14:26:07 ----A---- C:\Windows\system32\mssph.dll
2009-03-22 13:29:37 ----D---- C:\Windows\pss
2009-03-22 11:16:06 ----A---- C:\Windows\system32\rpcrt4.dll
2009-03-22 11:16:02 ----A---- C:\Windows\system32\pacerprf.dll
2009-03-22 11:15:58 ----A---- C:\Windows\system32\Faultrep.dll
2009-03-22 11:15:57 ----A---- C:\Windows\system32\wersvc.dll
2009-03-22 11:14:20 ----A---- C:\Windows\system32\vbscript.dll
2009-03-22 11:14:20 ----A---- C:\Windows\system32\jscript.dll
2009-03-22 11:14:17 ----A---- C:\Windows\system32\wshext.dll
2009-03-22 11:14:17 ----A---- C:\Windows\system32\wscript.exe
2009-03-22 11:14:17 ----A---- C:\Windows\system32\cscript.exe
2009-03-22 11:14:16 ----A---- C:\Windows\system32\scrrun.dll
2009-03-22 11:14:16 ----A---- C:\Windows\system32\scrobj.dll
2009-03-22 11:14:10 ----A---- C:\Windows\system32\emdmgmt.dll
2009-03-22 11:14:10 ----A---- C:\Windows\system32\dataclen.dll
2009-03-22 11:14:09 ----A---- C:\Windows\system32\cdd.dll
2009-03-22 10:05:57 ----D---- C:\ProgramData\WindowsSearch
2009-03-21 22:40:31 ----D---- C:\PerfLogs
2009-03-21 21:33:06 ----D---- C:\ProgramData\Lavasoft
2009-03-21 21:33:06 ----D---- C:\Program Files\Lavasoft
2009-03-21 21:00:10 ----D---- C:\Program Files\CCleaner
2009-03-21 18:40:02 ----D---- C:\Users\Joe\AppData\Roaming\Malwarebytes
2009-03-21 18:39:53 ----D---- C:\ProgramData\Malwarebytes
2009-03-21 18:39:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-21 17:06:59 ----A---- C:\Windows\system32\aswBoot.exe
2009-03-21 17:06:52 ----D---- C:\Program Files\Alwil Software
2009-03-21 16:31:27 ----A---- C:\Windows\system32\mfc45.dll
2009-03-21 16:30:14 ----D---- C:\Users\Joe\AppData\Roaming\iolo
2009-03-21 16:30:14 ----D---- C:\ProgramData\iolo
2009-03-15 19:48:20 ----D---- C:\Program Files\Microsoft Visual Studio
2009-03-11 17:25:06 ----A---- C:\Windows\system32\wmp.dll
2009-03-11 17:25:03 ----A---- C:\Windows\system32\spwmp.dll
2009-03-11 17:25:00 ----A---- C:\Windows\system32\wmploc.DLL
2009-03-11 17:25:00 ----A---- C:\Windows\system32\dxmasf.dll
2009-03-11 17:24:54 ----A---- C:\Windows\system32\schannel.dll

======List of files/folders modified in the last 1 months======

2009-04-04 13:01:42 ----D---- C:\Program Files\Trend Micro
2009-04-04 13:01:05 ----D---- C:\Windows\Prefetch
2009-04-04 13:00:57 ----D---- C:\Windows\Temp
2009-04-04 11:18:10 ----D---- C:\Windows\Tasks
2009-04-03 22:19:20 ----HD---- C:\ProgramData
2009-04-03 22:09:15 ----D---- C:\ProgramData\Google Updater
2009-04-02 19:03:40 ----SHD---- C:\System Volume Information
2009-03-31 20:46:01 ----SD---- C:\Users\Joe\AppData\Roaming\Microsoft
2009-03-31 19:00:09 ----D---- C:\Windows\System32
2009-03-31 19:00:09 ----D---- C:\Windows\inf
2009-03-31 19:00:09 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-03-31 18:59:01 ----D---- C:\Windows\system32\drivers
2009-03-31 18:58:58 ----D---- C:\Windows
2009-03-29 10:08:51 ----D---- C:\Windows\Debug
2009-03-29 07:40:57 ----RD---- C:\Program Files
2009-03-28 13:17:07 ----D---- C:\Windows\Logs
2009-03-28 09:30:04 ----D---- C:\Program Files\Mozilla Firefox
2009-03-27 19:44:09 ----D---- C:\Windows\Microsoft.NET
2009-03-27 19:43:58 ----RSD---- C:\Windows\assembly
2009-03-27 18:53:37 ----D---- C:\Windows\system32\catroot
2009-03-27 18:53:34 ----DC---- C:\Windows\system32\DRVSTORE
2009-03-27 18:48:15 ----SHD---- C:\Windows\Installer
2009-03-26 21:46:23 ----D---- C:\Windows\system32\WDI
2009-03-25 20:20:46 ----RD---- C:\Users
2009-03-25 19:42:27 ----D---- C:\Windows\rescache
2009-03-25 19:29:16 ----D---- C:\ProgramData\NVIDIA
2009-03-25 19:21:46 ----D---- C:\Windows\system32\XPSViewer
2009-03-25 19:21:46 ----D---- C:\Windows\system32\wbem
2009-03-25 19:21:46 ----D---- C:\Windows\system32\en-US
2009-03-25 19:18:51 ----D---- C:\Windows\winsxs
2009-03-25 19:08:32 ----D---- C:\Windows\system32\catroot2
2009-03-22 17:48:05 ----SHD---- C:\boot
2009-03-22 17:48:05 ----D---- C:\Windows\system32\config
2009-03-22 17:05:42 ----D---- C:\Windows\SMINST
2009-03-22 15:31:12 ----D---- C:\Windows\system32\Tasks
2009-03-22 15:22:03 ----D---- C:\Program Files\Common Files
2009-03-22 14:58:31 ----D---- C:\Program Files\Java
2009-03-22 14:54:42 ----D---- C:\Program Files\Adobe
2009-03-22 14:54:06 ----D---- C:\Users\Joe\AppData\Roaming\Adobe
2009-03-22 14:54:06 ----D---- C:\ProgramData\Adobe
2009-03-22 14:53:14 ----D---- C:\Program Files\Common Files\Adobe
2009-03-22 14:29:22 ----D---- C:\Windows\PolicyDefinitions
2009-03-21 22:53:43 ----ASH---- C:\Program Files\desktop.ini
2009-03-21 22:41:41 ----D---- C:\Program Files\Windows Calendar
2009-03-21 22:41:40 ----D---- C:\Program Files\Windows Sidebar
2009-03-21 22:41:40 ----D---- C:\Program Files\Windows Media Player
2009-03-21 22:41:40 ----D---- C:\Program Files\Windows Mail
2009-03-21 22:41:40 ----D---- C:\Program Files\Movie Maker
2009-03-21 22:41:40 ----D---- C:\Program Files\Internet Explorer
2009-03-21 22:41:35 ----D---- C:\Program Files\Windows Photo Gallery
2009-03-21 22:41:35 ----D---- C:\Program Files\Windows Journal
2009-03-21 22:41:35 ----D---- C:\Program Files\Windows Collaboration
2009-03-21 22:41:34 ----D---- C:\Windows\servicing
2009-03-21 22:41:34 ----D---- C:\Program Files\Windows Defender
2009-03-21 22:41:34 ----D---- C:\Program Files\Common Files\System
2009-03-21 22:41:33 ----D---- C:\Windows\ehome
2009-03-21 22:41:31 ----D---- C:\Windows\MSAgent
2009-03-21 22:41:30 ----D---- C:\Windows\system32\ko-KR
2009-03-21 22:41:30 ----D---- C:\Windows\system32\da-DK
2009-03-21 22:41:30 ----D---- C:\Windows\system32\com
2009-03-21 22:41:30 ----D---- C:\Windows\L2Schemas
2009-03-21 22:41:30 ----D---- C:\Windows\IME
2009-03-21 22:41:30 ----D---- C:\Windows\DigitalLocker
2009-03-21 22:41:20 ----D---- C:\Windows\system32\sysprep
2009-03-21 22:41:20 ----D---- C:\Windows\system32\oobe
2009-03-21 22:41:20 ----D---- C:\Windows\system32\it-IT
2009-03-21 22:41:20 ----D---- C:\Windows\system32\el-GR
2009-03-21 22:41:20 ----D---- C:\Windows\system32\de-DE
2009-03-21 22:41:19 ----D---- C:\Windows\system32\migration
2009-03-21 22:41:18 ----D---- C:\Windows\system32\sv-SE
2009-03-21 22:41:18 ----D---- C:\Windows\system32\setup
2009-03-21 22:41:18 ----D---- C:\Windows\system32\ru-RU
2009-03-21 22:41:18 ----D---- C:\Windows\system32\ias
2009-03-21 22:41:18 ----D---- C:\Windows\system32\hu-HU
2009-03-21 22:41:18 ----D---- C:\Windows\system32\he-IL
2009-03-21 22:41:18 ----D---- C:\Windows\system32\fr-FR
2009-03-21 22:41:18 ----D---- C:\Windows\system32\fi-FI
2009-03-21 22:41:18 ----D---- C:\Windows\system32\cs-CZ
2009-03-21 22:41:18 ----D---- C:\Windows\system32\AdvancedInstallers
2009-03-21 22:41:17 ----D---- C:\Windows\system32\SLUI
2009-03-21 22:41:17 ----D---- C:\Windows\system32\pt-PT
2009-03-21 22:41:16 ----D---- C:\Windows\system32\zh-TW
2009-03-21 22:41:16 ----D---- C:\Windows\system32\zh-CN
2009-03-21 22:41:16 ----D---- C:\Windows\system32\ro-RO
2009-03-21 22:41:16 ----D---- C:\Windows\system32\pl-PL
2009-03-21 22:41:16 ----D---- C:\Windows\system32\manifeststore
2009-03-21 22:41:16 ----D---- C:\Windows\system32\ja-JP
2009-03-21 22:41:16 ----D---- C:\Windows\system32\es-ES
2009-03-21 22:41:16 ----D---- C:\Windows\system32\en
2009-03-21 22:41:15 ----D---- C:\Windows\system32\tr-TR
2009-03-21 22:41:14 ----D---- C:\Windows\system32\nl-NL
2009-03-21 22:41:14 ----D---- C:\Windows\system32\nb-NO
2009-03-21 22:41:14 ----D---- C:\Windows\system32\ar-SA
2009-03-21 22:41:06 ----D---- C:\Windows\system32\pt-BR
2009-03-21 22:41:06 ----D---- C:\Windows\system32\migwiz
2009-03-21 22:40:41 ----D---- C:\Windows\AppPatch
2009-03-21 22:40:32 ----D---- C:\Windows\system32\Boot
2009-03-21 22:40:32 ----D---- C:\Windows\Boot
2009-03-21 22:17:58 ----A---- C:\Windows\system32\ifxcardm.dll
2009-03-21 22:17:49 ----A---- C:\Windows\system32\axaltocm.dll
2009-03-21 16:38:46 ----SD---- C:\Windows\Downloaded Program Files
2009-03-21 13:03:39 ----D---- C:\ProgramData\Microsoft Help
2009-03-21 13:03:38 ----A---- C:\Windows\win.ini
2009-03-15 19:47:51 ----RSD---- C:\Windows\Fonts
2009-03-15 19:47:47 ----D---- C:\Program Files\Common Files\microsoft shared
2009-03-15 19:45:03 ----D---- C:\Program Files\Microsoft Office
2009-03-05 17:02:26 ----A---- C:\Windows\system32\capicom.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 ElRawDisk;ElRawDisk; \??\C:\Windows\system32\drivers\elrawdsk.sys [2008-12-09 20392]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-20 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-15 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-15 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-10-23 1331192]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 182272]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-03 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-04 7606688]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-10-23 1331192]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel® PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-02-22 159232]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-18 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\Windows\System32\Drivers\sskbfd.sys [2007-10-01 23864]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2007-03-28 270431]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2007-03-28 118877]
R2 dlbt_device;dlbt_device; C:\Windows\system32\dlbtcoms.exe [2007-06-07 538096]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-27 951632]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-04 203296]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-21 183280]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-01-09 110592]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-11-09 181784]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]

-----------------EOF-----------------











info.txt logfile of random's system information tool 1.06 2009-04-04 13:01:48

======Uninstall list======

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Fury\Uninstall.exe"
-->"C:\Program Files\HP Games\Flip Words\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Lemonade Tycoon 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Otto\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Phoenix Assault\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Puzzle Express\Uninstall.exe"
-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
-->"C:\Program Files\HP Games\Snowboard SuperJam\Uninstall.exe"
-->"C:\Program Files\HP Games\SpongeBob SquarePants Krabby Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->"C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
AnswerWorks Runtime-->C:\Windows\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Autodesk Architectural Desktop 3.3-->MsiExec.exe /I{5783F2D7-0134-0409-0000-0060B0CE6BBA}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
BookSmart™ 1.9.9 1.9.9-->C:\Program Files\BookSmart\uninstall.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -IwisR30B7.INF
ESU for Microsoft Vista-->MsiExec.exe /X{39523EA4-F914-4447-A551-2513766095F5}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IwqcVenz.inf
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library 32 bit components-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{11BB336F-0E58-4977-B866-F24FA334616B}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{9061CEF2-51F5-42C9-8A70-9ED351C6597A}
HP Photosmart Essential 2.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.20 B1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickPlay 3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Total Care Advisor-->MsiExec.exe /X{F6B29003-A078-4491-AFBE-62EFB6CFFE19}
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guide 0042-->MsiExec.exe /I{B0F97FBF-9F98-4522-B65D-8980FE38C726}
HP Wireless Assistant-->MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java™ 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Standard 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARDR /dll OSETUP.DLL
Microsoft Office Standard 2007-->MsiExec.exe /X{91120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSCU for Microsoft Vista-->MsiExec.exe /X{3FFB3B34-D639-4384-9AE9-DDE58430D86F}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
muvee autoProducer 6.0-->C:\Program Files\InstallShield Installation Information\{0BFC200F-C45D-4271-AF34-4CA969225DEB}\setup.exe -runfromtemp -l0x0009 -removeonly
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Live Call-->MsiExec.exe /I{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{D9D754A1-EAC5-406C-A28B-C49B1E846711}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090321-0] (disabled)
AS: Spybot - Search and Destroy (disabled)
AS: Lavasoft Ad-Watch Live!
AS: Windows Defender
AS: avast! antivirus 4.8.1335 [VPS 090321-0] (disabled)

======System event log======

Computer Name: Joe-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 75864
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090402020927.285200-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Joe-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 75878
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090402221646.304561-000
Event Type: Error
User:

Computer Name: Joe-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001A7353D823. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 76011
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090403124649.000000-000
Event Type: Warning
User:

Computer Name: Joe-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001A7353D823. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 76051
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090404131959.000000-000
Event Type: Warning
User:

Computer Name: Joe-PC
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {65EAD523-E36A-487D-A02C-B12CFF417B90}
User: Joe-PC\Joe
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: file:C:\Windows\system32\drivers\etc\hosts
Alert Type: Unclassified software
Detection Type:
Record Number: 76059
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090404134524.000000-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: Joe-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2211760171-2115409409-3187964821-1000_Classes:
Process 952 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2211760171-2115409409-3187964821-1000_CLASSES

Record Number: 7008
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090325232243.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Joe-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-2211760171-2115409409-3187964821-1000:
Process 944 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2211760171-2115409409-3187964821-1000
Process 872 (\Device\HarddiskVolume1\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe) has opened key \REGISTRY\USER\S-1-5-21-2211760171-2115409409-3187964821-1000\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness

Record Number: 7067
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090326002123.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Joe-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2211760171-2115409409-3187964821-1000_Classes:
Process 944 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2211760171-2115409409-3187964821-1000_CLASSES

Record Number: 7068
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090326002125.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Joe-PC
Event Code: 0
Message:
Record Number: 7208
Source Name: Lavasoft Ad-Aware Service
Time Written: 20090327234854.000000-000
Event Type: Error
User:

Computer Name: Joe-PC
Event Code: 508
Message: wuaueng.dll (1132) SUS20ClientDataStore: A request to write to the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 5984256 (0x00000000005b5000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (7221 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Record Number: 7310
Source Name: ESENT
Time Written: 20090329144551.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: Joe-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 20541
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090404180140.170000-000
Event Type: Audit Failure
User:

Computer Name: Joe-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 20542
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090404180140.248000-000
Event Type: Audit Failure
User:

Computer Name: Joe-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 20543
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090404180140.326000-000
Event Type: Audit Failure
User:

Computer Name: Joe-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 20544
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090404180140.388400-000
Event Type: Audit Failure
User:

Computer Name: Joe-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 20545
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090404180140.450800-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4802
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"USERPART"=E:
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 ArcticJoe

ArcticJoe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 05 April 2009 - 09:44 PM

Is there some other information i should post?

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:05:32 PM

Posted 13 April 2009 - 12:31 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 ArcticJoe

ArcticJoe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 14 April 2009 - 05:31 AM

thank you for your reply! All information about what i have previously attemped is listed in the above link to another bleepingcomputer thread. I can rewrite here it that would help though. Also, the DDS log returns nothing but gibberish as described by another member here. My current specific problem is that i cannot access safer-networking.org or spybot updates, or any of their help forums. it seems as though i'm being blocked by a virus.

Let me know if this helps or if there is anything else I should do for you.

Thanks so much for your time.

#5 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:05:32 PM

Posted 14 April 2009 - 10:45 AM

Howdy, my name is Hoov, and I will be helping you with your dilemma.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Try this, let me know if you can't get to the site. Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.


Please download RunScanner
  • Save it to a folder you create such as C:\Runscanner (this assumes Windows is installed on your C: drive).
  • Launch Runscanner by double-clicking runscanner.exe within the C:\Runscanner folder.
  • Vista users must also click Continue to open Runscanner when prompted by User Account Control (UAC)
  • Check Beginner Mode
  • Click Scan computer
  • Your will see a "Runscanner scan in progress" window displayed while Runscanner scans your system
  • At the conclusion of the scan, save the run file called runscanner.run to your documents folder or directly to the Runscanner folder. This is the file you will need to upload.
  • A runscanner.log file will automatically open in Notepad. Just close the Notepad window because, it is ONLY the runscanner.run file that we are interested in.
  • Next, zip up the runscanner.run file that you just saved.
  • I want you to upload the zipped runscanner.run file as an attachment in your next reply
  • To do that choose "Additional Options" under "Post Reply"
  • Browse to the zipped RUN file location and then click the "Post" button to attach the file.
  • I will review the run file, and then upload it back to you with items marked for deletion.
  • Please await my directions and the returned RUN file, and do not delete anything in the interim

Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#6 ArcticJoe

ArcticJoe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 14 April 2009 - 08:43 PM

Malwarebytes' Anti-Malware 1.36
Database version: 1983
Windows 6.0.6001 Service Pack 1

4/14/2009 8:42:12 PM
mbam-log-2009-04-14 (20-42-12).txt

Scan type: Quick Scan
Objects scanned: 65385
Time elapsed: 4 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by ArcticJoe, 14 April 2009 - 08:58 PM.


#7 ArcticJoe

ArcticJoe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 14 April 2009 - 09:03 PM

Hoov, i'm trying to upload the zipped run file from runscanner by finding it using the browse button and selecting it. It keeps telling me the file is too large. Am i doing this wrong?

thanks alot.

#8 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:05:32 PM

Posted 15 April 2009 - 01:59 PM

check your private messages.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#9 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:05:32 PM

Posted 15 April 2009 - 10:36 PM

Well that was not as useful as I was hoping. But it will help get rid of a few things.

Now, I want you to fix some autostart items by using the RUN file that I have attached with items marked for deletion:
  • Please download and extract the attached Zip file called runscanner<user name>.zip to your Runscanner folder
  • Open Runscanner in Expert Mode by double-clicking runscanner.exe, checking "Expert" and clicking OK.
  • Click the "Open Run File" button
  • Browse to "runscanner<user name>.run" (the run file you just unzipped) located in the Runscaner folder, and click Open
  • The screen will refresh after the run file loads
  • Click the "Item Fixer" button
  • The items selected to be fixed will be displayed and checked for removal
  • Click "Fix Selected items"
  • Confirm that you want to fix these items by clicking OK in the confirmation dialog box.
  • You will receive a "Done fixing items" message when removal is complete.
  • Reboot
  • Launch Runscanner again, save another .RUN File called runscanner<user name2>.run
  • Zip up runscanner<user name2>.run and attach it to your next reply please.

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#10 ArcticJoe

ArcticJoe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 19 April 2009 - 06:11 PM

I attached the combofix log. I'll copy and paste it below as well. I emailed you the second runscanner file.

ComboFix 09-04-20.02 - Joe 04/19/2009 17:52.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.958.219 [GMT -5:00]
Running from: c:\users\Joe\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090321-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-03-20 to 2009-04-20 )))))))))))))))))))))))))))))))
.

2009-04-17 03:37 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-17 03:37 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-17 03:37 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-15 01:46 . 2009-04-19 22:08 -------- d-----w c:\users\Joe\AppData\Local\Runscanner.net
2009-04-04 18:00 . 2009-04-04 18:01 -------- d-----w C:\rsit
2009-03-31 23:59 . 2009-03-31 23:59 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-03-29 19:06 . 2009-03-29 19:06 -------- d-----w c:\windows\Sun
2009-03-28 14:34 . 2009-03-27 23:53 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-03-27 23:53 . 2009-03-27 23:53 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-03-27 23:47 . 2009-03-27 23:48 -------- dc-h--w c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-27 23:47 . 2009-03-27 23:48 -------- dc-h--w c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-27 02:56 . 2009-03-28 16:57 -------- d-----w c:\users\All Users\Spybot - Search & Destroy
2009-03-27 02:56 . 2009-03-28 16:57 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-26 01:20 . 2009-03-26 01:20 0 ---ha-w c:\users\Default.LOG2
2009-03-26 01:20 . 2009-03-26 01:20 0 ---ha-w c:\users\Default.LOG1
2009-03-26 01:20 . 2009-03-26 01:20 0 ---ha-w C:\ProgramData.LOG2
2009-03-26 01:20 . 2009-03-26 01:20 0 ---ha-w C:\ProgramData.LOG1
2009-03-26 00:20 . 2009-03-26 00:19 873310 ----a-w c:\windows\system32\oem47.inf
2009-03-26 00:17 . 2009-04-19 21:33 41378 ----a-w c:\users\All Users\nvModes.dat
2009-03-26 00:17 . 2009-04-19 21:33 41378 ----a-w c:\programdata\nvModes.dat
2009-03-26 00:05 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-03-26 00:05 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-26 00:05 . 2008-06-20 01:14 37384 ----a-w c:\windows\system32\infocardcpl.cpl
2009-03-26 00:05 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-03-26 00:05 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll
2009-03-26 00:05 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe
2009-03-26 00:05 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-03-26 00:05 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-03-25 23:54 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll
2009-03-25 23:54 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll
2009-03-25 23:54 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-03-25 23:54 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll
2009-03-25 23:53 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll
2009-03-23 01:50 . 2009-03-23 01:50 -------- d-----w C:\VundoFix Backups
2009-03-22 20:20 . 2009-03-22 20:20 164 ----a-w c:\windows\install.dat
2009-03-22 19:59 . 2009-03-22 19:58 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-22 19:43 . 2009-03-22 20:27 -------- d-----w c:\users\All Users\NOS
2009-03-22 19:43 . 2009-03-22 20:27 -------- d-----w c:\programdata\NOS
2009-03-22 16:16 . 2008-04-12 03:32 784896 ----a-w c:\windows\system32\rpcrt4.dll
2009-03-22 16:16 . 2008-04-26 08:26 891448 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-03-22 16:16 . 2008-04-05 03:34 15360 ----a-w c:\windows\system32\pacerprf.dll
2009-03-22 16:16 . 2008-04-05 01:21 72192 ----a-w c:\windows\system32\drivers\pacer.sys
2009-03-22 16:15 . 2008-09-18 04:56 147456 ----a-w c:\windows\system32\Faultrep.dll
2009-03-22 16:15 . 2008-09-18 04:56 125952 ----a-w c:\windows\system32\wersvc.dll
2009-03-22 15:05 . 2009-03-22 15:05 -------- d-----w c:\users\All Users\WindowsSearch
2009-03-22 15:05 . 2009-03-22 15:05 -------- d-----w c:\programdata\WindowsSearch
2009-03-22 03:40 . 2009-03-22 03:40 -------- d-----w C:\PerfLogs
2009-03-22 02:33 . 2009-03-27 23:47 -------- d-----w c:\users\All Users\Lavasoft
2009-03-22 02:33 . 2009-03-27 23:47 -------- d-----w c:\programdata\Lavasoft
2009-03-21 23:40 . 2009-03-21 23:40 -------- d-----w c:\users\Joe\AppData\Roaming\Malwarebytes
2009-03-21 23:39 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-21 23:39 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-21 23:39 . 2009-03-21 23:39 -------- d-----w c:\users\All Users\Malwarebytes
2009-03-21 23:39 . 2009-03-21 23:39 -------- d-----w c:\programdata\Malwarebytes
2009-03-21 22:06 . 2009-02-05 20:06 51792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-03-21 21:33 . 2009-03-21 21:33 406 ----a-w c:\windows\system32\ioloBootDefrag.cfg
2009-03-21 21:32 . 2008-12-09 19:26 20392 ----a-w c:\windows\system32\drivers\elrawdsk.sys
2009-03-21 21:31 . 2009-03-21 21:31 74703 ----a-w c:\windows\system32\mfc45.dll
2009-03-21 21:30 . 2009-03-21 21:45 -------- d-----w c:\users\Joe\AppData\Roaming\iolo
2009-03-21 21:30 . 2009-03-21 21:33 -------- d-----w c:\users\All Users\iolo
2009-03-21 21:30 . 2009-03-21 21:33 -------- d-----w c:\programdata\iolo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 22:11 . 2009-03-22 19:13 4631 ----a-w C:\aaw7boot.log
2009-04-19 15:39 . 2008-07-09 01:20 -------- d-----w c:\programdata\Google Updater
2009-04-17 08:14 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-17 08:05 . 2007-04-20 07:48 -------- d-----w c:\programdata\Microsoft Help
2009-04-15 01:37 . 2009-03-21 23:39 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-04 18:01 . 2007-07-16 01:17 -------- d-----w c:\program files\Trend Micro
2009-03-27 23:47 . 2009-03-22 02:33 -------- d-----w c:\program files\Lavasoft
2009-03-27 02:57 . 2009-03-27 02:56 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-26 00:29 . 2007-07-17 01:41 -------- d-----w c:\programdata\NVIDIA
2009-03-26 00:19 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-03-26 00:19 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-03-26 00:19 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-03-25 23:09 . 2007-07-16 08:25 12931 ----a-w c:\users\Joe\AppData\Roaming\nvModes.dat
2009-03-22 20:27 . 2009-03-22 19:43 -------- d-----w c:\program files\NOS
2009-03-22 20:22 . 2009-03-22 20:22 -------- d-----w c:\program files\MSSOAP
2009-03-22 19:58 . 2007-04-20 08:44 -------- d-----w c:\program files\Java
2009-03-22 19:54 . 2009-03-22 19:54 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-22 19:53 . 2007-04-20 08:08 -------- d-----w c:\program files\Common Files\Adobe
2009-03-22 03:53 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2009-03-22 03:41 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Calendar
2009-03-22 03:41 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Sidebar
2009-03-22 03:41 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Photo Gallery
2009-03-22 03:41 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Journal
2009-03-22 03:41 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Collaboration
2009-03-22 03:41 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Defender
2009-03-22 03:40 . 2006-11-02 10:25 665600 ----a-w c:\windows\Inf\drvindex.dat
2009-03-22 03:17 . 2006-11-02 10:32 101888 ----a-w c:\windows\System32\ifxcardm.dll
2009-03-22 03:17 . 2006-11-02 10:32 82432 ----a-w c:\windows\System32\axaltocm.dll
2009-03-22 02:00 . 2009-03-22 02:00 -------- d-----w c:\program files\CCleaner
2009-03-21 22:06 . 2009-03-21 22:06 -------- d-----w c:\program files\Alwil Software
2009-03-17 15:14 . 2007-07-16 00:42 122952 ----a-w c:\users\Joe\AppData\Local\GDIPFONTCACHEV1.DAT
2009-03-17 03:38 . 2009-04-17 03:34 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-17 03:34 13824 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-17 03:34 24064 ----a-w c:\windows\System32\amxread.dll
2009-03-03 04:46 . 2009-04-17 03:34 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-17 03:34 3547632 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-17 03:33 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:39 . 2009-04-17 03:34 183296 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:39 . 2009-04-17 03:34 551424 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:39 . 2009-04-17 03:34 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-17 03:33 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 04:37 . 2009-04-17 03:34 98304 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:37 . 2009-04-17 03:34 44032 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 04:37 . 2009-04-17 03:34 54784 ----a-w c:\windows\System32\iasads.dll
2009-03-03 03:04 . 2009-04-17 03:34 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-17 03:34 17408 ----a-w c:\windows\System32\iashost.exe
2009-03-03 02:28 . 2009-04-17 03:33 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-02-13 08:49 . 2009-04-17 03:34 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-13 08:49 . 2009-04-17 03:34 1255936 ----a-w c:\windows\System32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 22:24 2033152 ----a-w c:\windows\System32\win32k.sys
2009-02-05 03:06 . 2009-02-05 03:06 339968 ----a-w c:\windows\System32\pythoncom25.dll
2009-02-05 03:06 . 2009-02-05 03:06 2117632 ----a-w c:\windows\System32\python25.dll
2009-02-05 03:06 . 2009-02-05 03:06 114688 ----a-w c:\windows\System32\pywintypes25.dll
2008-07-20 08:11 . 2007-07-24 00:17 680 ----a-w c:\users\Joe\AppData\Local\d3d9caps.dat
2007-09-05 01:16 . 2007-09-05 01:16 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-09-05 01:16 . 2007-09-05 01:16 32768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-09-05 01:16 . 2007-09-05 01:16 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-07-16 14:28 . 2007-07-16 14:28 22 --sha-w c:\windows\SMINST\HPCD.sys
1997-07-22 00:30 . 1997-07-22 00:30 1045776 --sha-w c:\windows\System32\Msjet35.dll
1997-06-23 08:00 . 1997-06-23 08:00 123664 --sha-w c:\windows\System32\Msjint35.dll
1997-06-23 17:06 . 1997-06-23 17:06 24848 --sha-w c:\windows\System32\Msjter35.dll
1997-06-23 17:06 . 1997-06-23 17:06 252176 --sha-w c:\windows\System32\Msrd2x35.dll
1997-06-23 17:06 . 1997-06-23 17:06 287504 --sha-w c:\windows\System32\Msxbse35.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Windows Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2008-01-19 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-27 515416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Users^Joe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{981CFFA3-9427-4709-97C8-B19E11A3E100}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{56D6BE56-AF94-49FD-A837-96D2E9729C9B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{27C7DD8C-DE25-44E2-AFAA-3C39BAD6D94A}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{62AE469B-FC3E-482F-88B9-DE6101EC1741}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{9850DBF2-A867-47A6-A467-A34444477A47}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E1094CCC-9147-4145-A6B1-12D5ADA16576}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A522C3AB-2467-4115-9D41-4CC97790C5ED}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4F0C39B0-4C88-4C96-AC2C-4F245039729B}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{96D26B41-9B01-475C-9A9C-EB2F8D437737}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{284BF33D-7530-40CE-96AD-B622CE1FB05B}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F6DCF39E-AF9C-4C44-8E82-247551FB882C}"= UDP:c:\windows\System32\dlbtcoms.exe:Photo AIO Printer 922 Server
"{6EBC81C7-260E-42CD-9DBF-4FF6B2FED697}"= TCP:c:\windows\System32\dlbtcoms.exe:Photo AIO Printer 922 Server
"TCP Query User{86642DE7-F9AC-4DEE-81D1-F145FAC460D8}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{00A94D07-FA79-4106-912F-FF4EC95C2E94}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{38E0FD8E-5C41-4998-AA1B-D428AB4EA3E1}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AB121C5F-12BB-4221-99E1-986AEFBD7E1F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{B7C8E617-503C-4BB5-AADB-5F494E9EC489}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{2504CA9B-D822-449D-B684-5CC9A51FFAB5}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{5A2C17D3-4BD2-4643-8ED7-A9878E02A091}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{FE3E5FD9-C691-400F-92A4-22750B4FB7BD}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{A887222B-D013-462A-AD03-CF201AF0D1DA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B0BE5C73-4983-4EFA-9B74-375EA2ACB1C3}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AD8C77E1-9CAA-46A4-B093-89F0C7FB869C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{531E1C32-BD8D-4C8F-9B0D-59F2DEA27042}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{09FD03C4-8F8D-4A29-AAC9-5542CCB9B71D}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-27 64160]
S1 aswSP;avast! Self Protection; [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-12-09 20392]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-27 951632]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adc41b1c-32e7-11dc-9ce6-001b24403fac}]
\shell\AutoRun\command - G:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 23:53]

2009-04-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-09 18:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\1c83eta7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FF - prefs.js: browser.search.selectedEngine - Kiwee Live Search
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 17:58
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1552)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Completion time: 2009-04-19 18:02
ComboFix-quarantined-files.txt 2009-04-19 23:02

Pre-Run: 92,801,351,680 bytes free
Post-Run: 92,796,940,288 bytes free

264 --- E O F --- 2009-04-17 08:09

Attached Files



#11 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:05:32 PM

Posted 19 April 2009 - 07:06 PM

Update Spybot, and then use the immunize feature.

Now check out your system and see if you are still having all the same problems, or if they have changed at all.

Edited by Hoov, 19 April 2009 - 07:07 PM.

Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#12 ArcticJoe

ArcticJoe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 19 April 2009 - 08:09 PM

I still can't access spybot's website or download the updates via spybot. I've got to go and get the update from another website. I ran spybot again and still found nothing. Also, there are still 502 in the unprotected zone after doing it several times. Something is still blocking me i guess.

#13 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:05:32 PM

Posted 19 April 2009 - 09:25 PM

Try going to this page and tell me what you see in the top section.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#14 ArcticJoe

ArcticJoe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 20 April 2009 - 08:01 PM

i saw all six images. according to their legend, all is good on the conficker front.

#15 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:05:32 PM

Posted 20 April 2009 - 09:21 PM

Try this,

1. In Internet Explorer 7, click the Tools menu, and then click Internet Options.
2. On the Advanced tab, click Reset.
3. In the Reset Internet Explorer Settings dialog box, click Reset.
4. When Internet Explorer 7 finishes restoring the default settings, click Close, and then click OK two times.
5. Close Internet Explorer 7. The changes take effect the next time that you open Internet Explorer 7.

The Reset Internet Explorer Settings feature restores the following items to their default settings:

* Home pages
* Search scopes
* Browsing history
* Form data
* Passwords
* Appearance settings
* Toolbars
* ActiveX controls

Additionally, the Reset Internet Explorer Settings feature disables all add-ins. However, it does not remove the add-ins.

Let me know how this affects your problem.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users