View Full Version : Trojan DNSChanger infects keeps coming back.
Every time I restart after using SpyBotS&D to remove registry viruses they come back. The endless flow of new windows to other sites is more than just annoying. Please help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:52 PM, on 1/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=3448&clcid=0x0409
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210731520474
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210732730838
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 10198 bytes
pskelley
2009-01-18, 13:54
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
Make sure you read and follow the directions, anything else will slow the process and waste both of our time. I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
The junk can be tough to remove, so do not expect fast or easy.
I apologize for the wait, volunteers are swamped at all forums with infected computers. If you have resolved your issues, please post to let me know so I can close this topic.
If you still need help, and you have read and followed the "Before you Post" directions, post a new HJT log since it has been five days, and I will take a look, please describe any recent symptoms.
Bob, sorry about your problems and the wait. There is nothing showing in the HJT log, so the junk is hidden. If you have not resolved the issues, post a fresh HJT log and I will do all I can to help. Could you also tell me also if you are using a router.
Thanks...Phil
Hi Phil.
Thanks for your response and help. The problem still exists and I have not done anything to try and fix it since my first post. I could not download Erunt from the link you provided but I did download it off Downloads.com (Cnet) and successfully ran the program.
The symptoms I have been experiencing are pop-ups that keep being re-directed from one site to the next whenever I open a new page, I am unable to update AVG, and it seems some security sites (like the Softpedia link you provided give me a 404 code when I click to download) yet on another un-infected computer there is no problem with downloading using the link youi provided.
When I first became aware of the infection I ran SpyBot S&D and removed the infected files and they remained gone until I restarted the computer; then they come back.
Here is the fresh HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:07 AM, on 1/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=3448&clcid=0x0409
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210731520474
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210732730838
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 10233 bytes
Thanks for your help.
Bob
By the way, I do use a DSL modem with a LinkSys WRT54GS wireless router.
Bob
pskelley
2009-01-19, 19:26
Thanks for the feedback, start by having a look at this information:
http://blog.washingtonpost.com/securityfix/2008/06/malware_silently_alters_wirele_1.html
Let's have combofix take a look for us first, follow the directions carefully.
1) Please DO NOT ENABLE Spybot S&D TeaTimer while we work together.
2) A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use
Download ComboFix from here:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://i24.photobucket.com/albums/c30/ken545/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://i24.photobucket.com/albums/c30/ken545/whatnext.jpg
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Tutorial if needed
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
3) Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
Thanks...Phil
Hi Phil.
Read the article and I'll lok into my router setting right after this. I ran Combofix and the log is below. However I did a restart before running a new HJT log and the SpyBot Unistall list. If I shouldn't have restarted before these reports let me know and I'll run things again.
Here's the Combofix log
ComboFix 09-01-19.03 - Debby Gale 2009-01-19 18:01:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.220 [GMT -8:00]
Running from: c:\documents and settings\Debby Gale\Desktop\ComboFix.exe
AV: AVG *On-access scanning disabled* (Outdated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Debby Gale\Application Data\RBRegEx550.dll
c:\documents and settings\Debby Gale\Application Data\RBShell555.dll
c:\windows\system32\_002643_.tmp.dll
.
((((((((((((((((((((((((( Files Created from 2008-12-20 to 2009-01-20 )))))))))))))))))))))))))))))))
.
2009-01-19 09:40 . 2009-01-19 09:40 <DIR> d-------- c:\program files\ERUNT
2009-01-13 18:21 . 2009-01-13 18:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-13 18:21 . 2009-01-13 18:21 <DIR> d-------- c:\documents and settings\Debby Gale\Application Data\Malwarebytes
2009-01-13 18:21 . 2009-01-13 18:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-13 18:21 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-13 18:21 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-06 19:44 . 2009-01-06 20:21 250 --a------ c:\windows\gmer.ini
2009-01-06 19:19 . 2003-09-10 15:53 53,352 --a------ c:\windows\system32\jpicpl32.cpl
2009-01-06 19:07 . 2009-01-06 19:07 100 --a------ c:\windows\wininit.ini
2009-01-06 18:56 . 2009-01-06 18:56 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-06 18:56 . 2009-01-06 18:56 <DIR> d-------- c:\program files\AVG
2009-01-06 18:56 . 2009-01-06 18:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-06 18:56 . 2009-01-06 18:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-01-06 18:56 . 2009-01-06 18:56 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-06 18:54 . 2009-01-06 18:54 <DIR> d-------- c:\program files\Common Files\aolshare
2009-01-06 18:54 . 2009-01-06 18:54 <DIR> d-------- c:\program files\AOL Companion
2009-01-06 18:54 . 2009-01-06 18:54 <DIR> d-------- c:\program files\America Online 9.0
2009-01-06 17:27 . 2009-01-06 18:52 <DIR> d---s---- c:\documents and settings\Administrator
2009-01-06 16:33 . 2009-01-06 18:52 <DIR> d-------- C:\fixwareout
2009-01-05 19:22 . 2009-01-06 18:52 <DIR> d-------- c:\program files\Spyware Doctor
2009-01-05 14:16 . 2009-01-05 14:16 <DIR> d-------- c:\program files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-19 17:35 --------- d-----w c:\documents and settings\Debby Gale\Application Data\HPAppData
2009-01-07 03:27 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-07 03:21 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-07 03:20 --------- d-----w c:\program files\Symantec
2009-01-07 03:19 --------- d-----w c:\program files\Java
2009-01-07 02:54 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-01-05 16:59 --------- d-----w c:\program files\Common Files\AOL
2009-01-05 15:59 --------- d-----w c:\program files\Yahoo!
2008-05-21 01:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051220080519\index.dat
2008-05-21 01:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052020080521\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"="c:\windows\System32\00THotkey.exe" [2003-04-15 19:01 258048]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-08-28 4861952]
"SigmaTel StacMon"="c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2003-08-03 86073]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-01-02 172032]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-30 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-30 614400]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 126976]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2002-10-17 159744]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-05 1234712]
"Ashampoo FireWall"="c:\program files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 3251800]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-09-07 2595480]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-09-07 905056]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-09-07 140568]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"000StTHK"="000StTHK.exe" [2001-06-23 19:28 24576 c:\windows\system32\000StTHK.exe]
"nwiz"="nwiz.exe" [2003-08-28 c:\windows\system32\nwiz.exe]
"TFNF5"="TFNF5.exe" [2003-07-18 c:\windows\system32\TFNF5.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-04-18 c:\windows\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" [2003-09-04 c:\windows\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" [BU]
c:\documents and settings\Debby Gale\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2003-09-11 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 19:42 116040 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 16:12 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=3 (0x3)
"AOL ACS"=2 (0x2)
"TermService"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Toshiba\\ConfigFree\\CFSServ.exe"=
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-05 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-05 76040]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-05 97928]
S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-05 875288]
S4 mrtRate;mrtRate; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5489fe83-b0c9-11dd-a07b-00038a000015}]
\Shell\AutoRun\command - E:\Autorun.exe /run
\Shell\Shell00\Command - E:\Autorun.exe /run
\Shell\Shell01\Command - E:\Autorun.exe /action
\Shell\Shell02\Command - E:\Autorun.exe /uninstall
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5489fe89-b0c9-11dd-a07b-00038a000015}]
\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe
.
Contents of the 'Scheduled Tasks' folder
2008-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-ccRegVfy - c:\program files\Common Files\Symantec Shared\ccRegVfy.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files\Ashampoo\Ashampoo FireWall\spi.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-19 18:04:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\DEBBYG~1\LOCALS~1\Temp\ASFWHide"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(984)
c:\windows\system32\relog_ap.dll
c:\program files\Ashampoo\Ashampoo FireWall\spi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\wanmpsvc.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\Toshiba\TOSHIBA Controls\TFncKy.exe
c:\windows\system32\TPSBattM.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-01-19 18:08:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-20 02:08:00
Pre-Run: 64,522,985,472 bytes free
Post-Run: 64,485,789,696 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
200 --- E O F --- 2008-10-24 15:32:45
Here's the new HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:28 PM, on 1/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=3448&clcid=0x0409
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210731520474
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210732730838
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 9970 bytes
I need to put the Unistall Log on another reply since it put me over the limit.
Here is the Unistall log
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---
2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-09-16 TeaTimer.exe (1.6.3.25)
2008-11-05 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2008-11-04 Includes\Adware.sbi
2008-12-29 Includes\AdwareC.sbi
2008-06-03 Includes\Cookies.sbi
2008-09-02 Includes\Dialer.sbi
2008-09-09 Includes\DialerC.sbi
2008-07-23 Includes\HeavyDuty.sbi
2008-11-18 Includes\Hijackers.sbi
2008-12-22 Includes\HijackersC.sbi
2008-12-09 Includes\Keyloggers.sbi
2008-12-22 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-11-18 Includes\Malware.sbi
2008-12-29 Includes\MalwareC.sbi
2008-12-16 Includes\PUPS.sbi
2008-12-16 Includes\PUPSC.sbi
2007-11-07 Includes\Revision.sbi
2008-06-18 Includes\Security.sbi
2008-12-29 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2008-12-10 Includes\Spyware.sbi
2008-12-10 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti
2008-12-29 Includes\Trojans.sbi
2008-12-29 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
(AddressBook)
Adobe Acrobat 5.0 5.0 (Adobe Acrobat 5.0)
version (major): 5
install location: C:\Program Files\Adobe\Acrobat 5.0
install source: c:\Adobe Acrobat.temp\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com/prodindex/acrobat/main.html
Adobe AIR 1.0.4990 (Adobe AIR)
install location: C:\
uninstall cmd: C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
publisher: Adobe Systems Inc.
Adobe Flash Player 10 ActiveX 10.0.12.36 (Adobe Flash Player ActiveX)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
publisher: Adobe Systems Incorporated
help link: http://www.adobe.com/go/flashplayer_support/
America Online (Choose which version to remove) (America Online us)
uninstall cmd: C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Coach Version 1.0(Build:20030807.3) (AolCoach)
uninstall cmd: C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
Ashampoo FireWall 1.20 1.20 (Ashampoo FireWall_is1)
install date: 20081106
install location: C:\Program Files\Ashampoo\Ashampoo FireWall\
uninstall cmd: "C:\Program Files\Ashampoo\Ashampoo FireWall\unins000.exe"
publisher: ashampoo GmbH & Co. KG
help link: http://www.ashampoo.com/support
AT&T Connection Services Manager (AT&T Connection Services Software)
uninstall cmd: C:\WINDOWS\WNBackup\WnClient62\unwise32.exe /Z /U C:\WINDOWS\WNBackup\WnClient62\install.log "AT&T Connection Services Manager"
AVG Free 8.0 (AVG8Uninstall)
version (major): 8
install location: C:\Program Files\AVG\AVG8
uninstall cmd: C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
publisher: AVG Technologies
Acrobat.com 1.1.377 (com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1)
install location: C:\Program Files\Adobe\Acrobat.com\
uninstall cmd: C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
publisher: Adobe Systems Incorporated
(Connection Manager)
(DirectAnimation)
(DirectDrawEx)
(DXM_Runtime)
ERUNT 1.1j (ERUNT_is1)
install location: C:\Program Files\ERUNT\
uninstall cmd: "C:\Program Files\ERUNT\unins000.exe"
publisher: Lars Hederer
help link: http://www.larshederer.homepage.t-online.de/erunt
(Fontcore)
HijackThis 2.0.2 2.0.2 (HijackThis)
uninstall cmd: "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
publisher: TrendMicro
HP Imaging Device Functions 10.0 10.0 (HP Imaging Device Functions)
uninstall cmd: C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
publisher: HP
help link: http://www.hp.com/support
HP Photosmart Essential 2.5 2.5 (HP Photosmart Essential)
uninstall cmd: C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
publisher: HP
help link: http://www.hp.com/support
HP Smart Web Printing 3.5 (HP Smart Web Printing)
uninstall cmd: C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
publisher: HP
help link: http://www.hp.com/support
HP Solution Center 10.0 10.0 (HP Solution Center & Imaging Support Tools)
uninstall cmd: C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
publisher: HP
help link: http://www.hp.com/support
HP Customer Participation Program 10.0 10.0 (HPExtendedCapabilities)
uninstall cmd: C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
publisher: HP
help link: http://www.hp.com/support
(ICW)
Microsoft Internationalized Domain Names Mitigation APIs (IDNMitigationAPIs)
install date: 20080521
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
(IE40)
(IE4Data)
(IE5BAKEX)
Windows Internet Explorer 7 20070813.185237 (ie7)
install date: 20080521
publisher: Microsoft Corporation
help link: http://www.microsoft.com/ie
(IEData)
(InstallShield Uninstall Information)
Quicken 2003 New User Edition 12.00.0000 (InstallShield_{F61F2821-694C-475F-99AB-6AF2EFDF40FD})
version: 201326592
version (major): 12
estimated size: 70936
install date: 20030910
install source: C:\DRVSTEMP\QUICKE~1\MANUAL\disk1\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F61F2821-694C-475F-99AB-6AF2EFDF40FD} anything
publisher: Intuit
comments: All URL's valid as of October 2001
contact: Customer Support Department
help link: http://www.intuit.com/support/quicken
help telephone: 1-900-555-4932
readme: Readme.txt
(KB884016)
Windows Genuine Advantage Validation Tool (KB892130) (KB892130)
install date: 20080514
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130
(KB893803)
Security Update for Step By Step Interactive Training (KB898458) 20050502.101010 (KB898458)
install date: 20080515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/898458
Security Update for Windows Media Player (KB911564) (KB911564)
install date: 20080515
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564
Security Update for Windows XP (KB913433) (KB913433)
uninstall cmd: C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913433
Security Update for Windows Media Player 9 (KB917734) (KB917734_WMP9)
install date: 20080515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=917734
Security Update for Step By Step Interactive Training (KB923723) 20050502.101010 (KB923723)
install date: 20080518
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/923723
Security Update for Windows Media Player 6.4 (KB925398) (KB925398_WMP64)
install date: 20080518
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=925398
Security Update for Windows Media Player 9 (KB936782) (KB936782_WMP9)
install date: 20080518
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=936782
Security Update for Windows Internet Explorer 7 (KB938127-v2) 2 (KB938127-v2-IE7)
install date: 20080829
uninstall cmd: "C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=938127-v2
Security Update for Windows XP (KB938464) 1 (KB938464)
install date: 20080912
uninstall cmd: "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=938464
Security Update for Windows XP (KB941569) (KB941569)
install date: 20080518
uninstall cmd: "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=941569
Security Update for Windows XP (KB946648) 1 (KB946648)
install date: 20080827
uninstall cmd: "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=946648
Hotfix for Windows Internet Explorer 7 (KB947864) 1 (KB947864-IE7)
install date: 20080522
uninstall cmd: "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=947864
Security Update for Windows Internet Explorer 7 (KB950759) 1 (KB950759-IE7)
install date: 20080628
uninstall cmd: "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=950759
Security Update for Windows XP (KB950760) 1 (KB950760)
install date: 20080628
uninstall cmd: "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=950760
Security Update for Windows XP (KB950762) 1 (KB950762)
install date: 20080628
uninstall cmd: "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=950762
Security Update for Windows XP (KB950974) 1 (KB950974)
install date: 20080827
uninstall cmd: "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=950974
Security Update for Windows XP (KB951066) 1 (KB951066)
install date: 20080827
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951066
Update for Windows XP (KB951072-v2) 2 (KB951072-v2)
install date: 20080827
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951072
Security Update for Windows XP (KB951376-v2) 2 (KB951376-v2)
install date: 20080628
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951376
Security Update for Windows XP (KB951698) 1 (KB951698)
install date: 20080628
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951698
Security Update for Windows XP (KB951748) 1 (KB951748)
install date: 20080715
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951748
Update for Windows XP (KB951978) 1 (KB951978)
install date: 20080713
uninstall cmd: "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=951978
Hotfix for Windows XP (KB952287) 1 (KB952287)
install date: 20080827
uninstall cmd: "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=952287
Security Update for Windows XP (KB952954) 1 (KB952954)
install date: 20080827
uninstall cmd: "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=952954
Security Update for Windows Internet Explorer 7 (KB953838) 1 (KB953838-IE7)
install date: 20080827
uninstall cmd: "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=953838
Security Update for Windows XP (KB953839) 1 (KB953839)
install date: 20080827
uninstall cmd: "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=953839
Security Update for Windows XP (KB954211) 1 (KB954211)
install date: 20081014
uninstall cmd: "C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=954211
Security Update for Windows Internet Explorer 7 (KB956390) 1 (KB956390-IE7)
install date: 20081014
uninstall cmd: "C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=956390
Security Update for Windows XP (KB956391) 1 (KB956391)
install date: 20081014
uninstall cmd: "C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=956391
Security Update for Windows XP (KB956803) 1 (KB956803)
install date: 20081014
uninstall cmd: "C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=956803
Security Update for Windows XP (KB956841) 1 (KB956841)
install date: 20081014
uninstall cmd: "C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=956841
Security Update for Windows XP (KB957095) 1 (KB957095)
install date: 20081014
uninstall cmd: "C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=957095
Security Update for Windows XP (KB958644) 1 (KB958644)
install date: 20081024
uninstall cmd: "C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=958644
KeePass Password Safe 1.10 1.10 (KeePass Password Safe_is1)
install date: 20081112
install location: C:\Program Files\KeePass Password Safe\
uninstall cmd: "C:\Program Files\KeePass Password Safe\unins000.exe"
publisher: Dominik Reichl
help link: http://keepass.info/
LiveReg (Symantec Corporation) 2.3.0.1833 (LiveReg)
install location: C:\Program Files\Common Files\Symantec Shared\LiveReg
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
publisher: Symantec Corporation
Microsoft .NET Framework 1.1 Hotfix (KB928366) (M928366)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Malwarebytes' Anti-Malware (Malwarebytes' Anti-Malware_is1)
install date: 20090113
install location: C:\Program Files\Malwarebytes' Anti-Malware\
uninstall cmd: "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
publisher: Malwarebytes Corporation
help link: http://www.malwarebytes.org
Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm
(Microsoft Interactive Training)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
(Microsoft NetShow Player 2.0)
(MobileOptionPack)
(MPlayer2)
(MSI30-Beta1)
(MSI30-Beta2)
(MSI30-KB884016)
(MSI30-RC1)
(MSI30-RC2)
(MSI30a-KB884016)
(MSI31-Beta)
(MSI31-RC1)
(NetMeeting)
Microsoft National Language Support Downlevel APIs (NLSDownlevelMapping)
install date: 20080521
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
Notebook Maximizer (Notebook_Maximizer)
uninstall cmd: C:\WINDOWS\iun506.exe C:\Program Files\Notebook Maximizer\irunin.ini
NVIDIA Windows 2000/XP Display Drivers (NVIDIA)
uninstall cmd: rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvts.inf
(OutlookExpress)
(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
TOSHIBA Power Saver 7.00.01 (Power Saver)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\System32\TPSDel.dll"
Intel(R) PRO Network Adapters and Drivers (PROSet)
uninstall cmd: Prounstl.exe
RealPlayer Basic (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
(SchedulingAgent)
Shop for HP Supplies 10.0 (Shop for HP Supplies)
uninstall cmd: C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
publisher: HP
help link: http://www.hp.com/support
Learn2 Player (Uninstall Only) (StreetPlugin)
uninstall cmd: C:\Program Files\Learn2.com\StRunner\stuninst.exe
Synaptics Pointing Device Driver 7.5.11.0 (SynTPDeinstKey)
uninstall cmd: rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TOSHIBA Display Devices Change Utility (TDspBtn)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TDspBtn.inf,DefaultUninstall,5
Toshiba Hotkey Utility for Display Devices (TFNF5)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
thinkorswim (thinkorswim)
uninstall cmd: C:\Program Files\thinkorswim\uninstall.exe
publisher: thinkorswim, Inc.
TOSHIBA Access (TOSHIBA Access)
uninstall cmd: C:\PROGRA~1\TOSHIB~1\UNWISE.EXE C:\PROGRA~1\TOSHIB~1\INSTALL.LOG
TOSHIBA Software Modem 2.1.22 (SM2122ALD07) (TOSHIBA Software Modem)
uninstall cmd: Tosmreg -U
TOSHIBA Software Upgrades (TOSHIBA Software Upgrades)
uninstall cmd: C:\Toshiba\ivp\swupdate\UNWISE.EXE C:\Toshiba\ivp\swupdate\INSTALL.LOG
Toshiba Tbiosdrv Driver (Toshiba Tbiosdrv Driver)
uninstall cmd: C:\PROGRA~1\Toshiba\TOSHIB~1\UNWISE.EXE C:\PROGRA~1\Toshiba\TOSHIB~1\INSTALL.LOG
TOSHIBA Utilities (TOSHIBA Utilities)
uninstall cmd: tutildel.exe
TOSHIBA TouchPad On/Off Utility V2.05.00 (TouchED)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TouchED\Uninst.isu" -c"C:\Program Files\TOSHIBA\TouchED\tpedinst.dll"
Viewpoint Media Player (ViewpointMediaPlayer)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Genuine Advantage Validation Tool (KB892130) 1.7.0069.2 (WGA)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130
(WIC)
Windows XP Service Pack 3 20080414.031525 (Windows XP Service Pack)
install date: 20080521
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=936929
Yahoo! Toolbar (Yahoo! Companion)
uninstall cmd: C:\PROGRA~1\Yahoo!\Common\unyt.exe
Yahoo! Toolbar (Yahoo! Toolbar)
Adobe AIR 1.0.8.4990 ({00203668-8170-44A0-BE44-B632FA4D780F})
version: 16777224
version (major): 1
estimated size: 24847
install date: 20081021
install source: C:\Documents and Settings\Debby Gale\Local Settings\Application Data\nos\Adobe AIR Installer\
uninstall cmd: MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
publisher: Adobe Systems Inc.
TOSHIBA Speech System SR Engine(U.S.) Version1.0 ({008D69EB-70FF-46AB-9C75-924620DF191A})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
HP Photosmart Printer Driver Software 10.0.02 10.0 ({03ACC7CA-52CB-44d7-B87D-9F0D3B6930FD})
uninstall cmd: C:\Program Files\HP\Digital Imaging\{03ACC7CA-52CB-44d7-B87D-9F0D3B6930FD}\setup\hpzscr01.exe -datfile hposcr16.dat -onestop
publisher: HP
help link: http://www.hp.com/support
QuickTime 7.50.61.0 ({08CA9554-B5FE-4313-938F-D4A417B81175})
version: 120717373
version (major): 7
version (minor): 50
estimated size: 79772
install date: 20080906
install location: C:\Program Files\QuickTime\
install source: C:\DOCUME~1\DEBBYG~1\LOCALS~1\Temp\IXP851.TMP\
uninstall cmd: MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273
32 Bit HP CIO Components Installer 2.1.0 ({09BDEEF0-5590-457D-89A9-5DB2742F9BBF})
version: 33619968
version (major): 2
version (minor): 1
estimated size: 532
install date: 20080515
install source: D:\drivers\dot4\wrapper\
uninstall cmd: MsiExec.exe /I{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}
publisher: Hewlett-Packard
Toolbox 100.0.170.000 ({0F7C2E47-089E-4d23-B9F7-39BE00100776})
version: 1677721770
version (major): 100
estimated size: 6529
install date: 20080515
install source: D:\setup\Toolbox\
publisher: Hewlett-Packard
HPPhotoSmartPhotobookWebPack1 1.00.0000 ({12A76360-388E-4B27-ABEB-D5FC5378DD2A})
version: 16777216
version (major): 1
estimated size: 1821
install date: 20080515
install source: D:\setup\HPPhotoSmartPhotobookWebPack1\
publisher: Hewlett-Packard
GPBaseService 100.0.187.000 ({18669FF9-C8FE-407a-9F70-E674896B1DB4})
version: 1677721787
version (major): 100
estimated size: 4396
install date: 20080515
install source: D:\setup\GPBaseService\
publisher: Hewlett-Packard
PSSWCORE 2.02.0000 ({34BFB099-07B2-4E95-A673-7362D60866A2})
version: 33685504
version (major): 2
version (minor): 2
estimated size: 32713
install date: 20080515
install source: D:\setup\HPPhotoSmartCore\
publisher: Hewlett-Packard
WebFldrs XP 9.50.6513 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154278257
version (major): 9
version (minor): 50
estimated size: 2508
install date: 20030904
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows
HPProductAssistant 100.0.170.000 ({36FDBE6E-6684-462b-AE98-9A39A1B200CC})
version: 1677721770
version (major): 100
estimated size: 7654
install date: 20080515
install source: D:\setup\hpproductassistant\
publisher: Hewlett-Packard
TOSHIBA Console ({3CF0858D-1AC5-4308-9DE7-AD15288A8BDC})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -l0x9
iTunes 7.7.1.11 ({3DE0053C-FD9A-483E-B7C9-B06E4392206E})
version: 117899265
version (major): 7
version (minor): 7
estimated size: 85164
install date: 20080906
install location: C:\Program Files\iTunes\
install source: C:\DOCUME~1\DEBBYG~1\LOCALS~1\Temp\IXP851.TMP\
uninstall cmd: MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 ({3FBF6F99-8EC6-41B4-8527-0A32241B5496})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
Bonjour 1.0.104 ({47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3})
version: 16777320
version (major): 1
estimated size: 481
install date: 20080906
install location: C:\Program Files\Bonjour\
install source: C:\DOCUME~1\DEBBYG~1\LOCALS~1\Temp\IXP851.TMP\
uninstall cmd: MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273
TOSHIBA SD Memory Card Format ({48CF9A66-5F03-4025-ABD0-B3A3FA095A59})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe"
Apple Mobile Device Support 2.0.1.5 ({49C88E44-1B38-4FC6-824E-2BDA3063B0E3})
version: 33554433
version (major): 2
estimated size: 44780
install date: 20080906
install location: C:\Program Files\Common Files\Apple\Mobile Device Support\
install source: C:\DOCUME~1\DEBBYG~1\LOCALS~1\Temp\IXP851.TMP\
uninstall cmd: MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273
Cards_Calendar_OrderGift_DoMorePlugout 1.00.0000 ({4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6})
version: 16777216
version (major): 1
estimated size: 2100
install date: 20080515
install source: D:\setup\Cards_Calendar_Ordergift_Domore_Plugout\
publisher: Hewlett-Packard
SmartWebPrintingOC 100.0.189.000 ({5109C064-813E-4e87-B0DE-C8AF7B5BC02B})
version: 1677721789
version (major): 100
estimated size: 6749
install date: 20080515
install source: D:\setup\smartwebprintingoc\
publisher: Hewlett-Packard
DeviceDiscovery 100.0.190.000 ({52A69E11-7CEB-4a7d-9607-68BA4F39A89B})
version: 1677721790
version (major): 100
estimated size: 2335
install date: 20080515
install source: D:\setup\DeviceDiscovery\
publisher: Hewlett-Packard
TrayApp 100.0.170.000 ({5ACE69F0-A3E8-44eb-88C1-0A841E700180})
version: 1677721770
version (major): 100
estimated size: 2071
install date: 20080515
install source: D:\setup\TrayApp\
publisher: Hewlett-Packard
eSupportQFolder 1.00.0000 ({66E6CE0C-5A1E-430C-B40A-0C90FF1804A8})
version: 16777216
version (major): 1
estimated size: 124
install date: 20080515
install source: D:\setup\QFolder\
publisher: Hewlett-Packard
BufferChm 100.0.170.000 ({687FEF8A-8597-40b4-832C-297EA3F35817})
version: 1677721770
version (major): 100
estimated size: 1958
install date: 20080515
install source: D:\setup\BufferChm\
publisher: Hewlett-Packard
Apple Software Update 2.1.1.116 ({6956856F-B6B3-4BE0-BA0B-8F495BE32033})
version: 33619969
version (major): 2
version (minor): 1
estimated size: 2208
install date: 20081004
install location: C:\Program Files\Apple Software Update\
install source: C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple\Apple Software Update\
uninstall cmd: MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
publisher: Apple Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273
CustomerResearchQFolder 1.00.0000 ({6F5E2F4A-377D-4700-B0E3-8F7F7507EA15})
version: 16777216
version (major): 1
estimated size: 124
install date: 20080515
install source: D:\setup\QFolder\
publisher: Hewlett-Packard
HP Update 4.000.011.006 ({7059BDA7-E1DB-442C-B7A1-6144596720A4})
version: 67108875
version (major): 4
estimated size: 3796
install date: 20080905
install source: C:\DOCUME~1\DEBBYG~1\LOCALS~1\Temp\pft1F.tmp\
uninstall cmd: MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
publisher: Hewlett-Packard
contact: http://www.hp.com/support
Java 2 Runtime Environment, SE v1.4.2 1.4.2 ({7148F0A8-6813-11D6-A77B-00B0D0142000})
version: 17039362
version (major): 1
version (minor): 4
estimated size: 63140
install date: 20030910
install source: C:\Documents and Settings\Owner\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142000}\
uninstall cmd: MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
publisher: Sun Microsystems, Inc.
comments: http://www.java.com
contact: http://www.java.com
help link: http://www.java.com
help telephone: http://www.java.com
readme: Readme.txt
Microsoft Visual C++ 2005 Redistributable 8.0.56336 ({7299052b-02a4-4627-81f2-1818da5d550d})
version: 134274064
version (major): 8
estimated size: 5330
install date: 20081105
install source: C:\DOCUME~1\DEBBYG~1\LOCALS~1\Temp\7zS8A.tmp\
uninstall cmd: MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
publisher: Microsoft Corporation
Microsoft Works 7.0 07.02.0620 ({764D06D8-D8DE-411E-A1C8-D9E9380F8A84})
version: 117572204
version (major): 7
version (minor): 2
estimated size: 208327
install date: 20030904
install source: C:\WORKSSETUP\
uninstall cmd: MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
publisher: Microsoft Corporation
comments: Microsoft Works 7.0 installation.
help link: http://support.microsoft.com/support/works
help telephone:
Acrobat.com 0.0.0 ({77DCDCE3-2DED-62F3-8154-05E745472D07})
estimated size: 1623
install date: 20081021
install source: C:\Documents and Settings\Debby Gale\Local Settings\Temp\flaAE.tmp\
uninstall cmd: MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
publisher: Adobe Systems Incorporated
SigmaTel AC97 Audio Drivers 4025 ({7959721D-8268-4565-9E0E-C41A9F4848A9})
install location: C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7959721D-8268-4565-9E0E-C41A9F4848A9}\setup.exe" -l0x9 -nodialog -uninstall
UnloadSupport 10.0.0 ({8A85DEAD-7C1F-4368-881C-72AC74CB2E91})
version: 167772160
version (major): 10
estimated size: 8127
install date: 20080515
install source: D:\setup\UnloadSupport\
publisher: Hewlett-Packard
Microsoft Office OneNote 2003 11.0.8173.0 ({91A10409-6000-11D3-8CFE-0150048383C9})
version: 184557549
version (major): 11
estimated size: 82688
install date: 20080915
install source: C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\
uninstall cmd: MsiExec.exe /I{91A10409-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\OFFICE11\1033\OFREADME.HTM
InterVideo WinDVD 4 ({98E8A2EF-4EAE-43B8-A172-74842B764777})
version (major): 4
install location: C:\Program Files\InterVideo\WinDVD4
uninstall cmd: "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
publisher: InterVideo Inc.
DVD-RAM Driver ({9D765FA6-F2BC-40AF-8145-50808F9BDF4E})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\Setup.exe" DVD-RAM Driver
CD/DVD Drive Acoustic Silencer 1.00.005 ({9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
publisher: TOSHIBA
HPPhotoSmartDiscLabel_PaperLabel 2.02.0000 ({A07840FC-CE63-4CB8-8030-EF4B9805925A})
version: 33685504
version (major): 2
version (minor): 2
estimated size: 41
install date: 20080515
install source: D:\setup\HPPhotoSmartDiscLabel_PaperLabel\
publisher: Hewlett-Packard
Status 100.0.175.000 ({A0B9F8DF-C949-45ed-9808-7DC5C0C19C81})
version: 1677721775
version (major): 100
estimated size: 8690
install date: 20080515
install source: D:\setup\Status\
publisher: Hewlett-Packard
SolutionCenter 100.0.175.000 ({A5AB9D5E-52E2-440e-A3ED-9512E253C81A})
version: 1677721775
version (major): 100
estimated size: 12717
install date: 20080515
install source: D:\setup\SolutionCenter\
publisher: Hewlett-Packard
TOSHIBA Controls ({A6690C0E-B96E-4F0F-A8EB-D5B332454AC6})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
SurfHere by Toshiba 1.0.0 ({A962C8E1-4F0B-4BA9-806E-B8D9A3B31F82})
version: 16777216
version (major): 1
estimated size: 200
install date: 20030910
install source: c:\SurfHere.temp\
uninstall cmd: MsiExec.exe /X{A962C8E1-4F0B-4BA9-806E-B8D9A3B31F82}
publisher: Toshiba America Information Systems, Inc.
DeviceManagementQFolder 1.00.0000 ({AB5D51AE-EBC3-438D-872C-705C7C2084B0})
version: 16777216
version (major): 1
estimated size: 124
install date: 20080515
install source: D:\setup\QFolder\
publisher: Hewlett-Packard
Adobe Reader 9 9.0.0 ({AC76BA86-7AD7-1033-7B44-A90000000001})
version: 150994944
version (major): 9
estimated size: 209258
install date: 20081021
install location: C:\Program Files\Adobe\Reader 9.0\Reader\
install source: C:\Documents and Settings\Debby Gale\Local Settings\Application Data\Adobe\Reader 9.0\Setup Files\READER9\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
publisher: Adobe Systems Incorporated
comments:
contact: Customer Support
help link: http://www.adobe.com/support/main.html
readme: C:\Program Files\Adobe\Reader 9.0\Readme.htm
NetDeviceManager 100.0.170.000 ({ACDE260A-602B-4cfb-A650-D0DBA6FFAD85})
version: 1677721770
version (major): 100
estimated size: 629
install date: 20080515
install source: D:\setup\NetDeviceManager\
publisher: Hewlett-Packard
hpphotosmartdisclabelplugin 2.02.0000 ({ADFB9653-F44C-460C-BF58-189CC552DFFE})
version: 33685504
version (major): 2
version (minor): 2
estimated size: 12960
install date: 20080515
install source: D:\setup\HPPhotoSmartDiscLabelPlugin\
publisher: Hewlett-Packard
PS_SF_02_Software 100.0.206.000 ({AF1778C9-CC16-4aad-AF43-9A57429E7114})
version: 1677721806
version (major): 100
estimated size: 5193
install date: 20080515
install source: D:\setup\Software\
publisher: Hewlett-Packard
Spybot - Search & Destroy 1.6.0 ({B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1)
install date: 20081105
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
help link: http://www.safer-networking.org/index.php?page=support
HPPhotoSmartDiscLabel_PrintOnDisc 2.02.0000 ({B4E91E95-A5BA-4E50-A465-DB7EFEB176E8})
version: 33685504
version (major): 2
version (minor): 2
estimated size: 81
install date: 20080515
install source: D:\setup\HPPhotoSmartDiscLabel_PrintOnDisc\
publisher: Hewlett-Packard
HPSSupply 100.0.170.000 ({B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF})
version: 1677721770
version (major): 100
estimated size: 1012
install date: 20080515
install source: D:\setup\DTSS\
publisher: Hewlett-Packard
ArcSoft Software Suite ({BA561482-C49D-4687-A61C-96236C1688F0})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA561482-C49D-4687-A61C-96236C1688F0}\SETUP.EXE" -l0x9
HP Photosmart Essential 2.5 1.02.0000 ({BAD0FA60-09CF-4411-AE6A-C2844C8812FA})
version: 16908288
version (major): 1
version (minor): 2
estimated size: 882
install date: 20080515
install source: D:\setup\HPPhotoSmartEssential\
publisher: Hewlett-Packard
({BB8B979E-E336-47E7-96BC-1031C1B94561})
TOSHIBA ConfigFree 3.00.13 ({BDD83DC9-BEE9-4654-A5DA-CC46C250088D})
version: 50331661
install location: C:\Program Files\TOSHIBA\ConfigFree
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
D7400 100.0.206.000 ({C4A4748B-EAD0-496e-A62B-B15543FAB65F})
version: 1677721806
version (major): 100
estimated size: 323
install date: 20080515
install source: C:\Program Files\HP\Digital Imaging\{03ACC7CA-52CB-44d7-B87D-9F0D3B6930FD}\Product\
publisher: Hewlett-Packard
Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 70855
install date: 20080519
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm
WebReg 100.0.170.000 ({CCB9B81A-167F-4832-B305-D2A0430840B3})
version: 1677721770
version (major): 100
estimated size: 905
install date: 20080515
install source: D:\setup\WebReg\
publisher: Hewlett-Packard
PS_SF_02_Software_Min 100.0.206.000 ({D23E6E13-653C-415e-937A-598E1CEFACB1})
version: 1677721806
version (major): 100
estimated size: 20
install date: 20080515
install source: D:\setup\Software_min\
publisher: Hewlett-Packard
MarketResearch 100.0.170.000 ({D2E0F0CC-6BE0-490b-B08B-9267083E34C9})
version: 1677721770
version (major): 100
estimated size: 5948
install date: 20080515
install source: D:\setup\MarketResearch\
publisher: Hewlett-Packard
HPPhotoSmartDiscLabelContent1 2.02.0000 ({DD3C88A0-C53C-41D0-A21B-6D021981D23E})
version: 33685504
version (major): 2
version (minor): 2
estimated size: 5433
install date: 20080515
install source: D:\setup\HPPhotoSmartDiscLabelContent1\
publisher: Hewlett-Packard
Drag'n Drop CD+DVD ({DDC146FA-73E0-4FA1-A353-841EA14BF600})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DDC146FA-73E0-4FA1-A353-841EA14BF600}\Setup.exe" -l0x9 deleteall
VideoToolkit01 100.0.128.000 ({E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC})
version: 1677721728
version (major): 100
estimated size: 448
install date: 20080515
install source: D:\setup\VideoToolkit01\
publisher: Hewlett-Packard
Acronis True Image Home 11.0.8022 ({E5343B27-55DF-40BD-9FCF-A643C1331E8A})
version: 184557398
version (major): 11
estimated size: 241737
install date: 20081112
install source: C:\DOCUME~1\DEBBYG~1\LOCALS~1\Temp\4610BA33-E2F1-4522-B368-7150416DC02A\
uninstall cmd: MsiExec.exe /X{E5343B27-55DF-40BD-9FCF-A643C1331E8A}
publisher: Acronis
contact: Acronis
D7400_Help 100.0.206.000 ({E7E812E5-6A95-4c4e-B859-33AD08C958EC})
version: 1677721806
version (major): 100
estimated size: 6957
install date: 20080515
install source: D:\Setup\ProductHelp\
publisher: Hewlett-Packard
TOSHIBA Speech System Applications ({EE033C1F-443E-41EC-A0E2-559B539A4E4D})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
OpenOffice.org 3.0 3.0.9358 ({F44DA61E-720D-4E79-871F-F6E628B33242})
version: 50341006
version (major): 3
estimated size: 346995
install date: 20081118
install location: C:\Program Files\
install source: C:\Documents and Settings\Debby Gale\Desktop\OpenOffice.org 3.0 (en-US) Installation Files\
uninstall cmd: MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
publisher: OpenOffice.org
comments: OpenOffice.org 3.0 (en-US) (OOO300m9(Build:9358))
contact: Department for technical support
help link: http://www.openoffice.org
help telephone: x-xxx-xxx-xxx
Quicken 2003 New User Edition 12.00.0000 ({F61F2821-694C-475F-99AB-6AF2EFDF40FD})
version: 201326592
version (major): 12
estimated size: 70936
install date: 20030910
install source: C:\DRVSTEMP\QUICKE~1\MANUAL\disk1\
publisher: Intuit
comments: All URL's valid as of October 2001
contact: Customer Support Department
help link: http://www.intuit.com/support/quicken
help telephone: 1-900-555-4932
readme: Readme.txt
Toshiba Registration 1.00.0000 ({F6C405D2-C50D-4D10-B89E-73A233A14D74})
version: 16777216
version (major): 1
estimated size: 3251
install date: 20030910
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\_is3\
uninstall cmd: MsiExec.exe /X{F6C405D2-C50D-4D10-B89E-73A233A14D74}
publisher: Toshiba
comments: Your Comments
contact: Toshiba
help link: www.toshiba.com
help telephone: ***IS_STRING_NOT_DEFINED***
PS_SF_02_ProductContext 100.0.206.000 ({FB52D14B-505F-4e32-89FF-1234233301D2})
version: 1677721806
version (major): 100
estimated size: 109
install date: 20080515
install source: C:\Program Files\HP\Digital Imaging\{03ACC7CA-52CB-44d7-B87D-9F0D3B6930FD}\
publisher: Hewlett-Packard
Thanks Phil.
Sorry Phil. I didn't read the instructions properly the first time. Here's the HJT Uninstall List.
32 Bit HP CIO Components Installer
Acrobat.com
Acrobat.com
Acronis*True*Image*Home
Adobe Acrobat 5.0
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20030807.3)
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
Ashampoo FireWall 1.20
AT&T Connection Services Manager
AVG Free 8.0
Bonjour
CD/DVD Drive Acoustic Silencer
Drag'n Drop CD+DVD
DVD-RAM Driver
ERUNT 1.1j
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Photosmart Printer Driver Software 10.0.02
HP Smart Web Printing
HP Solution Center 10.0
HP Update
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD 4
iTunes
Java 2 Runtime Environment, SE v1.4.2
KeePass Password Safe 1.10
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Notebook Maximizer
NVIDIA Windows 2000/XP Display Drivers
OpenOffice.org 3.0
Quicken 2003 New User Edition
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958644)
Shop for HP Supplies
SigmaTel AC97 Audio Drivers
Spybot - Search & Destroy
SurfHere by Toshiba
Synaptics Pointing Device Driver
thinkorswim
TOSHIBA Access
TOSHIBA ConfigFree
TOSHIBA Console
TOSHIBA Controls
TOSHIBA Display Devices Change Utility
Toshiba Hotkey Utility for Display Devices
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Tbiosdrv Driver
TOSHIBA TouchPad On/Off Utility V2.05.00
TOSHIBA Utilities
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Viewpoint Media Player
Windows XP Service Pack 3
Yahoo! Toolbar
pskelley
2009-01-20, 11:54
Thanks for returning your information and the feedback. combofix found some junk, let clean more like this.
Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
*Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html
If you still have MBAM you can use it, but do update and run as instructed.
Download Malwarebytes' Anti-Malware to your Desktop
http://www.malwarebytes.org/
* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file in your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Tutorial if needed:
http://www.techsupportteam.org/forum/tutorials/2282-malwarebytes-anti-malware-mbam.html
How is the computer running now?
Thanks
Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.
Hackers are using out of date programs to infect folks more and more,
Here is a small free tool that lets you know when something needs an update if you are interested:
http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.
Java 2 Runtime Environment, SE v1.4.2 <<< very, very old version, see this:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Be aware of this information so you can opt out of anything you do not want.
Microsoft Does MSN Toolbar Distribution Deal With Java:
http://searchengineland.com/microsoft-does-msn-toolbar-distribution-deal-with-java-15413.php
http://raproducts.org/ <<< this tool will help if you have trouble uninstalling that old version.
Viewpoint Media Player <<< if yuou don't use this, uninstall it:
For your information, Viewpoint is installed by aol probably without your knowledge.
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint
http://www.clickz.com/news/article.php/3561546
http://vil.nai.com/vil/content/v_137262.htm
Hi Phil.
The computer weemed to be working fine. Then I loaded AVG did an update and it found some files that were infected and after fixing them I did a restart and it won't boot. I'm going to have restore from an image backup before i can continue.
Sorry for the delay. I should have this done tonight.
Bob
pskelley
2009-01-22, 13:20
Then I loaded AVG did an update and it found some files that were infected and after fixing them I did a restart and it won't boot.
Any program, no matter how careful they are can make a mistake, that's why AVG quarantines what it removes. You can access that quarantine via the AVG interface, click History then Virus Vault. As you can see any files can be restored. You can also google the files removed to see what they are if you are not sure or send them to AVG for analysis. Here are free online scanners that are handy to have:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/
A good idea to let stuff AVG remove to stay in the Virus Vault for at least a few days befoe deleting it.
I can not tell you much more without knowing the error message you got when the computer would not boot. Sometime a restart will correct they issue. You might also want to run System File Checker to make sure nothing is missing or corrupt: http://dwightblackburn.com/winxp/ <<< tut
Thanks...Phil
Hi Phil.
I restored the HD from the image of the last total backup. I went back through the steps we took to clean the DNS Changer then reinstalled AVG and ran a complete scan. it detected no infected files. I haven't had time yet to do much surfing to see if the problem is resolved completely or not.
When I re-installed S&D it will not update. I get a message "Error retrieving Update into file". I can browse in IE so I don't think it is an internet connection problem and I have not reinstalled the Ashampoo firewall yet. Any suggestions?
Thanks
Bob
pskelley
2009-01-22, 16:13
Thanks for the feedback Bob, this thread will remain open until all malware issues are resolved one way or another. (we still have have to remove combofix and wrap up) I am not an expert on Spybot S&D <<< assume that is what you meant.
I would first suggest you try updating other programs and if they are ok, then uninstall Spybot S&D and install it again. If you still have issues, then look here for answers and to post your questions.
http://forums.spybot.info/forumdisplay.php?f=4
I also updated Spybot S&D on this computer just now and it updated fine. One thing you can try, update from a different server, change the update location when prompted to update.
Keep me posted...Phil
Thanks Phil.
I fixed the problem. I had to change the DNS settings. I'll run a S&D scan now. Should I also immunize?
Bob
pskelley
2009-01-22, 16:27
Always immunize after you do do any updates:
http://www.safer-networking.org/en/faq/index.html
I'll post this information for you now if you are ready for it.
Remove combofix from the computer like this:
Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
Clean the System Restore files like this:
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot
Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
(I can't see where I ever got the first MBAM scan result, so if you have questions about the results, please post them)
Update MBAM and scan to be sure we missed none of the junk, there is no need to post a clean scan result.
(MBAM is yours to keep if you wish, update it and run it once a month or so)
Update AVG 8 and scan the system, to be sure it is running right and scanning clean.
Good AVG information: http://www.avg.com/faq
AVG Free Forum: http://freeforum.avg.com/
If all is well at this point, let me know and I will close the topic.
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
http://www.malwarecomplaints.info/
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
http://users.telenet.be/bluepatchy/miekiemoes/Links.html
Hi Phil.
Everything seems to be OK. I really appreciate the help you've given me on this. So I guess this case can be closed. What are you're reccomended procedures now that it's clean to maitain it clean?
On my other computer I have a lot of processes that load on start-up and was hoping you could give me some some advise or point me toward a solution on how to clean that up. I've cleared the prefetch once but it keeps loading things I don't need it to load at start-up.
Thanks again.
Bob
pskelley
2009-01-24, 17:21
Hi Bob, if you would read the links above, I believe all of your questions will be answers. It's not a good idea to mix computer in the same thread, but this information should help you:
What to do if your Computer's running slowly
http://www.netsquirrel.com/msconfig/msconfig_xp.html
http://www.malwareremoval.com/tutorials/runningslowly.php
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html <<< posted earlier
http://www.microsoft.com/atwork/getstarted/speed.mspx
Prefetch is an important part of the operating system, please read the information in the link I posted once already:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html
http://www.google.com/search?hl=en&q=what+is+Prefetch&btnG=Google+Search&aq=f&oq=
Thanks