View Full Version : Zango, MyWay and FunWeb - Not So Fun
dead-bird
2008-08-28, 20:26
Hi,
This is my daughters latop. She said she was having a few problems. Understatment to say the least.
I start the computer, two programs start running, Windows Antivirus and Anti Spy Check. There is also a Windows Warning Message that I am guessing is part of the trojan. Norton also starts up.
Internet service is out to lunch. My service provider, Cox, blocked internet access due to some programs attempt to hijack the browser.
I was able to download Spybot S&D and HJT on my desktop and transfer to the laptop. Initally spybot found 513 items. Now it's down to about 10 items. Zango, MyWay and FunWeb are the persistant items. There is also a fake windows blue screen with a fake windows startup screen that follows after awhile.
She says limewire is on this machine and I did eventually find some files, looking through the windows files. I would have removed it but did not find it in the remove list. If you can tell me how, I will uninstall. She says she never used it but, I don't know...
I tried to restore / reset the Internet settings vith some help from Cox, and reboot. Cox is still blocking internet access even tho my settings should be OK.
Thank You for your time and consideration.
Gary
HJT log in next post as it was too long.
dead-bird
2008-08-29, 03:26
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:39 AM, on 8/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Doris Braddock\Desktop\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4060918
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4060918
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {300CF5C9-F02D-4CB8-ABED-9C229DA56825} - C:\Program Files\Applications\iebt.dll (file missing)
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Internet Service - {254B87BB-510D-41FA-A887-52C5FA9BE585} - C:\Program Files\Applications\iebr.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\WAV\wav.exe
O4 - HKLM\..\Run: [lphcvnpj0e951] C:\WINDOWS\system32\lphcvnpj0e951.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdtao.exe] C:\WINDOWS\system32\kdtao.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.427.0\SeekmoSA.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9536] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\1\email-def-511724-9595.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1071] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\1\theweb.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7802] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\1\theweb.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8229] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\1\Top7_theweb.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1806] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\1\Top7_theweb.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6932] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\1\btntrans.idx"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7140] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\1\btntrans.idx"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5644] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords.idx"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5686] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords.idx"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9713] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\1\btntrans1.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1095] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\1\btntrans1.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7471] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords1.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2722] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords1.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA836] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\1\components.cdf"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4318] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\1\components.cdf"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9487] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\1\default.cdf"
O4 - HKLM\..\RunOnce: [SpybotDeletingC450] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\1\default.cdf"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3554] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\1\layout.cdf"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9577] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\1\layout.cdf"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7605] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\1\top7.cdf"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1442] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\1\top7.cdf"
O4 - HKLM\..\RunOnce: [SpybotDeletingA782] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\buttondir.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2348] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\buttondir.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1279] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\linkpathlegal.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6257] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\linkpathlegal.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2742] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\cursors.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1725] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\cursors.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5296] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_1000.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2905] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_1000.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5134] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_2000.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingC185] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_2000.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4477] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_3000.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6092] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_3000.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7855] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_bar.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3043] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_bar.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2730] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_bbar1.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingC914] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_bbar1.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4524] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_logos.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8194] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_logos.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6752] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_other.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1981] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_other.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4139] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_weather.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8308] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_weather.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9803] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\email-t1-bg.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7969] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\email-t1-bg.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingA318] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\icons2.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9854] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\icons2.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8177] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\ie_games_icon.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1869] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\ie_games_icon.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6090] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\ie_video.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingC32] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\ie_video.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6817] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\progress.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9674] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\progress.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9522] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\sales_buttons.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2550] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\sales_buttons.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3193] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\seekmo.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1713] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\seekmo.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8914] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\seekmo_ie_menu.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5415] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\seekmo_ie_menu.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3104] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\s_icons_buttons.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9003] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\s_icons_buttons.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4760] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\t2_bg.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3956] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\t2_bg.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8921] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\tsd_bg.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1871] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\tsd_bg.res"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3860] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_511745-514279.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingC890] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_511745-514279.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8170] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_categorize.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1944] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_categorize.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9597] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_comparison.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2776] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_comparison.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1947] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_explorer-Mails.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7195] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_explorer-Mails.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingA427] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_explorer-people.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9713] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\top7.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2714] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_favorites.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6274] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_favorites.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9350] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Games.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1668] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Games.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6017] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Hide.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4224] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Hide.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9860] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_hotbarcom.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9157] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_hotbarcom.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2464] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Hotmail.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3846] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_hsskin.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2413] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_hsskin.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9548] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Mails.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7484] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Mails.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7966] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_new.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4177] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_new.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5303] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_premium.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1535] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_premium.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4271] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_searchfor.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6045] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_searchfor.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8246] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_searchgo.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3859] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_searchgo.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9461] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_weather.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9866] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_weather.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5769] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_yellowpages.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4039] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_yellowpages.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2270] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\email-def-511724-548964.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9493] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\email-def-511724-548964.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2835] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\email-def-511724-9595.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3402] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\email-def-511724-9595.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1622] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\theweb.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5398] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Top7_theweb.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3863] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\Top7_theweb.mnu"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3427] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\btntrans.idx"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7043] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\btntrans.idx"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4196] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\keywords.idx"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5496] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\keywords.idx"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3790] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\btntrans1.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3906] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\btntrans1.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3775] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\keywords1.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9657] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\keywords1.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1128] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\components.cdf"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3799] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\components.cdf"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6583] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\default.cdf"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3657] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\default.cdf"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9057] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\layout.cdf"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2118] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\layout.cdf"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3769] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\top7.cdf"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3776] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\2\top7.cdf"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1827] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6323] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6344] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans1.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2032] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans1.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7736] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\buttondir.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8647] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\buttondir.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2374] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\cursors.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7868] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\cursors.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3329] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\default.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC916] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\default.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5211] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_1000.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2749] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_1000.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7100] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_2000.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1033] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_2000.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3401] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_3000.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3187] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_3000.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9788] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bar.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2480] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bar.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9495] command /c del "C:\Program Files\Applications\ot.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5978] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bbar1.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA869] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_logos.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2460] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_logos.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1516] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_other.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2019] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_other.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9960] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_weather.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8643] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_weather.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4186] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\email-t1-bg.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6868] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\email-t1-bg.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3079] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\icons2.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7746] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\icons2.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2969] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_games_icon.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1174] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_games_icon.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5290] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_video.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4773] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_video.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4611] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7025] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9469] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords1.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6919] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords1.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1779] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\layout.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3661] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\layout.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1555] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\linkpathlegal.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1766] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\linkpathlegal.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5586] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\progress.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5359] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\progress.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6405] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\sales_buttons.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4517] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\sales_buttons.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4349] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9301] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5719] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5193] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9082] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo_ie_menu.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8651] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo_ie_menu.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4297] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\s_icons_buttons.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7531] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\s_icons_buttons.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3616] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\t2_bg.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7517] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\t2_bg.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2710] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\top7.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5156] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\tsd_bg.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2021] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\tsd_bg.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9360] command /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC780] cmd /c del "C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4962] command /c del "C:\Program Files\ASpyC\ASpyC.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8797] cmd /c del "C:\Program Files\ASpyC\ASpyC.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3174] command /c del "C:\WINDOWS\system32\ouhzw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4795] cmd /c del "C:\WINDOWS\system32\ouhzw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5678] command /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8888] cmd /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8445] command /c del "C:\WINDOWS\system32\kdtao.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8523] cmd /c del "C:\WINDOWS\system32\kdtao.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2045] command /c del "C:\Program Files\Applications\iebr.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1988] cmd /c del "C:\Program Files\Applications\iebr.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3533] command /c del "C:\Program Files\Applications\iebt.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5111] cmd /c del "C:\Program Files\Applications\iebt.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1166] command /c del "C:\Program Files\Applications\iebtm.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2342] cmd /c del "C:\Program Files\Applications\iebtm.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8868] command /c del "C:\Program Files\Applications\iebu.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5015] cmd /c del "C:\Program Files\Applications\iebu.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8338] command /c del "C:\Program Files\Applications\iebtmm.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8424] cmd /c del "C:\Program Files\Applications\iebtmm.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1103] command /c del "C:\Program Files\Applications\iebtu.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5931] cmd /c del "C:\Program Files\Applications\iebtu.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7726] command /c del "C:\Program Files\Applications\wcu.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2916] cmd /c del "C:\Program Files\Applications\wcu.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2159] command /c del "C:\Program Files\Applications\wcs.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1546] cmd /c del "C:\Program Files\Applications\wcs.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4357] command /c del "C:\Program Files\Applications\myd.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5771] cmd /c del "C:\Program Files\Applications\myd.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4880] command /c del "C:\Program Files\Applications\mym.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2606] cmd /c del "C:\Program Files\Applications\mym.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4111] command /c del "C:\Program Files\Applications\myp.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2462] cmd /c del "C:\Program Files\Applications\myp.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9613] command /c del "C:\Program Files\Applications\myv.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1536] cmd /c del "C:\Program Files\Applications\myv.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5287] cmd /c del "C:\Program Files\Applications\ot.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7405] command /c del "C:\Program Files\Applications\ts.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5251] cmd /c del "C:\Program Files\Applications\ts.ico"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ASpyC] "C:\Program Files\ASpyC\ASpyC.exe"
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\WAV\wav.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
random/random
2008-08-29, 19:07
Your HijackThis log appears to have been cut off. Please post the rest of it.
dead-bird
2008-08-29, 22:41
Hi,
I have been trying to post the rest of the file for two days...
I keep getting this:
Fatal error: Maximum execution time of 30 seconds exceeded in /arrayx/www/forums/includes/functions.php on line 1734
And will eventually get a message saying my token has expired.
Is the file still too large?
Thanks
Gary
random/random
2008-08-29, 23:47
Zip the file (right click>Send To>Compressed (zipped) Folder) and upload it as an attachment.
dead-bird
2008-08-30, 01:00
HJT log zip file attached
random/random
2008-08-30, 01:09
Right click here (http://downloads.subratam.org/ResetTeaTimer.bat) and click save link as
Save it as resetteatimer.bat to your desktop
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.
Double click on resetteatimer.bat and wait for it to finish
Backup Your Registry with ERUNT
Please use the following link and scroll down to ERUNT and download it.
http://aumha.org/freeware/freeware.php
For version with the Installer:
Use the setup program to install ERUNT on your computer
For the zipped version:
Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.
Note: to restore your registry, go to the folder and start ERDNT.exe
Copy the contents of the following codebox to a notepad window
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
Save it to the desktop as fix.reg, making sure save as type is set to all files
Locate Fix.reg on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the merged successfully prompt
Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.exe) (by S!Ri)
Double-click SmitfraudFix.exe.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply, along with a new HijackThis log.
**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)
dead-bird
2008-08-30, 05:54
Hi,
Here are the reports you requested.
Thanks
Gary
SmitFraudFix v2.342
Scanning Process...
Scanning hosts...
Scanning C:\...
Scanning C:\WINDOWS\...
Scanning C:\WINDOWS\system...
Scanning C:\WINDOWS\Web...
Scanning C:\WINDOWS\system32...
Scanning C:\WINDOWS\system32\LogFiles...
Scanning C:\Documents and Settings\Doris Braddock...
Scanning C:\Documents and Settings\Doris Braddock\Application Data...
Scanning Start Menu...
Scanning C:\DOCUME~1\DORISB~1\FAVORI~1...
Scanning Desktop...
Scanning C:\Program Files...
Scanning corrupted keys
Scanning Desktop Components
Scanning IEDFix
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:45:46, on 8/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Doris Braddock\Desktop\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4060918
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4060918
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {300CF5C9-F02D-4CB8-ABED-9C229DA56825} - C:\Program Files\Applications\iebt.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Internet Service - {254B87BB-510D-41FA-A887-52C5FA9BE585} - C:\Program Files\Applications\iebr.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\WAV\wav.exe
O4 - HKLM\..\Run: [lphcvnpj0e951] C:\WINDOWS\system32\lphcvnpj0e951.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdtao.exe] C:\WINDOWS\system32\kdtao.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.427.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\DORISB~1\LOCALS~1\Temp\200882921831_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\DORISB~1\LOCALS~1\Temp\200882921820_mcinfo.exe /insfin
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ASpyC] "C:\Program Files\ASpyC\ASpyC.exe"
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\WAV\wav.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program Files\Applications\wcs.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - ?p=ZUxdm486NVUS
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{893E489F-F793-4A91-9FBE-EDC05AB677A8}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CAE5F30-FD9C-4656-BC97-63CC895031CF}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCDDB8B1-9584-4DAE-AA8A-FCFC8FC3DA25}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O22 - SharedTaskScheduler: bebization - {97d2dfac-9acb-4d6f-ac2b-ab6ee090f649} - C:\WINDOWS\system32\ouhzw.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 10706 bytes
random/random
2008-08-30, 15:02
You may want to print out these instructions for reference, since you will have to restart your computer during the fix.
Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
At the end of the fix, you may need to restart your computer again.
Finally, please post the contents of the logfile C:\fixwareout\report.txt
Also, please do the following:
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
dead-bird
2008-08-30, 20:57
Hi,
Here are the logs you requested.
Thanks
Gary
Username "Doris Braddock" - 08/30/2008 12:37:20 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\Quickset.exe"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"AppleSyncNotifier"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleSyncNotifier.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"MyWebSearch Plugin"="rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\M3PLUGIN.DLL,UPF"
"Antivirus"="C:\\Program Files\\WAV\\wav.exe"
"lphcvnpj0e951"="C:\\WINDOWS\\system32\\lphcvnpj0e951.exe"
"C:\\WINDOWS\\system32\\kdtao.exe"="C:\\WINDOWS\\system32\\kdtao.exe"
"SeekmoSA"="\"C:\\Program Files\\Seekmo\\bin\\10.0.427.0\\SeekmoSA.exe\""
"MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
"sysrest32.exe"="C:\\WINDOWS\\system32\\sysrest32.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"ASpyC"="\"C:\\Program Files\\ASpyC\\ASpyC.exe\""
"Antivirus"="C:\\Program Files\\WAV\\wav.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
info.txt logfile of random's system information tool 2008-08-30 12:48:28
Uninstall list
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom Management Programs-->MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Corel Photo Album 6-->MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Support 3.1-->MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon-->MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Documents and Settings\Doris Braddock\Desktop\HiJackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes-->MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Outlook 2003 with Business Contact Manager Update-->MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63}
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIRC-->"C:\Excursion9.5\mIRC.ExCurSioN.exe" -uninstall
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mpeg2Decoder 1.3-->"C:\Program Files\Mpeg2Decoder\unins000.exe"
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Napster for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF2606C7-63AF-40F4-8919-F2EC654ACC91}\setup.exe" -l0x9 -removeonly
PowerDVD 5.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine-->MsiExec.exe /I{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
WIDCOMM Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Hosts File
127.0.0.1 localhost
Security center information
AV: McAfee VirusScan
FW: McAfee Personal Firewall Plus
Environment variables
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=MINIMAL
-----------------EOF-----------------
Logfile of random's system information tool (written by random/random)
Run by Doris Braddock at 2008-08-30 12:48:01
Microsoft Windows XP Professional Service Pack 3
System drive C: has 53 GB (76%) free of 70 GB
Total RAM: 1014 MB (81% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:21, on 8/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Doris Braddock\Desktop\RSIT.exe
C:\Documents and Settings\Doris Braddock\Desktop\HiJackThis\Doris Braddock.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4060918
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4060918
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {300CF5C9-F02D-4CB8-ABED-9C229DA56825} - C:\Program Files\Applications\iebt.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Internet Service - {254B87BB-510D-41FA-A887-52C5FA9BE585} - C:\Program Files\Applications\iebr.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\WAV\wav.exe
O4 - HKLM\..\Run: [lphcvnpj0e951] C:\WINDOWS\system32\lphcvnpj0e951.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdtao.exe] C:\WINDOWS\system32\kdtao.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.427.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ASpyC] "C:\Program Files\ASpyC\ASpyC.exe"
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\WAV\wav.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - ?p=ZUxdm486NVUS
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{893E489F-F793-4A91-9FBE-EDC05AB677A8}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CAE5F30-FD9C-4656-BC97-63CC895031CF}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCDDB8B1-9584-4DAE-AA8A-FCFC8FC3DA25}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O22 - SharedTaskScheduler: bebization - {97d2dfac-9acb-4d6f-ac2b-ab6ee090f649} - C:\WINDOWS\system32\ouhzw.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 10524 bytes
Scheduled tasks folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Registry dump
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll [2008-05-15 817936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{300CF5C9-F02D-4CB8-ABED-9C229DA56825}]
C:\Program Files\Applications\iebt.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 118844]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2006-09-18 1191424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{254B87BB-510D-41FA-A887-52C5FA9BE585} - Internet Service - C:\Program Files\Applications\iebr.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-05-01 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-05-01 602182]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\Quickset.exe [2006-06-29 1032192]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-11 53248]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2005-05-31 122941]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"MyWebSearch Plugin"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL []
"Antivirus"=C:\Program Files\WAV\wav.exe [2008-08-15 400384]
"lphcvnpj0e951"=C:\WINDOWS\system32\lphcvnpj0e951.exe [2008-08-21 194560]
"C:\WINDOWS\system32\kdtao.exe"=C:\WINDOWS\system32\kdtao.exe []
"SeekmoSA"=C:\Program Files\Seekmo\bin\10.0.427.0\SeekmoSA.exe []
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2006-11-07 1121280]
"sysrest32.exe"=C:\WINDOWS\system32\sysrest32.exe [2008-08-30 23552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"ASpyC"=C:\Program Files\ASpyC\ASpyC.exe []
"Antivirus"=C:\Program Files\WAV\wav.exe [2008-08-15 400384]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe [2006-06-29 1032192]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe [2005-05-15 332800]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2005-05-31 122941]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-11 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-12-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-12-13 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-12-13 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\stsystra.exe [2006-03-24 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2006-05-24 622653]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2003-10-29 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-11-04 258048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
C:\PROGRA~1\MI6841~1\80\Tools\Binn\sqlmangr.exe /n []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
bebization - {97d2dfac-9acb-4d6f-ac2b-ab6ee090f649} - C:\WINDOWS\system32\ouhzw.dll []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispBackgroundPage"=1
"NoDispScrSavPage"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\Doris Braddock\Local Settings\Temp\.tt15.tmp"="C:\Documents and Settings\Doris Braddock\Local Settings\Temp\.tt15.tmp:*:Enabled:enable"
"C:\WINDOWS\system32\sysrest32.exe"="C:\WINDOWS\system32\sysrest32.exe:*:Enabled:enable"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe
List of files/folders created in the last three months
2008-08-30 12:48:01 ----D---- C:\rsit
2008-08-30 12:36:42 ----D---- C:\fixwareout
2008-08-30 12:09:27 ----A---- C:\WINDOWS\system32\sysrest32.exe
2008-08-29 21:39:24 ----A---- C:\WINDOWS\system32\tmp.txt
2008-08-29 21:39:17 ----A---- C:\rapport.txt
2008-08-29 21:38:35 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-08-29 21:38:34 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-08-29 21:38:34 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-08-29 21:38:34 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-08-29 21:38:34 ----A---- C:\WINDOWS\system32\swxcacls.exe
2008-08-29 21:38:34 ----A---- C:\WINDOWS\system32\swsc.exe
2008-08-29 21:38:34 ----A---- C:\WINDOWS\system32\swreg.exe
2008-08-29 21:38:34 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-08-29 21:38:34 ----A---- C:\WINDOWS\system32\Process.exe
2008-08-29 21:38:34 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-08-29 21:38:34 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-08-29 21:38:34 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-08-29 21:38:34 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-08-29 21:26:44 ----D---- C:\WINDOWS\ERDNT
2008-08-27 23:33:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-08-27 23:33:59 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-27 22:20:19 ----A---- C:\WINDOWS\ntbtlog.txt
2008-08-22 03:11:43 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-22 00:40:00 ----D---- C:\Program Files\Seekmo
2008-08-22 00:40:00 ----D---- C:\Documents and Settings\Doris Braddock\Application Data\Seekmo
2008-08-21 23:34:19 ----A---- C:\WINDOWS\system32\lphcvnpj0e951.exe
2008-08-16 22:20:50 ----D---- C:\Program Files\WAV
2008-08-16 21:34:20 ----D---- C:\WINDOWS\system32\857060
2008-08-15 08:21:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-15 08:20:56 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-15 08:20:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-15 08:17:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-15 08:17:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-15 08:15:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-15 08:10:13 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-08-11 22:14:27 ----D---- C:\Program Files\MyWebSearch
2008-08-11 22:12:37 ----D---- C:\Program Files\FunWebProducts
2008-07-20 14:04:43 ----A---- C:\WINDOWS\system32\ltimg13n.dll
2008-07-20 14:04:43 ----A---- C:\WINDOWS\system32\ltfil13n.dll
2008-07-20 14:04:43 ----A---- C:\WINDOWS\system32\ltefx13n.dll
2008-07-20 14:04:43 ----A---- C:\WINDOWS\system32\ltdis13n.dll
2008-07-20 14:04:43 ----A---- C:\WINDOWS\system32\lfgif13n.dll
2008-07-20 14:04:43 ----A---- C:\WINDOWS\system32\lfcmp13n.dll
2008-07-20 14:04:43 ----A---- C:\WINDOWS\system32\lfbmp13n.dll
2008-07-20 14:04:42 ----A---- C:\WINDOWS\system32\ltkrn13n.dll
2008-07-15 18:47:08 ----D---- C:\Program Files\iPod
2008-07-15 18:47:04 ----D---- C:\Program Files\iTunes
2008-07-15 18:44:56 ----D---- C:\Program Files\Bonjour
2008-07-15 18:43:56 ----D---- C:\Program Files\QuickTime
2008-07-15 18:42:02 ----D---- C:\Program Files\Common Files\Apple
2008-07-14 13:56:40 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-12 12:23:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-07-11 14:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-07-05 19:09:18 ----A---- C:\Documents and Settings\Doris Braddock\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
2008-07-05 18:41:14 ----A---- C:\WINDOWS\system32\tfswapi.dll
2008-07-05 18:41:14 ----A---- C:\WINDOWS\dla.exe
2008-07-05 18:41:12 ----D---- C:\WINDOWS\system32\dla
2008-07-03 18:49:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-14 08:03:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-13 22:57:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-13 22:57:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-13 22:57:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-06-03 23:32:33 ----D---- C:\Program Files\Microsoft Silverlight
2008-06-03 23:31:28 ----D---- C:\WINDOWS\ie7updates
2008-06-03 23:29:09 ----D---- C:\WINDOWS\WBEM
2008-06-03 23:24:54 ----A---- C:\WINDOWS\imsins.BAK
2008-06-03 22:21:47 ----D---- C:\Program Files\CCleaner
2008-06-03 21:57:35 ----D---- C:\Program Files\Mpeg2Decoder
2008-06-03 19:57:15 ----D---- C:\WINDOWS\Prefetch
2008-06-03 19:45:16 ----D---- C:\WINDOWS\system32\scripting
2008-06-03 19:45:14 ----D---- C:\WINDOWS\l2schemas
2008-06-03 19:45:13 ----D---- C:\WINDOWS\system32\en
2008-06-03 19:45:12 ----D---- C:\WINDOWS\system32\bits
2008-06-03 19:37:28 ----D---- C:\WINDOWS\ServicePackFiles
2008-06-03 19:22:56 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-06-03 19:13:37 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-06-03 19:13:32 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-06-03 19:13:29 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-06-03 19:13:27 ----A---- C:\WINDOWS\system32\winbrand.dll
2008-06-03 19:13:26 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-06-03 19:13:26 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-06-03 19:13:10 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-06-03 19:13:10 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-06-03 19:12:56 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-06-03 19:12:55 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-06-03 19:12:52 ----N---- C:\WINDOWS\system32\slserv.exe
2008-06-03 19:12:52 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-06-03 19:12:52 ----N---- C:\WINDOWS\slrundll.exe
2008-06-03 19:12:51 ----N---- C:\WINDOWS\system32\slgen.dll
2008-06-03 19:12:51 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-06-03 19:12:51 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-06-03 19:12:47 ----N---- C:\WINDOWS\system32\setupn.exe
2008-06-03 19:12:42 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-06-03 19:12:39 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-06-03 19:12:35 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-06-03 19:12:34 ----N---- C:\WINDOWS\system32\qutil.dll
2008-06-03 19:12:33 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-06-03 19:12:32 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-06-03 19:12:32 ----N---- C:\WINDOWS\system32\qagent.dll
2008-06-03 19:12:29 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-06-03 19:12:25 ----N---- C:\WINDOWS\system32\onex.dll
2008-06-03 19:12:10 ----N---- C:\WINDOWS\system32\napstat.exe
2008-06-03 19:12:10 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-06-03 19:12:10 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-06-03 19:12:09 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-06-03 19:12:08 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-06-03 19:12:08 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-06-03 19:12:05 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-06-03 19:12:05 ----N---- C:\WINDOWS\system32\mssha.dll
2008-06-03 19:11:42 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-06-03 19:11:42 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-06-03 19:11:41 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-06-03 19:11:41 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-06-03 19:11:23 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-06-03 19:11:22 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-06-03 19:11:21 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-06-03 19:11:21 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-06-03 19:11:20 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-06-03 19:11:20 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-06-03 19:11:04 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-06-03 19:11:03 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-06-03 19:10:57 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-06-03 19:10:49 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-06-03 19:10:38 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-06-03 19:10:38 ----A---- C:\WINDOWS\003083_.tmp
2008-06-03 19:10:35 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-06-03 19:10:35 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-06-03 19:10:35 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-06-03 19:10:35 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-06-03 19:10:35 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-06-03 19:10:35 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-06-03 19:10:34 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-06-03 19:10:34 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-06-03 19:10:30 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-06-03 19:10:30 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-06-03 19:10:30 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-06-03 19:10:30 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-06-03 19:10:30 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-06-03 19:10:30 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-06-03 19:10:30 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-06-03 19:10:27 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-06-03 19:10:27 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-06-03 19:10:27 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-06-03 19:10:22 ----N---- C:\WINDOWS\system32\credssp.dll
2008-06-03 19:10:13 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-06-03 19:10:13 ----N---- C:\WINDOWS\system32\azroles.dll
2008-06-03 19:10:11 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-06-03 19:10:11 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-06-03 19:10:09 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-06-03 19:10:09 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-06-03 19:10:09 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-06-03 19:10:09 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-06-03 19:10:08 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-06-03 19:09:57 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-06-02 19:50:10 ----N---- C:\WINDOWS\system32\spmsg.dll
List of drivers
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2005-05-13 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2005-05-13 23545]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-07-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-07-14 307968]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 APPDRV;APPDRV; C:\WINDOWS\system32\SYSTEM32\DRIVERS\APPDRV.SYS []
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-09-18 21275]
S2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-09-18 8552]
S2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
S2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2005-04-21 40544]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-12-27 8413]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
S2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-05-01 13568]
S2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-05-31 25725]
S2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-05-31 34845]
S2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-05-31 4125]
S2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-05-31 2241]
S2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-05-31 86876]
S2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-05-31 15069]
S2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-05-31 6365]
S2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-05-31 98716]
S2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-05-31 100605]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-24 328237]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-24 30427]
S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-24 851434]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-24 148900]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-05-24 45683]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-24 30285]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-24 66488]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
S3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-13 1364574]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 sysrest.sys;sysrest.sys; \??\C:\WINDOWS\system32\sysrest.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-26 1429632]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\agp440.sys []
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\agpCPQ.sys []
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\alim1541.sys []
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\system32\DRIVERS\amdagp.sys []
S4 cbidf;cbidf; C:\WINDOWS\system32\system32\DRIVERS\cbidf2k.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\system32\DRIVERS\intelide.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\sisagp.sys []
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\viaagp.sys []
List of services
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
S2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-24 266295]
S2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
S2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
S2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-05-01 114753]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [2008-08-11 28739]
S2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-06-29 376832]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-05-01 217164]
S2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-05-01 540745]
S2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2006-05-01 262217]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
-----------------EOF-----------------
random/random
2008-08-30, 23:48
Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post back with the Malwarebytes' Anti-Malware log and a new HijackThis log.
dead-bird
2008-08-31, 04:41
Hi,
Here are the logs you requested:
Thanks
Gary
Malwarebytes' Anti-Malware 1.25
Database version: 1099
Windows 5.1.2600 Service Pack 3
8:29:44 PM 8/30/2008
mbam-log-08-30-2008 (20-29-44).txt
Scan type: Full Scan (C:\|)
Objects scanned: 97513
Time elapsed: 25 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 31
Registry Values Infected: 24
Registry Data Items Infected: 16
Folders Infected: 31
Files Infected: 102
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{300cf5c9-f02d-4cb8-abed-9c229da56825} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{97d2dfac-9acb-4d6f-ac2b-ab6ee090f649} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{254b87bb-510d-41fa-a887-52c5fa9be585} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{300cf5c9-f02d-4cb8-abed-9c229da56825} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ASpyC (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ASpyC (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcvnpj0e951 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\Seekmo (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.427.0 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.427.0\firefox (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.427.0\firefox\extensions (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.427.0\firefox\extensions\components (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.427.0\firefox\extensions\plugins (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\WAV (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\857060 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doris Braddock\Application Data\Seekmo (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\HostOL (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\HostOL\static (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\HostOL\static\1 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doris Braddock\Application Data\Seekmo\v3.0\HostOL\static\DownLoad (Adware.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcvnpj0e951.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\857060\857060.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.427.0\firefox\extensions\chrome.manifest (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.427.0\firefox\extensions\install.rdf (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.427.0\firefox\extensions\components\npclntax.xpt (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.427.0\firefox\extensions\plugins\npclntax_SeekmoSA.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0002CA7A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0002EF09.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0002F236.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0002F3AD.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00030243.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\1397DE9F (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\1397E045.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\1397E1EB.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\1397E40D.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\1397E6DC.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\WAV\wav.cpl (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\WAV\wav.exe (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wav.cpl (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcvnpj0e951.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcvnpj0e951.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doris Braddock\Desktop\Windows Antivirus 2008.lnk (Rogue.WindowsAntivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doris Braddock\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doris Braddock\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doris Braddock\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doris Braddock\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doris Braddock\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doris Braddock\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doris Braddock\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doris Braddock\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doris Braddock\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doris Braddock\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doris Braddock\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:32, on 8/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Doris Braddock\Desktop\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4060918
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4060918
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {254B87BB-510D-41FA-A887-52C5FA9BE585} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdtao.exe] C:\WINDOWS\system32\kdtao.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.427.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - ?p=ZUxdm486NVUS
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{893E489F-F793-4A91-9FBE-EDC05AB677A8}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CAE5F30-FD9C-4656-BC97-63CC895031CF}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCDDB8B1-9584-4DAE-AA8A-FCFC8FC3DA25}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O22 - SharedTaskScheduler: bebization - {97d2dfac-9acb-4d6f-ac2b-ab6ee090f649} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 8837 bytes
random/random
2008-08-31, 14:54
It is starting to look much better now.
Go to Start > Run... and copy/paste the text below into the Runbox:
"C:\Documents and Settings\Doris Braddock\Desktop\RSIT.exe" /info
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
dead-bird
2008-08-31, 22:16
Hi,
Yes, things are looking much better now.
Thank You
Gary
Here are the logs you requested.
Logfile of random's system information tool (written by random/random)
Run by Doris Braddock at 2008-08-31 14:06:07
Microsoft Windows XP Professional Service Pack 3
System drive C: has 52 GB (74%) free of 70 GB
Total RAM: 1014 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:06:12, on 8/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Doris Braddock\Desktop\RSIT.exe
C:\Documents and Settings\Doris Braddock\Desktop\HiJackThis\Doris Braddock.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4060918
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4060918
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {254B87BB-510D-41FA-A887-52C5FA9BE585} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdtao.exe] C:\WINDOWS\system32\kdtao.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.427.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - ?p=ZUxdm486NVUS
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{893E489F-F793-4A91-9FBE-EDC05AB677A8}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CAE5F30-FD9C-4656-BC97-63CC895031CF}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCDDB8B1-9584-4DAE-AA8A-FCFC8FC3DA25}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O22 - SharedTaskScheduler: bebization - {97d2dfac-9acb-4d6f-ac2b-ab6ee090f649} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 10255 bytes
Scheduled tasks folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Registry dump
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll [2008-05-15 817936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 118844]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2006-09-18 1191424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{254B87BB-510D-41FA-A887-52C5FA9BE585}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-05-01 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-05-01 602182]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\Quickset.exe [2006-06-29 1032192]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-11 53248]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2005-05-31 122941]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"C:\WINDOWS\system32\kdtao.exe"=C:\WINDOWS\system32\kdtao.exe []
"SeekmoSA"=C:\Program Files\Seekmo\bin\10.0.427.0\SeekmoSA.exe []
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2006-11-07 1121280]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe [2006-06-29 1032192]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe [2005-05-15 332800]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2005-05-31 122941]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-11 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-12-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-12-13 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-12-13 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\stsystra.exe [2006-03-24 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2006-05-24 622653]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2003-10-29 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-11-04 258048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
C:\PROGRA~1\MI6841~1\80\Tools\Binn\sqlmangr.exe /n []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
bebization - {97d2dfac-9acb-4d6f-ac2b-ab6ee090f649}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll schannel.dll digest.dll msnsspc.dll
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\Doris Braddock\Local Settings\Temp\.tt15.tmp"="C:\Documents and Settings\Doris Braddock\Local Settings\Temp\.tt15.tmp:*:Enabled:enable"
"C:\WINDOWS\system32\sysrest32.exe"="C:\WINDOWS\system32\sysrest32.exe:*:Enabled:enable"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe
File associations
.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*
List of files/folders created in the last three months
2008-08-30 19:58:52 ----D---- C:\Documents and Settings\Doris Braddock\Application Data\Malwarebytes
2008-08-30 19:58:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-30 19:58:47 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-30 12:48:01 ----D---- C:\rsit
2008-08-30 12:36:42 ----D---- C:\fixwareout
2008-08-29 21:39:24 ----A---- C:\WINDOWS\system32\tmp.txt
2008-08-29 21:39:17 ----A---- C:\rapport.txt
2008-08-29 21:38:35 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-08-29 21:38:34 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-08-29 21:38:34 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-08-29 21:38:34 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-08-29 21:38:34 ----A---- C:\WINDOWS\system32\swxcacls.exe
2008-08-29 21:38:34 ----A---- C:\WINDOWS\system32\swsc.exe
2008-08-29 21:38:34 ----A---- C:\WINDOWS\system32\swreg.exe
2008-08-29 21:38:34 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-08-29 21:38:34 ----A---- C:\WINDOWS\system32\Process.exe
2008-08-29 21:38:34 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-08-29 21:38:34 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-08-29 21:38:34 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-08-29 21:38:34 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-08-29 21:26:44 ----D---- C:\WINDOWS\ERDNT
2008-08-27 23:33:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-08-27 23:33:59 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-27 22:20:19 ----A---- C:\WINDOWS\ntbtlog.txt
2008-08-22 03:11:43 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-15 08:21:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-15 08:20:56 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-15 08:20:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-15 08:17:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-15 08:17:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-15 08:15:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-15 08:10:13 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-07-20 14:04:43 ----A---- C:\WINDOWS\system32\ltimg13n.dll
2008-07-20 14:04:43 ----A---- C:\WINDOWS\system32\ltfil13n.dll
2008-07-20 14:04:43 ----A---- C:\WINDOWS\system32\ltefx13n.dll
2008-07-20 14:04:43 ----A---- C:\WINDOWS\system32\ltdis13n.dll
2008-07-20 14:04:43 ----A---- C:\WINDOWS\system32\lfgif13n.dll
2008-07-20 14:04:43 ----A---- C:\WINDOWS\system32\lfcmp13n.dll
2008-07-20 14:04:43 ----A---- C:\WINDOWS\system32\lfbmp13n.dll
2008-07-20 14:04:42 ----A---- C:\WINDOWS\system32\ltkrn13n.dll
2008-07-15 18:47:08 ----D---- C:\Program Files\iPod
2008-07-15 18:47:04 ----D---- C:\Program Files\iTunes
2008-07-15 18:44:56 ----D---- C:\Program Files\Bonjour
2008-07-15 18:43:56 ----D---- C:\Program Files\QuickTime
2008-07-15 18:42:02 ----D---- C:\Program Files\Common Files\Apple
2008-07-14 13:56:40 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-12 12:23:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-07-11 14:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-07-05 19:09:18 ----A---- C:\Documents and Settings\Doris Braddock\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
2008-07-05 18:41:14 ----A---- C:\WINDOWS\system32\tfswapi.dll
2008-07-05 18:41:14 ----A---- C:\WINDOWS\dla.exe
2008-07-05 18:41:12 ----D---- C:\WINDOWS\system32\dla
2008-07-03 18:49:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-14 08:03:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-13 22:57:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-13 22:57:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-13 22:57:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-06-03 23:32:33 ----D---- C:\Program Files\Microsoft Silverlight
2008-06-03 23:31:28 ----D---- C:\WINDOWS\ie7updates
2008-06-03 23:29:09 ----D---- C:\WINDOWS\WBEM
2008-06-03 23:24:54 ----A---- C:\WINDOWS\imsins.BAK
2008-06-03 22:21:47 ----D---- C:\Program Files\CCleaner
2008-06-03 21:57:35 ----D---- C:\Program Files\Mpeg2Decoder
2008-06-03 19:57:15 ----D---- C:\WINDOWS\Prefetch
2008-06-03 19:45:16 ----D---- C:\WINDOWS\system32\scripting
2008-06-03 19:45:14 ----D---- C:\WINDOWS\l2schemas
2008-06-03 19:45:13 ----D---- C:\WINDOWS\system32\en
2008-06-03 19:45:12 ----D---- C:\WINDOWS\system32\bits
2008-06-03 19:37:28 ----D---- C:\WINDOWS\ServicePackFiles
2008-06-03 19:22:56 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-06-03 19:13:37 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-06-03 19:13:32 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-06-03 19:13:29 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-06-03 19:13:27 ----A---- C:\WINDOWS\system32\winbrand.dll
2008-06-03 19:13:26 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-06-03 19:13:26 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-06-03 19:13:10 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-06-03 19:13:10 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-06-03 19:12:56 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-06-03 19:12:55 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-06-03 19:12:52 ----N---- C:\WINDOWS\system32\slserv.exe
2008-06-03 19:12:52 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-06-03 19:12:52 ----N---- C:\WINDOWS\slrundll.exe
2008-06-03 19:12:51 ----N---- C:\WINDOWS\system32\slgen.dll
2008-06-03 19:12:51 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-06-03 19:12:51 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-06-03 19:12:47 ----N---- C:\WINDOWS\system32\setupn.exe
2008-06-03 19:12:42 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-06-03 19:12:39 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-06-03 19:12:35 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-06-03 19:12:34 ----N---- C:\WINDOWS\system32\qutil.dll
2008-06-03 19:12:33 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-06-03 19:12:32 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-06-03 19:12:32 ----N---- C:\WINDOWS\system32\qagent.dll
2008-06-03 19:12:29 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-06-03 19:12:25 ----N---- C:\WINDOWS\system32\onex.dll
2008-06-03 19:12:10 ----N---- C:\WINDOWS\system32\napstat.exe
2008-06-03 19:12:10 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-06-03 19:12:10 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-06-03 19:12:09 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-06-03 19:12:08 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-06-03 19:12:08 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-06-03 19:12:05 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-06-03 19:12:05 ----N---- C:\WINDOWS\system32\mssha.dll
2008-06-03 19:11:42 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-06-03 19:11:42 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-06-03 19:11:41 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-06-03 19:11:41 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-06-03 19:11:23 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-06-03 19:11:22 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-06-03 19:11:21 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-06-03 19:11:21 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-06-03 19:11:20 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-06-03 19:11:20 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-06-03 19:11:04 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-06-03 19:11:03 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-06-03 19:10:57 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-06-03 19:10:49 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-06-03 19:10:38 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-06-03 19:10:38 ----A---- C:\WINDOWS\003083_.tmp
2008-06-03 19:10:35 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-06-03 19:10:35 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-06-03 19:10:35 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-06-03 19:10:35 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-06-03 19:10:35 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-06-03 19:10:35 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-06-03 19:10:34 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-06-03 19:10:34 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-06-03 19:10:30 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-06-03 19:10:30 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-06-03 19:10:30 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-06-03 19:10:30 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-06-03 19:10:30 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-06-03 19:10:30 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-06-03 19:10:30 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-06-03 19:10:27 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-06-03 19:10:27 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-06-03 19:10:27 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-06-03 19:10:22 ----N---- C:\WINDOWS\system32\credssp.dll
2008-06-03 19:10:13 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-06-03 19:10:13 ----N---- C:\WINDOWS\system32\azroles.dll
2008-06-03 19:10:11 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-06-03 19:10:11 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-06-03 19:10:09 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-06-03 19:10:09 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-06-03 19:10:09 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-06-03 19:10:09 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-06-03 19:10:08 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-06-03 19:09:57 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-06-02 19:50:10 ----N---- C:\WINDOWS\system32\spmsg.dll
List of drivers
R1 APPDRV;APPDRV; C:\WINDOWS\system32\SYSTEM32\DRIVERS\APPDRV.SYS []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2005-05-13 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2005-05-13 23545]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-09-18 21275]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-09-18 8552]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2005-04-21 40544]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-12-27 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-05-01 13568]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-05-31 25725]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-05-31 34845]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-05-31 4125]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-05-31 2241]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-05-31 86876]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-05-31 15069]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-05-31 6365]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-05-31 98716]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-05-31 100605]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-24 328237]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-24 30427]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-24 851434]
R3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-24 30285]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-24 66488]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-13 1364574]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-07-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-07-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-26 1429632]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-24 148900]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-05-24 45683]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\agp440.sys []
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\agpCPQ.sys []
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\alim1541.sys []
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\system32\DRIVERS\amdagp.sys []
S4 cbidf;cbidf; C:\WINDOWS\system32\system32\DRIVERS\cbidf2k.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\system32\DRIVERS\intelide.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\sisagp.sys []
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\viaagp.sys []
List of services
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-24 266295]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-05-01 114753]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-06-29 376832]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-05-01 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-05-01 540745]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2006-05-01 262217]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
-----------------EOF-----------------
info.txt logfile of random's system information tool 2008-08-31 14:06:17
Uninstall list
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom Management Programs-->MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Corel Photo Album 6-->MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Support 3.1-->MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon-->MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Documents and Settings\Doris Braddock\Desktop\HiJackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes-->MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Outlook 2003 with Business Contact Manager Update-->MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63}
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIRC-->"C:\Excursion9.5\mIRC.ExCurSioN.exe" -uninstall
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mpeg2Decoder 1.3-->"C:\Program Files\Mpeg2Decoder\unins000.exe"
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Napster for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF2606C7-63AF-40F4-8919-F2EC654ACC91}\setup.exe" -l0x9 -removeonly
PowerDVD 5.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine-->MsiExec.exe /I{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
WIDCOMM Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Hosts File
127.0.0.1 localhost
Security center information
AV: McAfee VirusScan
FW: McAfee Personal Firewall Plus
Environment variables
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
-----------------EOF-----------------
random/random
2008-09-01, 23:03
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.
Copy the contents of the following codebox to a notepad window
REGEDIT4
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=-
"C:\\Documents and Settings\\Doris Braddock\\Local Settings\\Temp\\.tt15.tmp"=-
"C:\\WINDOWS\\system32\\sysrest32.exe"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
Save it to the desktop as fix.reg, making sure save as type is set to all files
Locate Fix.reg on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the merged successfully prompt
Go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
Untick the following:
Hide extensions for known file types
Hide protected operating system files (Recommended)
You will get a message warning you about showing protected operating system files, click Yes
Make sure this option is selected:
Show hidden files and folders
Click Apply and then click OK
Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).
O3 - Toolbar: (no name) - {254B87BB-510D-41FA-A887-52C5FA9BE585} - (no file)
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdtao.exe] C:\WINDOWS\system32\kdtao.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.427.0\SeekmoSA.exe"
O8 - Extra context menu item: &Search - ?p=ZUxdm486NVUS
O22 - SharedTaskScheduler: bebization - {97d2dfac-9acb-4d6f-ac2b-ab6ee090f649} - (no file)
Then close all windows except HijackThis and click Fix Checked.
Restart
Use Windows Explorer to find and delete these files:
C:\WINDOWS\003083_.tmp
C:\WINDOWS\system32\kdtao.exe
As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete
Please do a scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html)
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Click on the Accept button and install any components it needs.
The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer
This will start the program and scan your system.
The scan will take a while, so be patient and let it run.
Once the scan is complete, click on View scan report
Now, click on the Save Report as button.
Save the file to your desktop.
Copy and paste that information in your next post, along with a new HijackThis log and a description of any remaining problems.
dead-bird
2008-09-02, 06:42
Hi,
Things are looking normal as far as I can tell. I will try to use this machine some tomorrow and let you know.
I was unable to find the file:
C:\WINDOWS\system32\kdtao.exe
Everything else went like clockwork.
Thanks
Gary
Here are the logs you requested.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, September 1, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, September 02, 2008 00:43:26
Records in database: 1176244
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Files scanned: 58313
Threat name: 3
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 01:48:53
File name / Threat name / Threats count
iexplore.exe\MSIMG32.dll/iexplore.exe\MSIMG32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.cv 1
C:\Program Files\Internet Explorer\MSIMG32.dll/C:\Program Files\Internet Explorer\MSIMG32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.cv 1
C:\Documents and Settings\Doris Braddock\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Doris Braddock\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\ExcursionX_BETA.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Program Files\Internet Explorer\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.cv 1
The selected area was scanned.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:16, on 9/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Doris Braddock\Desktop\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4060918
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4060918
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{893E489F-F793-4A91-9FBE-EDC05AB677A8}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CAE5F30-FD9C-4656-BC97-63CC895031CF}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCDDB8B1-9584-4DAE-AA8A-FCFC8FC3DA25}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 9852 bytes
dead-bird
2008-09-03, 15:45
Hi,
Web surfing was fine with no issues or funny stuff.
It did seem a little sluggish at times but I think it's just me used to the desk top...
Gary
random/random
2008-09-03, 18:43
Delete these files from your desktop:
SmitfraudFix.exe
resetteatimer.bat
Fixwareout.exe
RSIT.exe
fix.reg
Use Windows Explorer to find and delete these files:
C:\Program Files\Internet Explorer\MSIMG32.dll
C:\ExcursionX_BETA.exe << only delete this if you don't know what it is
And these folders:
C:\Fixwareout
C:\RSIT
As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete
You now appear to be clean. Congratulations!
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints (http://www.malwarecomplaints.info/index.php), you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.
Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
Turn System Restore off
On the Desktop, right click on the My Computer icon.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.Restart
Turn System Restore on
On the Desktop, right click on the My Computer icon.
Click Properties.
Click the System Restore tab.
Uncheck *Turn off System Restore*.
Click Apply, and then click OK.
Note: only do this once, and not on a regular basis
Make sure that you keep your antivirus updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software
Two good antivirus programs free for non-commercial home use are Avast! (http://www.avast.com/eng/avast_4_home.html) and Antivir (http://www.free-av.com/)
Two good paid for antivirus programs are NOD32 (http://www.nod32.com/) and Bitdefender (http://www.bitdefender.com/)
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
Go here (http://www.update.microsoft.com/microsoftupdate/v6/muoptdefault.aspx) to check for & install updates to Microsoft applications
Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
Keep your non-Microsoft applications updated as well
Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector (http://secunia.com/software_inspector) - I suggest that you run it at least once a month
Make Internet Explorer more secure
Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.
Install SpywareBlaster & make sure to update it regularly
SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
If you don't know what activex controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
You can download SpywareBlaster from here (http://www.javacoolsoftware.com/sbdownload.html)
Install and use Spybot Search & Destroy
Instructions are located here (http://www.bleepingcomputer.com/tutorials/tutorial43.html)
Make sure you update, reimmunize & scan regularly
Make use of the HOSTS file included with Spybot Search & Destroy
Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy
Run Spybot Search & Destroy
Click on Mode, and then place a tick next to Advanced mode
Click Yes
In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File
Click on Add Spybot-S&D hosts listNote: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
Click Start > Run Type services.msc & click OK
In the list, find the service called DNS Client & double click on it. On the dropdown box, change the setting from automatic to manual. Click OK & then close the Services windowFor a more detailed explanation of the HOSTS file, click here (http://forum.malwareremoval.com/viewtopic.php?t=22187)
Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date
dead-bird
2008-09-03, 22:20
Hi,
Everything went as planned with possibly one exception.
I deleted the file C:\RSIT. Did a search just to be sure and found the file - RSIT.EXE-14479531.pf.
Is this OK or do I need to do away with that one?
Thanks
Gary
random/random
2008-09-05, 19:38
You don't need to worry about that file.
dead-bird
2008-09-06, 02:11
Thank you very much for your assistance.
Gary
random/random
2008-09-09, 19:31
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me a private message (pm). A valid, working link to the closed topic is required.