View Full Version : Daughter's Computer Infected with new Variant, I think
Well my daughter finally complained to me about her laptop. It is definitely infected with a number of viruses, trojans, and "what nots".
System:
HP Laptop computer.
Windows XP SP2
Description of what we are facing:
Background is changed to a blue screen with a message about the virus application is out of date and a big link in the middle of the screen leading off to a site (no one has clicked it).
A pop up shows up every so often claiming to be from "Microsoft Security Center", it is red (again with links leading off).
A Yellow Triangle with an exclamation mark in the middle shows up every soften in the System Tray with a balloon about virus protection being out of date.
A Red ball icon has appeared in the system tray, again with a balloon that pops up every so often telling us that the virus checker is out of date and we need to install an update (again from a site that we know nothing about).
The Task Manager has been disabled.
Using IE or Firefox is impossible. New tabs are opened automatically, sometimes IE starts on its own and attempts to load up to 20 or so tabs at once.
Running in Safe Mode causes system to reboot. (We can get to the login screen and Windows starts up, but about 2-3 seconds after we get the normal background, the system turns itself off.)
What we have tried so far (and the results :sad: )
Installed Spybot S&D 1.6.0.30
Installed updates manually using "spybotsd_includes-2008-10-01.exe" (Attempting to download updates using the internet connection results in "unable to obtain update file" messages.
Attempted to run Spybot S&D
Results: Spybot S&D will not load or run
Installed and ran CWS.SmartKiller from "http://www.safer-networking.org/files/"
Results: Message Box indicates "CS ...v1/v2" is not installed.
Downloaded and installed HIJackThis.
Results: Program will not run.
Was able to load MSConfig and supposedly starting programs and services and unchecked as many as I felt I could that would not cause problems.
Results: No real change
Was able to install and run System Explorer by Mister Group 20008, version 1.4. I can see some of the processes, but do not necessarily know what to look for at this point.
I do have a number of other computers that do not seem to be affected at this time. I also have the ability to remove her harddrive and connect it to other systems as an "External Drive" (I did this once to make a backup when I needed to send the system in for repairs when the graphics system died on the laptop.)
I'll try almost anything at this point, and was wondering if it would make sense to attache the hard drive to another system, run Spybot S&D on it then put it back into the laptop. I know the registry won't be cleaned, but I suspect the problem files would be gone. I could then run Spybot S&D on the system which would clean up the registry (I think).
Is there a less drastic way to get rid of the things that are preventing me from running Spybot S&D?
(Of course to add insult to injury, my daughter has a term paper due on Nov 3, and if we can't fix the lap top soon, she'll have to retype the whole thing [yea right, mom and dad will end up retyping it! Not something I'm looking forward to.]
Any help would be really appreciated.
Dave
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly :D
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
my daughter has a term paper due on Nov 3
We had best get moving then :)
If you can boot the infected machine and download the following then great, if not then you can download the files to a second computer and transfer them via USB/Flash drive.
----------------------------------------------------------- -----------------------------------------------------------
Step 1
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------------------------------------------------------- -----------------------------------------------------------
Step 2
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See HERE (http://www.bleepingcomputer.com/forums/topic114351.html) for help
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Thanks Katana for your reply. I've done what I can and had some good results and not so good results. Here's what I was able to do:
Step 1
Due to the PC not having a network connection (it was connected but could not connect to anything that was valid) I downloaded Malwarebytes' Anti-Malware and placed it on a USB drive.
[ I also downloaded Combofix and placed it on the USB drive at the same time to save me a trip back to this computer. Yes the infected one is a laptop, but if you could see my desk, you'd understand why I want to leave the laptop in the other room :red: ]
Copied the Anti-Malware exe to the desk top and ran it from there.
It failed when it attempted to connect for an update, but the version installed was Version 1.30 (October 22, 2008).
It ran for 2 hours, 2 mins, and 59 sec and found 53 items. Below is the log file which I saved to the USB drive:
-----------------------------------------------------------------
Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 2
10/28/2008 12:28:18 AM
mbam-log-2008-10-28 (00-28-17).txt
Scan type: Full Scan (C:\|D:\|E:\|G:\|)
Objects scanned: 147807
Time elapsed: 2 hour(s), 2 minute(s), 59 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 12
Registry Values Infected: 1
Registry Data Items Infected: 6
Folders Infected: 3
Files Infected: 29
Memory Processes Infected:
C:\WINDOWS\system32\uesiuqcr.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Memory Modules Infected:
C:\WINDOWS\system32\smwin32.dll (Trojan.FakeAlert) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{a0442dfa-1f7e-4dce-b75c-a90993d6e7fc} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{268706f0-841c-446a-b757-8c1ef84527dc} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{32fd16dc-537c-4186-9bd6-c718a308342b} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32fd16dc-537c-4186-9bd6-c718a308342b} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{27861bda-a645-491d-8599-dcab5969dc34} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4cf05127-d66d-4125-b2d9-15909b83842a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{475a8380-dc57-448b-8d9f-5600df0a8476} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\getsn32.msiesn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smwin32.mdr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Desktop) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: msansspc.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\uesiuqcr.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\uesiuqcr.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\GetPack (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\iCheck\iCheck.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\GetPack\dictame.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetPack\GetPack23.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetPack\trgtame.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msansspc.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpv934.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\getsn32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smwin32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wini10803.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uesiuqcr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\DominiqueS\~.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSdxgp.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSihys.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSkrxx.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSnmxh.log (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSnpur.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSoitu.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSwubs.log (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSyaqu.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\TDSSmxfe.sys (Rootkit.Agent) -> Delete on reboot.
-----------------------------------------------------------------
It asked me to reboot, so I said Yes.
It took a while to reboot, but at least it looked liked my internet connection was working. I say that because the my anti virus software (AVG) finally got a connection and uploaded updates to it's data base.
Also the background stayed the same, and neither of the two system tray icons showed up and no other pop ups showed up. So that part seemed to have gone OK.
STEP 2
Copied ComboFix.exe from USB Drive to desktop.
Stopped Anti Virus Software (AVG)
Double clicked on ComboFixe.exe
Seemed to start up ok, then asked to install Microsoft Windows Recovery Console.
:oops:
Received a BSOD (Blue Screen of Death) with a STOP COLD error, but didn't catch the number (wasn't up there for very long )
The system rebooted by itself.:thud:
Upon Reboot, received another BSOD with the error Process1_initializing failed error and it shut down.:thud:
Upon turning it back on I got a STOP Error x 6something, again it flashed off very quickly (not even sure it wrote a dump file) :thud:
[note to self: set autoreboot on system stop to off next time the system is up and running]
Attempted Safe Mode reboot: Showed Windows load screen for about 3 seconds then automatic shutdown.:thud:
Attempted Last known good configuration startup: Showed Windows load screen for about 1.5 seconds, then automatic shutdown.:thud:
-----------------------------------------------------------------
I thinking I should not have installed the Recovery Console...but this may just be a coincidence.
Note:
I do have a Windows XP SP2 install disk that has the Recovery Console on it. I also have a bootable disc with Puppy Linix on it (Great for pulling files off of systems that won't boot.)
Both of these disc were used successfully to boot the system BEFORE I started this thread.
Ok, so now I have a system that seems to have three of the visible problems fixed, but it doesn't boot. (Hopefully the multiple reboots I performed didn't do anymore damage.)
I look forward to your next set of instructions. And Again, thank you for your help!
Dave
I also have a bootable disc with Puppy Linix on it (Great for pulling files off of systems that won't boot.)
That may come in handy :cool:
We need to see the contents of the following
C:\combofix.txt
C:\qoobox (entire folder)
If you can get those off the machine, please upload them to the following site
Please put them in one zip folder if you can
(if not let me know before you upload)
Please open LINK >>> THIS PAGE (http://www.bleepingcomputer.com/submit-malware.php?channel=4) <<<LINK in a new window.
In the box marked Link to topic where this file was requested: please put this text
http://forums.spybot.info/showthread.php?p=247564#post247564( highlite the contents of the code box then press CTRL+C, then go to the new page click in the Topic box and press CTRL+V )
Now click browse and navigate to the .zip file and select it
In the Largest box please put
File Requested By Katana
Logs from failed CF run
Finally click SendFile
Hi Katana,
Thanks again for your help.
Well again I think it is a Good News/Bad News/Good News situation.... but only you will tell ;)
Good News
I was able to boot the system using the Puppy Linix DVD and copy the c:\qoobox directory to a USB drive.
Bad News(??)
There was no c:\combofix.txt file.
Good News
I Zipped up the directory and posted it as requested. The file name I zipped the directory to is: Qoobox_post247564.zip
Hopefully you will have good news for me :)
Dave
Looking at the contents of Qoobox, it looks as if ComboFix barely got started on its run.
Please use your CD to boot to Recovery Console and do the following
type LISTSVC to list down all services.
Look for Services named as TDSSxxxx where x is a random letter
They will look something like these
TDSSdxgp
TDSSihys
TDSSkrxx
Note down the names of any you find.
Then for each service name, run the command ...
DISABLE TDSSxxxx ..
When they have all been disabled, type Exit
Hopefully, your machine should reboot normally
Please Sir, :D:
Could you also upload these folders as well
C:\ComboFix\
C:\Windows\ERDNT\HIV-BACKUP\
:sick: That's how I feel right now.
I am able to boot with the windows install disk, but it is not working as it did before.
Now I am able to get to the Windows installation selection mene, I select the C: drive (the E: drive is HP's "image restore drive" that restores the system back to the "factory out of the box got to update everything and delete all the garbage crapware" system).
I am able to type LISTSVC and one page is displayed with a message at the bottom of the screen, then the system power downs.
If I don't type LISTSVC quickly, the system power downs.
Sounds like something is getting loaded into memory (????).
Please, please, please tell me all is not lost....
Dave
P.S. I have to go and get my sone from school right now, I'll be back in about an hour
If you are booting from the install disc, then it is not malware that is causing the problem.
It may be that something is overheating and causing the crash.
Try leaving the laptop switched off until it cools down completely, and if you have a fan then use it when you turn it back on.
Hi Again Katana,
Thanks for being so patient with me....
I am uploading the second set of files requested ComboFix and Hiv-Backup as I type this. About 21 MB in size.
I took a can of air and blew out the dust bunnies from the fan and restarted the machine. (at least now it looks like the fan is turning, don't know about before.)
Only one TDSS file (instructions from post #6) was shown: TDSSserve.sys
I used the Disable command on it.
Now however, every type of reboot to windows results in a BSOD with error:
Process1_Initialization_Failed with a Boot Error Code of x0000006b (hopefully go the right number of zeros in front there.)
Same for normal and safe mode.
Was able to boot to Linix and stored of the above files as requested.
Just informed that the upload of the zip file failed. File was probably too big so I split it into 10MB size there are now three parts to the file (Split was performed using WinZip.)
Now it looks lik3 10MB is also too big... :pullinghair:
Are there any specific files you need from the directories? ComboFix is about 20MB and Hiv-Backup is about 35MB.
Dave
Hiv-Backup is the most important, but just let me check with the developer.
I await your reply on the files to send.
In the mean time, should I attempt a Repair Install of Windows to get past the Process1_Initialization_Failed BOSD problem? or did I disable the wrong TDSSxxxx file when I disabled TDSSserve.sys?
I humbly await your reply.
Sorry for the delay, I fell asleep :red:
The TDSSxxxx you disabled was correct, unfortunately this piece of dross is fairly new and doesn't like being removed.
Please don't do a repair install yet, we may still be able to save it.
If you can upload te following files, sUBs (the developer ) should be able to tell what happened.
ComboFix/CF-RC.txt
ComboFix/ForeignC00
ComboFix/ForeignA.dat
ComboFix/Foreign.dat
ComboFix/CregC_.dat
ComboFix/CregC.dat
Hiv-backup/system
Windir.dat
zip them all into one folder again please.
Oh, and thank you for your patience :)
Sleep??? Sleep??? How could you possibly Sleep at a time like this?????
<BIG GRIN>
I understand completely. I help on other boards with other kinds of problems and it is all volunteer. All you will probably get out of this is my undying gratitude (unless you prefer chocolates). LOL
Anyway.... I have uploaded the files requested in Post 13. It Worked!
The file name is: ComboFix_Post247564_13.zip
There might be a few "extra files" ones with names close to the ones you requested. They were small so I just grabbed them all.
AND.... I was able to store off a copy of my daughter's paper onto the USB drive. So at least she can work on the "family" computer and get that done before it is due. (of course she can't listen to her music because that is still on the one with the problem.)
Thank you again, and to sUBs for going the extra mile with this one.
Dave
P.S. I wasn't kidding about the chocolates, (When this is all fixed!) :D:
Linus12, I need you to check out something for me.
Please boot to the Recovery Console.
At the command prompt, type each of the numbered lines of commands.
1) CD C:\Windows\System32
2) DIR ntdll.dll*
2008-04-14 05:41 706,048 ntdll.dll
2008-04-14 05:41 706,048 ntdll.dll.vir
At this juncture, if you see something like the above, go to Step #4
If you see just a solitary line like below, go to Step #3
2008-04-14 05:41 706,048 ntdll.dll.vir
3) COPY ntdll.dll.vir ntdll.dll
4) EXIT
Kindly let us know if that allows you to boot into Windows
Hi sUBs (and Kantana)
You hit the dll on the head. the ntdll.dll was missing!
While the dates and sizes were slightly different, I copied the "ntdll.dll.vir" version to ntdll.dll and I have successfully rebooted into windows. :2thumb:
Checkdsk attempted to run, but I canceled it for now.
At this point the system is up, with my normal background, and "extra" items in the system tray. However it doesn't look like ComboFix is running.
I await your next commands :bow: :bow:
NTDLL.dll is a critical System file. ComboFix attacked it because it detected something amissed with the file.
I would like a closer peek at the file. Please upload that copy of NTDLL.dll to this website > http://www.bleepingcomputer.com/submit-malware.php?channel=4
Do not run ComboFix again as it shall attack the same NTDLL.dll. Well, not unless you download the latest version of ComboFix which I have just added another safety check.
Ok, will do. But I need to run and pick my daughter up from school. I'll be back in about 2 hours maybe 2 1/2 hours. Thanks for the quick response. I'll upload as soon as I get back.
I understand if you want to get some sleep or have better things to do than wait around for me right now.
Thank you again,
Dave
C:\WINDOWS\system32\av.dat
C:\WINDOWS\system32\TDSSmtpe.dat
The above are malware files that needs to be deleted. You can do that manually. They wont resist deletion.
Hi sUBs,
I've uploaded the ntdll.dll file as requested in Post #17.
I will delete the two files as requested, I assume by your comment about them "not resisting" that I can do this in windows?
Should I download an updated version of CF to run? or wait for you to finish looking at ntdll.dll ?
I assume that Katana will want to continue the removal process once this gets sorted out.
Thanks again,
Dave
P.S. Sorry for the delay, but my daughter wanted to go look for a Holloween costume. Even though she already had one picked out! :hair: Oh the joys of being a parent of a 14 year old! :D: I do love her dearly....
Hi Linus,
Big thanks to sUBs for the assistance,
We won't use Combofix again for the minute, but let's get a couple of other scans to see where we are up to ...
Download and Run RSIT
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
PS. I know what kids are like, I have a Daughter of 20 and a Son of 15 :sick:
Hi Katana,
I am posting the two files from RSIT. I'm using two posts because when I try to combine them, the website times out.
The Kaspersky Online Scanner is still downloading the the data base files and if the scan is done at the same speed, it may take awhile.
RSIT.exe files
log.txt
Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-10-30 11:40:49
Microsoft Windows XP Professional Service Pack 2
System drive C: has 74 GB (71%) free of 104 GB
Total RAM: 1023 MB (65% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1157594204.job
C:\WINDOWS\tasks\Symantec NetDetect.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-03-20 803864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2005-10-07 140912]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-03-20 803864]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-07 2055960]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-09-27 7585792]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-09-27 86016]
"nwiz"=nwiz.exe /installquiet /nodetect []
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-06-02 135168]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-29 1234712]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-04 158208]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\brastk]
brastk.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-09-17 52848]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2006-05-30 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetModule25]
C:\Program Files\GetModule\GetModule25.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetPack23]
C:\Program Files\GetPack\GetPack23.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-05-03 458752]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
c:\Program Files\Norton Internet Security\cfgwiz.exe [2005-09-30 120464]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2004-10-21 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
regsvr32 /s mqrt.dll []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
C:\Program Files\Norton Ghost\Agent\GhostTray.exe [2005-09-09 1537648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-06-02 135168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
C:\Program Files\HP\QuickPlay\QPService.exe [2006-06-21 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\Windows\CREATOR\Remind_XP.exe [2006-02-09 643072]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [2004-11-02 218240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-31 761946]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-06-07 4670968]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^StartUp^Vongo Tray.lnk]
C:\PROGRA~1\Vongo\Tray.exe [2006-05-09 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2005-09-24 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^DominiqueS^Start Menu^Programs^StartUp^Picture Motion Browser Media Check Tool.lnk]
C:\PROGRA~1\Sony\SONYPI~1\VOLUME~1\SPUVOL~1.EXE [2006-12-06 344064]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^DominiqueS^Start Menu^Programs^StartUp^Vongo Tray.lnk]
C:\PROGRA~1\Vongo\Tray.exe [2006-05-09 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2
"SAVScan"=3
"ose"=3
"navapsvc"=2
"comHost"=3
"Bonjour Service"=2
"Norton Ghost"=2
"Vongo Service"=2
"wuauserv"=2
"GEARSecurity"=2
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
hp psc 2000 Series.lnk - C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
hpoddt01.exe.lnk - C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"F:\Temp\InstEng\Setup.exe"="F:\Temp\InstEng\Setup.exe:*:Enabled:Hewlett-Packard Installer"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:Spooler SubSystem App"
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
""=""
"C:\Program Files\Vongo\VongoService.exe"="C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff361189-15d8-11dc-b7f8-0016366f433e}]
shell\AutoRun\command - G:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2008-10-30 11:40:49 ----D---- C:\rsit
2008-10-30 11:40:49 ----D---- C:\Program Files\trend micro
2008-10-28 00:39:58 ----D---- C:\cmdcons
2008-10-28 00:38:43 ----A---- C:\WINDOWS\zip.exe
2008-10-28 00:38:43 ----A---- C:\WINDOWS\VFIND.exe
2008-10-28 00:38:43 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-28 00:38:43 ----A---- C:\WINDOWS\SWSC.exe
2008-10-28 00:38:43 ----A---- C:\WINDOWS\SWREG.exe
2008-10-28 00:38:43 ----A---- C:\WINDOWS\sed.exe
2008-10-28 00:38:43 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-28 00:38:43 ----A---- C:\WINDOWS\grep.exe
2008-10-28 00:38:43 ----A---- C:\WINDOWS\fdsv.exe
2008-10-28 00:38:37 ----D---- C:\WINDOWS\ERDNT
2008-10-28 00:38:37 ----D---- C:\Qoobox
2008-10-28 00:38:36 ----D---- C:\ComboFix
2008-10-28 00:38:36 ----A---- C:\WINDOWS\system32\CF13540.exe
2008-10-27 21:56:20 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-10-27 21:56:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-27 21:56:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-26 22:40:20 ----D---- C:\Documents and Settings\All Users\Application Data\SystemExplorer
2008-10-26 22:40:19 ----D---- C:\Program Files\System Explorer
2008-10-26 21:19:44 ----D---- C:\Program Files\Spybot
2008-10-26 20:57:27 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-26 20:57:27 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-26 19:37:59 ----SHD---- C:\WINDOWS\CSC
======List of files/folders modified in the last 1 months======
2008-10-30 11:40:49 ----D---- C:\WINDOWS\temp
2008-10-30 11:40:49 ----D---- C:\Program Files
2008-10-29 20:29:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-29 20:29:34 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-29 20:29:24 ----D---- C:\WINDOWS\Prefetch
2008-10-29 14:42:33 ----D---- C:\WINDOWS\system32
2008-10-28 00:38:43 ----D---- C:\WINDOWS
2008-10-28 00:31:19 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-10-28 00:31:19 ----D---- C:\WINDOWS\system32\drivers
2008-10-26 22:27:13 ----RASH---- C:\boot.ini
2008-10-26 22:27:13 ----A---- C:\WINDOWS\win.ini
2008-10-26 22:27:13 ----A---- C:\WINDOWS\system.ini
2008-10-26 21:14:39 ----D---- C:\Program Files\Firefox
2008-10-26 21:00:45 ----HD---- C:\$AVG8.VAULT$
2008-10-26 21:00:04 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-26 20:55:54 ----D---- C:\Program Files\Internet Explorer
2008-10-26 19:02:37 ----HD---- C:\WINDOWS\inf
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 36864]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-28 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-07 26824]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 V2IMount;V2IMount; C:\WINDOWS\system32\drivers\V2IMount.sys [2005-09-09 56192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-07 76040]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 SAVRTPEL;SAVRTPEL; \??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS []
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-13 604928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-07-26 581632]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-08-29 990592]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-08-29 208384]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2004-10-21 24671]
R3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2004-10-21 38691]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2004-10-21 71535]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-09-27 3694656]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-02 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-02 13056]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-05 11136]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-15 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-31 51584]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-31 308992]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-31 193056]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-04-19 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-08-29 728576]
R3 winknl32;winknl32; C:\WINDOWS\system32\drivers\winknl32.sys [2005-11-28 5523]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-12 57320]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060514.008\NAVENG.Sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060514.008\NavEx15.Sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SAVRT;SAVRT; \??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-04-19 20608]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2005-10-13 874240]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-28 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-28 231704]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-09-17 192112]
R2 ccProxy;Symantec Network Proxy; c:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2005-09-17 202352]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-09-17 169584]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-03-23 73728]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2004-08-04 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2004-08-04 117248]
R2 NSCService;Norton Protection Center Service; C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE [2005-09-24 749696]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-09-27 143426]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-05-08 98304]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 ccISPwdSvc;Symantec Internet Security Password Validation; c:\Program Files\Norton Internet Security\ccPwdSvc.exe [2005-10-13 72280]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-12-13 79472]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 SNDSrvc;Symantec Network Drivers Service; c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-09-19 214672]
S3 SPBBCSvc;Symantec SPBBCSvc; c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-09-15 1160800]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 comHost;COM Host; c:\Program Files\Norton Internet Security\comHost.exe [2005-10-23 45696]
S4 GEARSecurity;GEARSecurity; C:\WINDOWS\System32\GEARSec.exe [2005-09-09 53248]
S4 navapsvc;Norton AntiVirus Auto-Protect Service; c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [2005-10-07 133744]
S4 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2005-09-09 2066024]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 SAVScan;Symantec AVScan; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [2005-08-26 198368]
S4 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2006-07-19 1119888]
S4 Vongo Service;Vongo Service; C:\Program Files\Vongo\VongoService.exe [2006-05-09 176128]
-----------------EOF-----------------
Here's the second of the RSIT files:
RSIT.exe files
info.txt
info.txt logfile of random's system information tool 1.04 2008-10-30 11:40:52
======Uninstall list======
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
5 Card Slingo from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\5DE4D54F-AA79-43A4-9C8A-C173E7E2B025\Uninstall.exe"
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\6E377D95-DF37-4E67-B64B-68C314600BCB\Uninstall.exe"
Big Kahuna Reef from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\7948472C-423F-4134-B68F-48D660A05D71\Uninstall.exe"
Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\384E0BF4-1E1F-45A6-B60E-42144A3F15CD\Uninstall.exe"
Blasterball 2 from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\9F3399B2-9ED6-4339-84A2-686432638B86\Uninstall.exe"
Boggle Supreme from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\5658FB14-16A4-4DAE-946B-1457BE31572E\Uninstall.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Bookworm Deluxe from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B0769D17-E72A-4E87-A83F-1F7A3F080008\Uninstall.exe"
Bounce Symphony from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\7A940E33-6993-404B-ABA6-ED62E8FBE615\Uninstall.exe"
Canon Utilities File Viewer Utility 1.2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{EF0DD8B7-471C-463B-A298-6066C2FABAF5}
Canon Utilities RemoteCapture 2.7-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}
CC_ccProxyExt-->MsiExec.exe /I{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}
ccCommon-->MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
ccPxyCore-->MsiExec.exe /I{30738666-9805-4926-A78F-91DA33B6C437}
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\382C11F0-1A18-4F76-B8E0-15CA7F209C22\Uninstall.exe"
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IAt8VEN5a.inf
Crystal Maze from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2\Uninstall.exe"
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
FATE from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89\Uninstall.exe"
Final Drive Nitro from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\320F055A-570F-4335-B026-16A836DB9549\Uninstall.exe"
Flip Words from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\F2566CC2-D4C4-44ED-A838-3F8288D8D3FE\Uninstall.exe"
Hard Disk Scrubber v2.1-->"C:\Program Files\HDSCRUB\unins000.exe"
Hotfix for Windows XP (KB896256)-->"C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB909095)-->"C:\WINDOWS\$NtUninstallKB909095$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB910728)-->"C:\WINDOWS\$NtUninstallKB910728$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB912436)-->"C:\WINDOWS\$NtUninstallKB912436$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914906)-->"C:\WINDOWS\$NtUninstallKB914906$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915326)-->"C:\WINDOWS\$NtUninstallKB915326$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB918005)-->"C:\WINDOWS\$NtUninstallKB918005$\spuninst\spuninst.exe"
HP Color LaserJet 3800-->"C:\Program Files\Hewlett-Packard\Install Engines\HP Color LaserJet 3800\setup.exe" /x
HP Color LaserJet 3800-->msiexec /x{4D5795B4-76AC-473B-82DA-0AE6CBB4BD8C}
HP Game Console and games-->C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - hp psc 2200 series-->C:\Program Files\HP\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
HP Photosmart Premier Software 6.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
hp psc 2200 series-->MsiExec.exe /X{913DA816-E8E4-4467-8D22-E2DF5DBF04E4}
HP Quick Launch Buttons 6.10 A1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
HP QuickPlay 2.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Rhapsody-->C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guides 0032-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E276E05A-FFE8-485B-A005-42E76EA72AC4}\Setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 G2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
Icemark Screen Saver-->C:\WINDOWS\system32\Icemark.scr /u
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\0E5266B4-9069-401A-93AE-5FF9F1712016\Uninstall.exe"
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jewel Quest from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\4C061F83-EE92-445A-A03F-184B0BD59242\Uninstall.exe"
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E90E3AE9-73E4-4E5C-BB0F-673989A808D0\Uninstall.exe"
Lexibox Deluxe from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\5758A0E8-A112-4A1D-82EC-EC72F7F16B88\Uninstall.exe"
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSETUP.EXE /REMOVE
LiveUpdate 2.7 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech SetPoint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9
LView Pro Full Version-->C:\Program Files\LView Pro 285\LVUninst.exe
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player-->MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
Mah Jong Quest from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E76A7EFF-7758-49EE-B3FA-9699830A2D6B\Uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.17)-->C:\PROGRA~1\Firefox\uninstall\helper.exe
Mozilla Firefox (2.0.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
muvee autoProducer 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB09F05F-85C6-4205-B28D-5BF071D276C3}\setup.exe" -l0x9
Nancy Drew: Danger by Design-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\ND\Danger by Design\setup.exe" -l0x9
Nancy Drew: Secrets Can Kill-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ND\Secrets Can Kill\Uninst.isu"
Nancy Drew: The Creature of Kapu Cave-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Nancy Drew\The Creature of Kapu Cave\setup.exe" -l0x9
Nancy Drew: The Final Scene-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Nancy Drew\The Final Scene\setup.exe"
Netscape Browser (remove only)-->"C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Norton AntiSpam-->MsiExec.exe /I{5677563D-0CB1-485F-9E18-C5025306BB3F}
Norton AntiVirus 2006-->MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Ghost 10.0-->MsiExec.exe /X{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}
Norton Internet Security 2006 (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe" /X
Norton Internet Security-->MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security-->MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security-->MsiExec.exe /I{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}
Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security-->MsiExec.exe /I{FFB4DD53-28B7-4981-BFF0-9BD801F61095}
Norton Protection Center-->MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
Norton WMI Update-->MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update-->MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Oasis from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E332F38A-75F6-4EF2-88CC-246E8A1CB5D7\Uninstall.exe"
Polar Bowler from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54\Uninstall.exe"
Polar Golfer from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\D2E44AA4-8665-4490-A6C9-2D0744B47B27\Uninstall.exe"
Puzzle Express from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\EF860173-4FB7-4DE1-8BE8-5400F05A0DC5\Uninstall.exe"
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
SCRABBLE from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\103EFD47-9F2C-4490-95DD-AE6C442AFB92\Uninstall.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Slingo Deluxe from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\C264D692-8E15-4141-96A2-5621332E5DD0\Uninstall.exe"
Slyder from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B0202B33-E73D-4FCD-AC88-0B2971AFC116\Uninstall.exe"
SmartAudio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}\setup.exe" -l0x9 -removeonly
Snowboard SuperJam-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\DED8E2B5-BA9F-448F-84E8-0AEF79876F95\Uninstall.exe"
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m\HXFSETUP.EXE -U -IAt8VEN5m.inf
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony Picture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy-->"C:\Program Files\Spybot\unins000.exe"
Super Granny from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\7ED8A70C-9597-40BE-AEA0-0573182F1F51\Uninstall.exe"
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Terrapin Logo (remove only)-->"C:\Program Files\Terrapin\Terrapin Logo\Uninstall Terrapin Logo.exe"
The Sims™ 2 Deluxe-->C:\Program Files\EA GAMES\Sims2\DeluxeEdition\EAUninstall.exe
ThumbsPlus version 7.0sp1-->C:\PROGRA~1\Thumbs7\UNWISE.EXE C:\PROGRA~1\Thumbs7\INSTALL.LOG
Tradewinds from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86\Uninstall.exe"
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
UHS Reader (Version 4.6)-->C:\PROGRA~1\UHS\UNWISE.EXE C:\PROGRA~1\UHS\INSTALL.LOG
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Vongo-->MsiExec.exe /I{DB7E00C9-6DEF-489A-8112-D8F81614F45A}
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_9EA6D2FA46FEFFB7011ED0B6015B626D07F1EEF7\amdk8.inf
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB884575-->C:\WINDOWS\$NtUninstallKB884575$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885464-->C:\WINDOWS\$NtUninstallKB885464$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885855-->C:\WINDOWS\$NtUninstallKB885855$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888239-->C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB888402-->C:\WINDOWS\$NtUninstallKB888402$\spuninst\spuninst.exe
Windows XP Hotfix - KB889673-->C:\WINDOWS\$NtUninstallKB889673$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB892559-->"C:\WINDOWS\$NtUninstallKB892559$\spuninst\spuninst.exe"
Winx Club-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14CB43A6-27F8-4F6A-A755-782ABD04B0EA}\setup.exe" -l0x9
Wireless Home Network Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\Setup.exe" -l0x9 -removeonly
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zed 3-->"C:\Program Files\ZED3\unins000.exe"
Zuma Deluxe from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\074EEF5F-3BE8-4112-B253-C5D6CDE2924C\Uninstall.exe"
======Security center information======
AV: AVG Anti-Virus Free
AV: Norton Internet Security 2006
FW: Norton Internet Security 2006
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4802
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"PCTYPE"=PAVILION
"PLATFORM"=MCD
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
-----------------EOF-----------------
I'll post the online scan results as soon as they are available.
Kaspersky Online Scanner
Scan Results
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, October 30, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, October 30, 2008 18:52:05
Records in database: 1361872
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
Scan statistics:
Files scanned: 95087
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:45:09
File name / Threat name / Threats count
C:\WINDOWS\system32\av.dat Infected: Backdoor.Win32.UltimateDefender.gfi 1
The selected area was scanned.
Opps! That was one of the two files that sUBs told me to delete. Well I deleted it now!
How brave are you feeling ?
We would like you to run Combofix again (the updated version)
If you would prefer not to, it is perfectly understandable.
If you feel up to it, please do the following (if not, just say "not today thanks" :) )
Please delete the copy of ComboFix that you have and download an updated copy from one of the links below
Please visit this webpage for instructions on using ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
ComboFix.exe 1 (http://subs.geekstogo.com/ComboFix.exe)
ComboFix.exe 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
ComboFix.exe 3 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
ComboFix SHOULD NOT be used unless requested by a forum helper
je je je (which my wife's way of saying ha ha ha in spanish)
I guess I feel pretty brave... I'll download the file and run it in the next hour or so. Since the system is currently up and running, and not showing any popups and I seem to be able to get some internet connectivity, I feel better about it.
(remember the first time also wouldn't download any updates because the internet connection was hosed).
I'll post back the results.
Dave
:bigthumb: ComboFix ran!
Of course the reboot in the middle of the process gave me a bit of fright!
Here's the log file:
ComboFix 08-10-30.09 - Administrator 2008-10-30 20:58:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.666 [GMT -7:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\wiaservv.log
E:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-31 )))))))))))))))))))))))))))))))
.
2008-10-30 11:40 . 2008-10-30 11:40 <DIR> d-------- C:\rsit
2008-10-30 11:40 . 2008-10-30 11:40 <DIR> d-------- C:\Program Files\trend micro
2008-10-27 21:56 . 2008-10-27 21:56 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-27 21:56 . 2008-10-27 21:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-27 21:56 . 2008-10-27 21:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-10-27 21:56 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-27 21:56 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-26 22:40 . 2008-10-26 22:40 <DIR> d-------- C:\Program Files\System Explorer
2008-10-26 22:40 . 2008-10-26 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SystemExplorer
2008-10-26 21:19 . 2008-10-26 21:19 <DIR> d-------- C:\Program Files\Spybot
2008-10-26 20:57 . 2008-10-26 21:02 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-26 20:57 . 2008-10-26 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-26 18:29 . 2008-10-26 18:29 <DIR> d--hs---- C:\WINDOWS\system32\config\systemprofile\Temporary Internet Files
2008-10-26 18:29 . 2008-10-26 18:29 <DIR> d--hs---- C:\WINDOWS\system32\config\systemprofile\History
2008-09-27 18:43 . 2008-09-27 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-27 18:41 . 2008-09-27 18:41 <DIR> d-------- C:\Program Files\Bonjour
2008-09-27 18:36 . 2008-09-27 18:40 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-27 18:36 . 2008-09-27 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-30 18:53 --------- d-----w C:\Program Files\Firefox
2008-10-27 04:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-09-28 01:44 --------- d-----w C:\Program Files\iTunes
2008-09-28 01:43 --------- d-----w C:\Program Files\iPod
2008-09-28 01:41 --------- d-----w C:\Program Files\QuickTime
2008-09-28 01:37 --------- d-----w C:\Program Files\Apple Software Update
2008-08-29 17:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 16:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-29 02:13 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-07 23:12 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-09-27 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-09-27 86016]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-02 135168]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"nwiz"="nwiz.exe" [2006-09-27 C:\WINDOWS\system32\nwiz.exe]
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-05-09 73728]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe [2003-04-09 323646]
hpoddt01.exe.lnk - C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe [2003-04-09 28672]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2006-09-06 581632]
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^StartUp^Vongo Tray.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Vongo Tray.lnk
backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^DominiqueS^Start Menu^Programs^StartUp^Picture Motion Browser Media Check Tool.lnk]
path=C:\Documents and Settings\DominiqueS\Start Menu\Programs\StartUp\Picture Motion Browser Media Check Tool.lnk
backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^DominiqueS^Start Menu^Programs^StartUp^Vongo Tray.lnk]
path=C:\Documents and Settings\DominiqueS\Start Menu\Programs\StartUp\Vongo Tray.lnk
backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2005-09-17 07:27 52848 c:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2006-05-30 16:02 40960 C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2006-05-03 22:58 458752 C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
--a------ 2005-09-30 05:33 120464 c:\Program Files\Norton Internet Security\CfgWiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 16:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 16:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
--a------ 2005-09-09 19:09 1537648 C:\Program Files\Norton Ghost\Agent\GhostTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2006-06-02 15:21 135168 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2006-06-21 21:54 102400 C:\Program Files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
--------- 2005-10-11 10:23 1187840 C:\WINDOWS\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--------- 2006-02-09 09:52 643072 C:\WINDOWS\CREATOR\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
--a------ 2004-11-02 23:59 218240 c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 21:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-03-31 22:01 761946 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-06-07 14:08 4670968 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2004-10-21 13:28 29696 C:\WINDOWS\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
--a------ 2004-08-04 14:00 177152 C:\WINDOWS\system32\mqrt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2 (0x2)
"SAVScan"=3 (0x3)
"ose"=3 (0x3)
"navapsvc"=2 (0x2)
"comHost"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Norton Ghost"=2 (0x2)
"Vongo Service"=2 (0x2)
"wuauserv"=2 (0x2)
"GEARSecurity"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\spoolsv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-28 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-28 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-28 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-07 76040]
R3 winknl32;winknl32;C:\WINDOWS\system32\drivers\winknl32.sys [2005-11-28 5523]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff361189-15d8-11dc-b7f8-0016366f433e}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2008-08-19 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2006-12-11 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1157594204.job
- C:\Program Files\HP\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 17:56]
2006-07-20 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2005-09-09 14:21]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-GetModule25 - C:\Program Files\GetModule\GetModule25.exe
MSConfigStartUp-GetPack23 - C:\Program Files\GetPack\GetPack23.exe
MSConfigStartUp-brastk - brastk.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bws6m38b.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 21:03:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.exe
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\HP\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Completion time: 2008-10-30 21:05:49 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-10-31 04:05:44
Pre-Run: 77,811,904,512 bytes free
Post-Run: 77,819,658,240 bytes free
227
Thanks for hanging in there with me, Katana!! :bigthumb: :bigthumb:
Thanks for hanging in there with me, Katana!! :bigthumb: :bigthumb:
Actually, we should be thanking you :bigthumb:
OK, that log looks fine. How are things running now, any problems still ?
If I remember correctly, when you installed MalwareBytes it couldn't update ?
It is worth running it again now with a fresh set of updates.
Malwarebytes' Anti-Malware
Start MalwareBytes AntiMalware
Update Malwarebytes' Anti-Malware
Select the Update tab
Click Update
When the update is complete, select the Scanner tab
Select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Hi Katana,
Sorry for the delay, my kids had a party last night and we finally finished cleaning up and got all the Holloween decorations down!
Here's the log file from the latest run.
Malwarebytes' Anti-Malware 1.30
Database version: 1345
Windows 5.1.2600 Service Pack 2
2008-10-31 22:00:36
mbam-log-2008-10-31 (22-00-36).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 149548
Time elapsed: 2 hour(s), 10 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 9
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msconfig (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\DominiqueS\Application Data\Facegame (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\DominiqueS\Application Data\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\DominiqueS\Local Settings\Temp\3nick568.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\DominiqueS\Temporary Internet Files\Content.IE5\DX4TE261\KB908678[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\DominiqueS\Temporary Internet Files\Content.IE5\MFFUE0IU\3nick568[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\DominiqueS\Application Data\GetModule\dicik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\DominiqueS\Application Data\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\DominiqueS\Application Data\GetModule\ofadik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\DominiqueS\Local Settings\Temp\TDSSed68.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\DominiqueS\Local Settings\Temp\TDSSed87.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Let me know. System seems to be running ok, but then I haven't let my daughter on it since the I took over.
Time to let her run again?
Dave
Actually, I've spotted another file that I would like to take a look at
Upload a File
Download suspicious file packer from here (http://www.safer-networking.org/files/sfp.zip)
Unzip it to desktop, open it & paste in the list of files below, press next & it will create an archive (zip/cab file) on desktop
C:\WINDOWS\system32\drivers\winknl32.sys
Go to spykiller (http://thespykiller.co.uk/index.php?board=1.0)
Please start a new thread Titled File/s for Katana and give the following information
Name:-- Your name
E-mail:-- Your E-mail (this is confidential and will not be displayed)
Subject:-- File for Katana
In the main text window please put the following link
http://forums.spybot.info/showthread.php?p=248947#post248947
you may also add any comments you wish
then press attach and upload the zip/cab file that was created.
Files can be uploaded by anybody but not downloaded at all except for those users that have been given special permissions.
You DO NOT need to be a member to upload, anybody can upload the files
Please post back with the link to your Spykiller thread.
Let's run one more scan to be certain.
Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan (http://www.pandasecurity.com/activescan/index/) << LINK
Click the Scan Now button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small Save button and save the report to your desktop.
Please post the report in your reply.
Hi Katana,
Actually, I know about that one.
If that's the only concern then I think we are ok. But I'll run the on-line scan and report back to you.
Thanks again for your help,
Dave
Hi Again,
Here's the ActiveScan report:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-11-02 10:38:40
PROTECTIONS: 2
MALWARE: 13
SUSPECTS: 6
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free 8.0 Yes Yes
Norton Internet Security 2006 2006 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\DominiqueS\Cookies\dominiques@azjmp[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\DominiqueS\Cookies\dominiques@apmebf[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\DominiqueS\Cookies\dominiques@media.adrevolver[3].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\DominiqueS\Cookies\dominiques@ads.pointroll[1].txt
00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\DominiqueS\Cookies\dominiques@phg.hitbox[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\DominiqueS\Cookies\dominiques@go[2].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\DominiqueS\Cookies\dominiques@ads.addynamix[1].txt
00377802 Spyware/PeoplePC Spyware No 0 Yes No C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL
00431641 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP410\A0030893.exe
00431641 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP410\A0030892.exe
00431641 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP409\A0026882.exe
00431641 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP410\A0026883.exe
00431641 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP410\A0026884.exe
00431641 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP410\A0026885.exe
00431641 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP410\A0026886.exe
00431641 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP410\A0028885.exe
00431641 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP410\A0028886.exe
00431641 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP410\A0029885.exe
00431641 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP410\A0029886.exe
00431641 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP410\A0030885.exe
00431641 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP410\A0030886.exe
00431641 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP410\A0030887.exe
00431641 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP410\A0030888.exe
00431641 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP410\A0030889.exe
00431641 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP410\A0030890.exe
00431641 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP410\A0030891.exe
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP414\A0031996.EXE
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\DominiqueS\Cookies\dominiques@adserver.easyad[1].txt
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{02AB5DEF-1097-4711-A644-97E93C8F5D09}\RP414\A0031980.sys
02897073 Cookie/Revenue TrackingCookie No 0 Yes No C:\Documents and Settings\DominiqueS\Cookies\dominiques@adsrevenue[1].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location �
;===================================================================================================================================================================================
No C:\Documents and Settings\Administrator\Desktop\ComboFix.exe �
No C:\Documents and Settings\Administrator\Desktop\ComboFix.exe[32788R22FWJFW\psexec.cfexe] �
No C:\Documents and Settings\Administrator\Desktop\ComboFix.exe[32788R22FWJFW\psexec.cfexe] �
No C:\Documents and Settings\Administrator\Desktop\ComboFix.exe[32788R22FWJFW\psexec.cfexe] �
No C:\Program Files\Online Services\Vonage\Xtras\regxtra121.x32 �
No C:\Program Files\WildTangent\Apps\GameChannel\Games\103EFD47-9F2C-4490-95DD-AE6C442AFB92\Scrabble-WT.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description �
;===================================================================================================================================================================================
184380 MEDIUM MS08-002 �
184379 MEDIUM MS08-001 �
182048 HIGH MS07-069 �
182046 HIGH MS07-067 �
182043 HIGH MS07-064 �
179553 HIGH MS07-061 �
176382 HIGH MS07-057 �
176383 HIGH MS07-058 �
170911 HIGH MS07-050 �
170907 HIGH MS07-046 �
170906 HIGH MS07-045 �
170904 HIGH MS07-043 �
164915 HIGH MS07-035 �
164913 HIGH MS07-033 �
164911 HIGH MS07-031 �
;===================================================================================================================================================================================
What I find a little strange is that "Norton AV" is active. While it came with the PC, it caused so many problems with the games she was playing (installed from purchased CD's) that I thought I got rid of it completely!
I know about the conflicting/dueling AntiVirus ware, which is why I try to have only one at a time. I do have Norton Ghost installed, and try to back up her machine about every 3 months. Not as regular as I would like, but as it takes a full disk image, it's better than nothing. (plus I can get individual files off of it pretty quickly.)
Thanks again,
Dave
Actually, I know about that one. If that's the only concern then I think we are ok
In that case .... Let your daughter loose. :bigthumb:
If you want to make sure you remove all of Norton, they have a removal tool.
Remove Norton
Please click HERE (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2001092114452606&nsf=nav.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=) and follow the instructions to download and run the norton removal tool
Congratulations your logs look clean :)
Let's see if I can help you keep it that way
First lets tidy up
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
You can also delete any logs we have produced, and empty your Recycle bin.
The following is some info to help you stay safe and clean.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html
!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details
AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner
Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections
Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available
Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.
Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep
Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again :D
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm).
A valid, working link to the closed topic is required.