View Full Version : win32.tdss.rtk
fdpatches
2009-07-27, 15:56
Hello,
I found out that I have win32.tdss.rtk on my computer. I have tried malware bytes and Spybot search and destroy to no avail. Also I just notices that the system restore is not working, not sure how long since I haven
t used it in ages. It says there is not enough disk space but it says it needs at least %d MB of free space so it must be some kind of error. My web searches have been redirected for a few weeks now, but I didnt really think much of it. Here is a copy of my hihack this log.
Thanks in advance for your help,
Tom
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:29 AM, on 7/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\SYSTEM32\GEARSEC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\SM1BG.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BOINC\boincmgr.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\BOINC\boinc.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\spider.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runevillage.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8557] command /c del "C:\WINNT\system32\drivers\hjgruialmlxqtq.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3458] cmd /c del "C:\WINNT\system32\drivers\hjgruialmlxqtq.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7956] command /c del "C:\WINNT\system32\hjgruiapltqiah.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC342] cmd /c del "C:\WINNT\system32\hjgruiapltqiah.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6886] command /c del "C:\WINNT\system32\hjgruiflqnawvc.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7694] cmd /c del "C:\WINNT\system32\hjgruiflqnawvc.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9114] command /c del "C:\WINNT\temp\hjgruitllweoufpe.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9325] cmd /c del "C:\WINNT\temp\hjgruitllweoufpe.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5380] command /c del "C:\WINNT\system32\hjgruinklqxwyo.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2776] cmd /c del "C:\WINNT\system32\hjgruinklqxwyo.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA749] command /c del "C:\WINNT\system32\hjgruivjwmhcpn.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9255] cmd /c del "C:\WINNT\system32\hjgruivjwmhcpn.dat"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5411] command /c del "C:\WINNT\system32\drivers\hjgruialmlxqtq.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7093] cmd /c del "C:\WINNT\system32\drivers\hjgruialmlxqtq.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7336] command /c del "C:\WINNT\system32\hjgruiapltqiah.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3318] cmd /c del "C:\WINNT\system32\hjgruiapltqiah.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9285] command /c del "C:\WINNT\system32\hjgruiflqnawvc.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1166] cmd /c del "C:\WINNT\system32\hjgruiflqnawvc.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4976] command /c del "C:\WINNT\temp\hjgruitllweoufpe.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9861] cmd /c del "C:\WINNT\temp\hjgruitllweoufpe.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9803] command /c del "C:\WINNT\system32\hjgruinklqxwyo.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2770] cmd /c del "C:\WINNT\system32\hjgruinklqxwyo.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6228] command /c del "C:\WINNT\system32\hjgruivjwmhcpn.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1827] cmd /c del "C:\WINNT\system32\hjgruivjwmhcpn.dat"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Search - ?p=ZJxdm086YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O16 - DPF: {4129EA54-F04E-11D3-BF96-00C04F0E7BE2} - http://www112.coolsavings.com/LTC/download/cscmv4X.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229602947828
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4029.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.konicaminoltaonline.com/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: avgrsstx.dll skofpi.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINNT\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: hgGyyxYo - hgGyyxYo.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\SYSTEM32\GEARSEC.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
--
End of file - 15168 bytes
Bio-Hazard
2009-07-27, 18:11
Hello and Welcome to forums!
My name is Bio-Hazard and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
I will be working on your Malware issues this may or may not solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine.
I f you don't know or understand something please don't hesitate to ask.
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.
No Reply Within 4 Days Will Result In Your Topic Being Closed!!
Bio-Hazard
2009-07-27, 18:22
Use of P2P (Person to Person) file sharing programs
I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
Kazaa
Please read HERE (http://forums.spybot.info/showpost.php?p=218503&postcount=4) the Safer Networking Forums policy on the use of P2P file sharing programs. Please remove it before we can continue any further. Post back when you have done it so we can continue the cleaning process.
NOTE: Even if you are using a safe P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
STEP 1
Download DDS
Please download DDS by sUBs from one of the links below and save it to your desktop:
http://img.photobucket.com/albums/v666/sUBs/dds_scr.gif
Download DDS and save it to your desktop from:
Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://www.forospyware.com/sUBs/dds)
Please disable any anti-malware program that will block scripts from running before running DDS.
Double-Click on dds.scr and a command window will appear. This is normal.
Shortly after two logs will appear:
DDS.txt
Attach.txt
A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both logs & post in your next reply
STEP 2
RootRepeal - Rootkit Detector
Download RootRepeal.zip (http://rootrepeal.googlepages.com/RootRepeal.zip) and unzip it to your Desktop.
Double click RootRepeal.exe to start the program
Click on the Report tab at the bottom of the program window
Clickthe Scan button
In the Select Scan dialog, check:
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Click the OK button
In the next dialog, select all drives showing
Click OK to start the scan
The scan can take some time. DO NOT run any other programs while the scan is running
When the scan is complete, the Save Report button will become available
Click this and save the report to your Desktop as RootRepeal.txt
Go to File, then Exit to close the program
Next Reply
Please reply with:
DDS.txt
Attach.txt
RootRepeal.txt
fdpatches
2009-07-27, 19:55
Hello,
I thought kazaa was removed, when I tried to remove it using add remove program I get an error message
Error loading
C:\winnt\system32\cd_clint.dll
the specific module could not be found.
Also when I tried to run the progam I get the error
couldn't load library
topseach.dll
Any other way to get rid of it?
Thanks,
Tom
fdpatches
2009-07-27, 20:21
Hello,
here are the DDS logs, when I tried to run rootrepeal, the computer actually shut down, when It rebooted I got a dos type window popup that said
16 bit ms-dos subsystem
c:\winnt\system32\command.com
c:\programfiles\symantic\s32eunt1.dll
close or ignore
I clicked both several times and it finally disappeared. When windows came up several of the same windows popped up, I was able to close them all. Then the windows box poped up and said it recovered from an error.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-06-26.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\Harddisk0\DP(1)0x7e00-0x1bf26f0400+1
Install Date: 3/19/2002 4:03:19 PM
System Uptime: 7/26/2009 12:48:11 PM (25 hours ago)
Motherboard: Intel Corporation | | D850MV
Processor: Intel(R) Pentium(R) 4 CPU 2.20GHz | J2E1 | 2193/100mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 40.276 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is CDROM ()
G: is CDROM (CDFS)
==== Disabled Device Manager Items =============
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&3A2C8C4B&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&3A2C8C4B&0
Service: i8042prt
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Easy Internet Keyboard
Device ID: ACPI\PNP0303\4&3A2C8C4B&0
Manufacturer: Logitech
Name: Easy Internet Keyboard
PNP Device ID: ACPI\PNP0303\4&3A2C8C4B&0
Service: i8042prt
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: MAC Bridge Miniport
Device ID: ROOT\MS_BRIDGEMP\0000
Manufacturer: Microsoft
Name: MAC Bridge Miniport
PNP Device ID: ROOT\MS_BRIDGEMP\0000
Service: BridgeMP
==== System Restore Points ===================
RP949: 6/27/2009 10:51:14 AM - Avg8 Update
RP950: 6/27/2009 10:51:18 AM - Avg8 Update
RP951: 6/27/2009 10:51:21 AM - System Checkpoint
RP952: 6/27/2009 10:51:23 AM - System Checkpoint
RP953: 6/27/2009 10:51:23 AM - System Checkpoint
RP954: 6/27/2009 10:51:24 AM - Avg8 Update
RP955: 6/27/2009 10:51:27 AM - Avg8 Update
RP956: 6/27/2009 10:51:27 AM - Avg8 Update
RP957: 6/27/2009 10:51:30 AM - Avg8 Update
RP958: 6/27/2009 10:51:32 AM - Avg8 Update
RP959: 6/27/2009 10:51:34 AM - Avg8 Update
RP960: 6/27/2009 10:51:36 AM - FiOS Installation
RP961: 6/27/2009 10:51:38 AM - System Checkpoint
RP962: 6/27/2009 10:51:40 AM - System Checkpoint
RP963: 6/27/2009 10:51:41 AM - System Checkpoint
RP964: 6/27/2009 10:51:43 AM - System Checkpoint
RP965: 6/27/2009 10:51:45 AM - Removed Verizon FiOS Connection Wizard
RP966: 6/27/2009 10:51:46 AM - Removed Monsters, Inc. Wreck Room Arcade
RP967: 6/27/2009 10:51:48 AM - Avg8 Update
RP968: 6/27/2009 10:51:48 AM - Avg8 Update
==== Installed Programs ======================
2002 TaxSlayer OLF
3D Groove Playback Engine
911 Fire Rescue
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8
AFS780
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
ARC-EazyStream Client
Army Men RTS
ATI - Software Uninstall Utility
ATI Control Panel
ATI Decoder
ATI Display Driver
ATI HYDRAVISION
ATI Multimedia Center
ATI Multimedia Center 9.01
ATI Remote Wonder 2.3
ATIRW2
AVG Free 8.5
AviSynth 2.5
Batch Assistant
Big Fish Games Client
BMSE dbl
Bob the Builder
Bob the Builder - Bob's Castle Adventure
BOINC
Call of Duty
Call of Duty - United Offensive
Call of Duty(R) 2
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Chuzzle Deluxe 1.01
Command & Conquer Generals
Command & Conquer Renegade
Command and ConquerTM Generals Zero Hour
ComputerCOP (Remove Only)
Coupon Printer for Windows
Creative PlayCenter
Creative Recorder
Cypress USB Mass Storage Driver Installation
DAO
Data Compiler
Day of Defeat
Diner Dash®: Flo on the Go
Dora Lost City
DVD Copy Plus
DVD Decrypter (Remove Only)
DVD Player
DVD Shrink 3.2
DVDFab Decrypter 2.9.7.3
DVDXCopy (remove only)
EACOM Game Installer
Easy CD-DA Extractor 8.0.2
Easy CD Creator 5 Basic
ERUNT 1.1j
eXplorist Wizard
FDNY Firefighter: American Hero
Fisher Price ABC 32
GameSpy Arcade
GearDrivers
Google Earth
Google Toolbar for Internet Explorer
GTW V.92 Voice Modem
Guild Wars
Handmark Monopoly
Harry Potter II
HelpSpot
Hidden Expedition - Titanic (remove only)
Hidden Expedition Titanic (remove only)
Hidden Mysteries: Civil War
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Hubble Images Screen Saver
HyperLoad
IE Help
IEC system
Imaginext(TM) Battle Castle
Indexing Function
Intel(R) PRO Ethernet Adapter and Software
InterActual Player
iTunes
Java(TM) 6 Update 14
Java(TM) 6 Update 7
Jewel Quest (remove only)
KartRider
Kazaa Media Desktop 2.1.1
KazStamp
Kids Next Door
Learn2 Player (Uninstall Only)
LEGO Digital Designer
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Logitech iTouch Software
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MCP-1A
Medal of Honor Allied Assault
Media Library Management Wizard
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Data Access Components KB870669
Microsoft Links 2001
Microsoft Links 2003
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft Picture It! Photo Premium 9
Microsoft Rise Of Nations Trial
Microsoft Smart Card Base Components
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser and SDK
mIRC
MobileDB for Palm OS
Monopoly Tycoon
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla Firefox (3.5.1)
MSN Gaming Zone
MSN Music Assistant
MSXML 4.0 SP2 (KB954430)
MSXML4 Parser
MUSICMATCH Jukebox
MyMouse 4.3
Nancy Drew: Ghost Dogs of Moon Lake
Nancy Drew: Secret of the Scarlet Hand
Nancy Drew: Stay Tuned For Danger
Napster
Napster Burn Engine
Napster Label Creator
Nero 7 Premium
neXBC 5.0
Operation
Paint Shop Pro 7 Try And Buy
Palm Desktop
Palm Desktop and Synchronization Software
PC-Doctor for Windows
Personal License Update Wizard for Windows Media Player
PhoneTools
PhotoParade Player
Plus! MP3 Audio Converter LE
Pokémon Edu Series
ProScan Client
ProScan Client 1.8
PS/2 Millennium Keyboard
PSP Video 9 1.51
Pure Networks Port Magic
QuickTime
RealPlayer
Rise of Nations
Roll
RollerCoaster Tycoon 2
SBM OS
Scooby-Doo(TM), Phantom of the Knight(TM)
SE Assistant
SE Help
Search Assistant
Search Function
Search OS
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
ServerWatch AntiCheat
Shockwave
Shutterfly SmartUpload
Sidebar Search
Sierra Utilities
smart Card Reader
Solitare Pack I
Sound Blaster Live! Value
SpongeBob SquarePants Diner Dash (remove only)
SpongeBob SquarePants Diner Dash 2
SpongeBob SquarePants Obstacle Odyssey 2
Spybot - Search & Destroy
Spybot - Search & Destroy 1.3
Support Software
Support.com Web Controls
TeamSpeak 2 RC2
TeamSpeak 2 Server RC2
The Print Shop Ensemble III
Thomas & Friends - The Great Festival Adventure
Thomas New Line
TinyCars 1.1
To The Eds-treme
TONKA Firefighter
TONKA Search & Rescue 2
Tonka Search and Rescue
TrunkStar780
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB955839)
URL.IE APP
USB Storage Adapter FX (SM1)
Ventrilo Client
Verizon FiOS Activation
Verizon FiOS Connection Wizard
Verizon Help and Support Tool
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WeatherBug
WebFldrs XP
Westwood Shared Internet Components
WildTangent GameChannel (remove only)
WildWest Version 1.12
WinAce Archiver
WinAce Archiver 2.0
Winamp (remove only)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Bonus Pack for Windows XP
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinMX
Xfire (remove only)
XLink Kai Evolution 7
ZoneAlarm
==== Event Viewer Messages From Past Week ========
7/27/2009 1:04:05 PM, error: Service Control Manager [7016] - The GEARSecurity service has reported an invalid current state 0.
7/26/2009 12:45:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX cdudf_xp Fips i8042prt intelppm IPSec KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vsdatant
7/26/2009 12:45:41 PM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
7/26/2009 12:45:41 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
7/26/2009 12:45:41 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/26/2009 12:45:41 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/26/2009 12:45:41 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
7/26/2009 12:45:41 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/26/2009 12:45:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/26/2009 12:45:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/22/2009 7:16:32 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer YOUR-XXSYYAOZ37 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0E3DAB07-814. The master browser is stopping or an election is being forced.
7/20/2009 5:44:31 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the drive specified.
7/20/2009 5:44:30 PM, error: SRService [104] - The System Restore initialization process failed.
7/20/2009 5:33:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
7/20/2009 5:33:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.
7/20/2009 5:33:29 PM, error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
==== End Of File ===========================
DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 13:03:59.79 on Mon 07/27/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.197 [GMT -4:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\SYSTEM32\GEARSEC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\SM1BG.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINNT\System32\svchost.exe -k imgsvc
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BOINC\boincmgr.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\BOINC\boinc.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.runevillage.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.gateway.net
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - No File
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\winnt\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [<NO NAME>]
uRun: [ATI Launchpad]
uRun: [ATI Remote Control] c:\program files\ati multimedia\remctrl\ATIRW.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRunOnce: [SpybotDeletingB5411] command /c del "c:\winnt\system32\drivers\hjgruialmlxqtq.sys"
uRunOnce: [SpybotDeletingD7093] cmd /c del "c:\winnt\system32\drivers\hjgruialmlxqtq.sys"
uRunOnce: [SpybotDeletingB7336] command /c del "c:\winnt\system32\hjgruiapltqiah.dll"
uRunOnce: [SpybotDeletingD3318] cmd /c del "c:\winnt\system32\hjgruiapltqiah.dll"
uRunOnce: [SpybotDeletingB9285] command /c del "c:\winnt\system32\hjgruiflqnawvc.dll"
uRunOnce: [SpybotDeletingD1166] cmd /c del "c:\winnt\system32\hjgruiflqnawvc.dll"
uRunOnce: [SpybotDeletingB4976] command /c del "c:\winnt\temp\hjgruitllweoufpe.tmp"
uRunOnce: [SpybotDeletingD9861] cmd /c del "c:\winnt\temp\hjgruitllweoufpe.tmp"
uRunOnce: [SpybotDeletingB9803] command /c del "c:\winnt\system32\hjgruinklqxwyo.dat"
uRunOnce: [SpybotDeletingD2770] cmd /c del "c:\winnt\system32\hjgruinklqxwyo.dat"
uRunOnce: [SpybotDeletingB6228] command /c del "c:\winnt\system32\hjgruivjwmhcpn.dat"
uRunOnce: [SpybotDeletingD1827] cmd /c del "c:\winnt\system32\hjgruivjwmhcpn.dat"
mRun: [AtiPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
mRun: [GWMDMMSG] GWMDMMSG.exe
mRun: [Keyboard Preload Check] c:\oemdrvrs\keyb\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
mRun: [GWMDMpi] c:\winnt\GWMDMpi.exe
mRun: [UpdReg] c:\winnt\Updreg.exe
mRun: [AdaptecDirectCD] c:\program files\adaptec\easy cd creator 5\directcd\DirectCD.exe
mRun: [CapFax] c:\program files\phonetools\CapFax.EXE
mRun: [KAZAA] c:\program files\kazaa\kazaa.exe /SYSTRAY
mRun: [AceGain LiveUpdate] c:\program files\acegain\liveupdate\LiveUpdate.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [SM1BG] c:\winnt\SM1BG.EXE
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [PSPVideo9] c:\program files\pspvideo9\pspVideo9.exe -t
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [<NO NAME>]
mRun: [ATI DeviceDetect] c:\program files\ati multimedia\main\ATIDtct.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HostManager] c:\program files\common files\aol\1180989014\ee\AOLSoftware.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRunOnce: [SpybotDeletingA8557] command /c del "c:\winnt\system32\drivers\hjgruialmlxqtq.sys"
mRunOnce: [SpybotDeletingC3458] cmd /c del "c:\winnt\system32\drivers\hjgruialmlxqtq.sys"
mRunOnce: [SpybotDeletingA7956] command /c del "c:\winnt\system32\hjgruiapltqiah.dll"
mRunOnce: [SpybotDeletingC342] cmd /c del "c:\winnt\system32\hjgruiapltqiah.dll"
mRunOnce: [SpybotDeletingA6886] command /c del "c:\winnt\system32\hjgruiflqnawvc.dll"
mRunOnce: [SpybotDeletingC7694] cmd /c del "c:\winnt\system32\hjgruiflqnawvc.dll"
mRunOnce: [SpybotDeletingA9114] command /c del "c:\winnt\temp\hjgruitllweoufpe.tmp"
mRunOnce: [SpybotDeletingC9325] cmd /c del "c:\winnt\temp\hjgruitllweoufpe.tmp"
mRunOnce: [SpybotDeletingA5380] command /c del "c:\winnt\system32\hjgruinklqxwyo.dat"
mRunOnce: [SpybotDeletingC2776] cmd /c del "c:\winnt\system32\hjgruinklqxwyo.dat"
mRunOnce: [SpybotDeletingA749] command /c del "c:\winnt\system32\hjgruivjwmhcpn.dat"
mRunOnce: [SpybotDeletingC9255] cmd /c del "c:\winnt\system32\hjgruivjwmhcpn.dat"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\boincm~1.lnk - c:\program files\boinc\boincmgr.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\handspring\HOTSYNC.EXE
StartupFolder: c:\documents and settings\owner\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\documents and settings\owner\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\zoneal~1.lnk - c:\program files\zone labs\zonealarm\zonealarm.exe
IE: &Search - ?p=ZJxdm086YYUS
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\winnt\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: taxslayer.com\www
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {0000000A-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab
DPF: {00000075-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxmsdec.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - hxxp://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4129EA54-F04E-11D3-BF96-00C04F0E7BE2} - hxxp://www112.coolsavings.com/LTC/download/cscmv4X.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229602947828
DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} - hcp://system/RunExeActiveX.CAB
DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - hxxp://chat.yahoo.com/cab/yacsui.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - hxxp://toolbar.google.com/data/GoogleActivate.cab
DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} - hcp://system/StartFirstControl.CAB
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37425.2758333333
DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} - hxxp://cdn.digitalcity.com/_media/dalaillama/ampx.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4029.cab
DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} - hxxp://www.konicaminoltaonline.com/activex/PCAXSetup.cab?
DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: hgGyyxYo - hgGyyxYo.dll
AppInit_DLLs: avgrsstx.dll skofpi.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\ryzeoko5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.runescape.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npietab.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwinamp.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [2009-1-28 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\winnt\system32\drivers\avgmfx86.sys [2007-3-5 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [2009-1-28 108552]
R1 KLIF;KLIF;c:\winnt\system32\drivers\klif.sys [2008-4-23 127768]
R1 vsdatant;vsdatant;c:\winnt\system32\vsdatant.sys [2004-4-26 394952]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-24 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-6 298776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-7-5 24652]
R2 vsmon;TrueVector Internet Monitor;c:\winnt\system32\zonelabs\vsmon.exe -service --> c:\winnt\system32\zonelabs\vsmon.exe -service [?]
RUnknown kfcwp;kfcwp; [x]
S3 Gcr432;Gcr432;c:\winnt\system32\drivers\gcr432.sys [2001-10-4 53701]
S3 PacketNTx;Packet helper driver;c:\winnt\system32\drivers\PacketNTx.sys [2002-11-27 24544]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\atf\qctest\pcdoc\pcdrdrv.sys --> c:\atf\qctest\pcdoc\PCDRDRV.sys [?]
S3 VisorUsb;Handspring USB;c:\winnt\system32\drivers\visorusb.sys --> c:\winnt\system32\drivers\VisorUsb.sys [?]
=============== Created Last 30 ================
2009-07-14 15:20 410,984 a------- c:\winnt\system32\deploytk.dll
==================== Find3M ====================
2009-07-23 15:56 34 a------- c:\documents and settings\owner\jagex_runescape_preferences.dat
2009-07-18 08:45 335,752 a------- c:\winnt\system32\drivers\avgldx86.sys
2009-07-13 13:36 38,160 a------- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\winnt\system32\drivers\mbam.sys
2009-06-24 09:38 1,393,936,416 a--sh--- c:\winnt\system32\drivers\fidbox.dat
2009-06-24 09:38 16,314,380 a--sh--- c:\winnt\system32\drivers\fidbox.idx
2009-06-24 09:33 11,952 a------- c:\winnt\system32\avgrsstx.dll
2008-05-20 15:25 0 a------- c:\program files\temp01
2007-11-23 13:26 22,328 a------- c:\docume~1\owner\applic~1\PnkBstrK.sys
2007-02-21 21:55 105,904 a------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2003-08-27 15:19 36,963 a----r-- c:\program files\common files\SM1updtr.dll
2001-10-04 15:18 53,701 a------- c:\winnt\inf\gemplus\gcr432.sys
2000-10-19 11:07 28,800 a------- c:\winnt\inf\gemplus\GCR412.sys
============= FINISH: 13:06:19.29 ===============
Bio-Hazard
2009-07-27, 21:38
Download and Run ComboFix
ComboFix SHOULD NOT be used unless requested by a forum helper.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. A guide to do this can be found HERE (http://www.bleepingcomputer.com/forums/topic114351.html)
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif
http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif
Double click on Combo-Fix.exe and follow the prompts.
When finished, it will produce a report for you (C:\ComboFix.txt )
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
IMPORTANT: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.This tool is not a toy and not for everyday use.
Next Reply
Please reply with:
ComboFix log (found at C:\Combofix.txt)
New HijackThis log
fdpatches
2009-07-27, 21:53
OK,
this may sound dumb, but I cannot figure out how to disable the AVG 8.5??
fdpatches
2009-07-27, 22:51
Ok so far so good, It had to install windows restore said it wasn't found.
Also I noticed that my firewall and some other things in the taskbar aren't there??
ComboFix 09-07-26.03 - Owner 07/27/2009 15:17.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.656 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-3723271197-2911765694-2800509490-1003
c:\winnt\COUPON~1.OCX
c:\winnt\CouponPrinter.ocx
c:\winnt\Downloaded Program Files\popcaploader.inf
c:\winnt\Readme.txt
c:\winnt\system32\Ati2evxx.dll
c:\winnt\system32\BSTIEPrintCtl1.dll
c:\winnt\system32\drivers\hjgruialmlxqtq.sys
c:\winnt\system32\FTPx.dll
c:\winnt\system32\hjgruiapltqiah.dll
c:\winnt\system32\hjgruiflqnawvc.dll
c:\winnt\system32\hjgruinklqxwyo.dat
c:\winnt\system32\hjgruivjwmhcpn.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_hjgruilmeylkil
((((((((((((((((((((((((( Files Created from 2009-06-27 to 2009-07-27 )))))))))))))))))))))))))))))))
.
2009-07-27 12:45 . 2009-07-27 12:45 -------- d-----w- c:\program files\ERUNT
2009-07-14 19:20 . 2009-07-14 19:20 410984 ----a-w- c:\winnt\system32\deploytk.dll
2009-07-14 19:19 . 2009-07-14 19:19 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-27 19:43 . 2005-12-15 13:21 -------- d-----w- c:\program files\BOINC
2009-07-27 19:34 . 2008-04-23 17:06 16314380 --sha-w- c:\winnt\system32\drivers\fidbox.idx
2009-07-27 19:34 . 2008-04-23 17:06 1393936416 --sha-w- c:\winnt\system32\drivers\fidbox.dat
2009-07-23 19:56 . 2008-07-01 12:32 34 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat
2009-07-22 15:33 . 2004-12-24 02:47 -------- d-----w- c:\documents and settings\Owner\Application Data\WeatherBug
2009-07-18 12:45 . 2009-01-28 21:14 335752 ----a-w- c:\winnt\system32\drivers\avgldx86.sys
2009-07-15 17:39 . 2004-04-03 22:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-14 19:20 . 2005-01-30 19:17 -------- d-----w- c:\program files\Java
2009-07-14 17:18 . 2002-03-28 18:39 -------- d-----w- c:\program files\Return to Castle Wolfenstein
2009-07-14 17:17 . 2004-11-11 13:16 -------- d-----w- c:\program files\AvantGo
2009-07-14 17:17 . 2002-03-15 00:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-14 17:15 . 2002-11-22 19:29 -------- d-----w- c:\program files\EA GAMES
2009-07-14 17:14 . 2006-07-20 20:08 -------- d-----w- c:\program files\America's Army
2009-07-14 17:14 . 2006-07-20 20:10 -------- d-----w- c:\program files\America's Army Server Manager
2009-07-14 17:09 . 2002-05-25 18:21 -------- d-----w- c:\program files\Nancy Drew
2009-07-14 13:41 . 2009-01-29 22:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-14 13:40 . 2009-03-23 18:45 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-13 17:36 . 2009-01-29 22:19 38160 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2009-01-29 22:19 19096 ----a-w- c:\winnt\system32\drivers\mbam.sys
2009-06-24 13:33 . 2009-01-28 21:14 11952 ----a-w- c:\winnt\system32\avgrsstx.dll
2009-06-24 13:33 . 2007-03-06 00:13 27784 ----a-w- c:\winnt\system32\drivers\avgmfx86.sys
2009-06-23 23:18 . 2002-03-20 19:47 -------- d-----w- c:\program files\Hasbro Interactive
2009-06-23 20:54 . 2009-06-23 14:49 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2009-06-18 12:26 . 2009-06-18 12:26 29696 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{312255E7-E2C2-4F3E-BBCB-02C5B8696CCB}\IconF0CEFCC9.exe
2009-06-18 12:21 . 2009-05-21 17:21 -------- d-----w- c:\program files\Verizon
2009-05-08 12:42 . 2009-01-28 21:14 108552 ----a-w- c:\winnt\system32\drivers\avgtdix.sys
2008-05-20 19:25 . 2008-05-20 19:25 0 ----a-w- c:\program files\temp01
2003-08-27 19:19 . 2003-10-30 11:31 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2009-07-18 13:01 . 2009-02-03 21:13 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2004-09-09 1597440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-04-16 196608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-30 39408]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-11-12 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-11 339968]
"GWMDMpi"="c:\winnt\GWMDMpi.exe" [2001-11-27 40960]
"UpdReg"="c:\winnt\Updreg.exe" [1999-11-12 86016]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-04 684032]
"CapFax"="c:\program files\PhoneTools\CapFax.EXE" [2001-11-07 20480]
"KAZAA"="c:\program files\Kazaa\kazaa.exe" [2003-05-27 2234368]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 99480]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"SM1BG"="c:\winnt\SM1BG.EXE" [2003-08-27 94208]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-06 50688]
"PSPVideo9"="c:\program files\pspvideo9\pspVideo9.exe" [2005-05-25 643072]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-21 180269]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-16 69705]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"HostManager"="c:\program files\Common Files\AOL\1180989014\ee\AOLSoftware.exe" [2006-09-26 50736]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-14 919016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-14 148888]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" - c:\winnt\system32\SK9910DM.EXE [2001-01-03 66048]
"GWMDMMSG"="GWMDMMSG.exe" - c:\winnt\GWMDMMSG.exe [2001-11-27 101615]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\winnt\system32\narrator.exe [2004-08-04 53760]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
BOINC Manager.lnk - c:\program files\BOINC\boincmgr.exe [2006-5-5 1966080]
HotSync Manager.lnk - c:\program files\Handspring\HOTSYNC.EXE [2003-3-17 299008]
PowerReg Scheduler V3.exe [2005-3-29 225280]
PowerReg Scheduler.exe [2008-7-18 256000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
ZoneAlarm.lnk - c:\program files\Zone Labs\ZoneAlarm\zonealarm.exe [2003-6-5 50664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-24 13:33 11952 ----a-w- c:\winnt\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\winnt\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1180989014\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Nexon\\KartRider\\NMService.exe"=
"c:\\WINNT\\system32\\PnkBstrA.exe"=
"c:\\WINNT\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [1/28/2009 5:14 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [1/28/2009 5:14 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/24/2009 9:33 AM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/6/2009 10:53 AM 298776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/5/2007 6:42 PM 24652]
S3 Gcr432;Gcr432;c:\winnt\system32\drivers\gcr432.sys [10/4/2001 3:18 PM 53701]
S3 PacketNTx;Packet helper driver;c:\winnt\system32\drivers\PacketNTx.sys [11/27/2002 12:30 PM 24544]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\atf\Qctest\PCDoc\PCDRDRV.sys --> c:\atf\Qctest\PCDoc\PCDRDRV.sys [?]
S3 VisorUsb;Handspring USB;c:\winnt\system32\DRIVERS\VisorUsb.sys --> c:\winnt\system32\DRIVERS\VisorUsb.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-07-24 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]
2005-04-13 c:\winnt\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-03-15 22:26]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-ATI Launchpad - (no file)
HKLM-Run-Keyboard Preload Check - c:\oemdrvrs\KEYB\Preload.exe
HKLM-Run-AceGain LiveUpdate - c:\program files\AceGain\LiveUpdate\LiveUpdate.exe
Notify-hgGyyxYo - hgGyyxYo.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.runevillage.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.gateway.net
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Search - ?p=ZJxdm086YYUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
Trusted Zone: taxslayer.com\www
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} - hxxp://cdn.digitalcity.com/_media/dalaillama/ampx.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ryzeoko5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.runescape.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npietab.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwinamp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
creating catchme.sys error: The process cannot access the file because it is being used by another process.
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PSSdk21]
"ImagePath"="\??\c:\winnt\System32\Drivers\HNPsSdk.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ó™őw$µ*]
"DisplayName"="\09"
"DeviceDesc"="\09"
"ProviderName"=""
"MFG"="?"
"ReinstallString"="2002, 6.13.10.6118"
"DeviceInstanceIds"=multi:"\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(536)
c:\winnt\System32\iac25_32.ax
- - - - - - - > 'explorer.exe'(4048)
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\winnt\System32\iac25_32.ax
.
------------------------ Other Running Processes ------------------------
.
c:\winnt\system32\ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\winnt\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\winnt\system32\PnkBstrA.exe
c:\winnt\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\winnt\wanmpsvc.exe
c:\winnt\system32\rundll32.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\winnt\system32\wscntfy.exe
c:\winnt\system32\ZoneLabs\vsmon.exe
c:\program files\BOINC\boinc.exe
c:\program files\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
.
**************************************************************************
.
Completion time: 2009-07-27 15:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-27 19:46
Pre-Run: 43,244,285,952 bytes free
Post-Run: 43,894,849,536 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
303 --- E O F --- 2009-02-09 14:06
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:50:50 PM, on 7/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\WINNT\SM1BG.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
C:\WINNT\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runevillage.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Search - ?p=ZJxdm086YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229602947828
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4029.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.konicaminoltaonline.com/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINNT\system32\avgrsstx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINNT\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\SYSTEM32\GEARSEC.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
--
End of file - 12561 bytes
fdpatches
2009-07-28, 15:22
Hello,
I just wanted to let you know that I forgot that AVG does the scan overnight, it quarantined 7 virus. I hope this doesn't mess up anything.
Sorry,
Tom
Bio-Hazard
2009-07-29, 01:00
Remove programs
Click Start
Go to Control Panel
Go to Add/Remove Programs
Find and click Remove for the following (if present):
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Spybot - Search & Destroy
Spybot - Search & Destroy 1.3
Kazaa Media Desktop 2.1.1
KazStamp
NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.
Run CFScript
Close any open browsers.
Open Notepad by click start
Click Run
Type notepad into the box and click enter
Notepad will open
Copy and Paste everything from the Code box into Notepad:
File::
c:\winnt\Tasks\Symantec NetDetect.job
c:\documents and settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
c:\documents and settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe
Folder::
c:\program files\Symantec
c:\program files\Kazaa
c:\documents and settings\Owner\Application Data\LimeWire
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KAZAA"=-
RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ó™őw$µ*]
DDS::
mSearch Bar =
IE: &Search - ?p=ZJxdm086YYUS
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
Save this as CFScript.txt, in the same location as ComboFix.exe (on your desktop)
http://i219.photobucket.com/albums/cc99/BioHazard_030/CFScriptExample.jpg
Refering to the picture below, drag CFScript into ComboFix.exe
http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
When finished, it shall produce a log for you at C:\ComboFix.txt
NOTE: Do not mouseclick combofix's window whilst it's running. That may cause it to stall it.
Next Reply
Please reply with:
ComboFix log (found at C:\Combofix.txt)
New HijackThis log
fdpatches
2009-07-29, 04:34
Hello,
I am unable to uninstall kazaa using the remove program, is there another way to get rid of it?
Thanks,
Tom
fdpatches
2009-07-29, 16:11
Hello,
Some of the programs said to restart to finish the uninstall, should I reboot before I run combofix? Also I still cannot delete Kazaa do you still want me to run combofix?
Thanks,
Tom
Bio-Hazard
2009-07-30, 02:20
Hello!
Forget the Kazaa for now and run Combofix.
fdpatches
2009-07-30, 20:15
So far so good...
ComboFix 09-07-29.04 - Owner 07/30/2009 12:42.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.387 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
FILE ::
"c:\documents and settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe"
"c:\documents and settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe"
"c:\winnt\Tasks\Symantec NetDetect.job"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Owner\LOCALS~1\Temp\catchme.dll
c:\documents and settings\Owner\Application Data\LimeWire
c:\documents and settings\Owner\Local Settings\temp\catchme.dll
c:\documents and settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
c:\documents and settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe
c:\program files\Kazaa
c:\program files\Kazaa\bdcore.dll
c:\program files\Kazaa\bdcore.dll.updpnd
c:\program files\Kazaa\bdupd.dll
c:\program files\Kazaa\bdupd.dll.updpnd
c:\program files\Kazaa\broadband.gif
c:\program files\Kazaa\Db\bb.db
c:\program files\Kazaa\Db\data1024.dbb
c:\program files\Kazaa\Db\data256.dbb
c:\program files\Kazaa\Db\gr_Owner.current
c:\program files\Kazaa\Db\gr_Owner.previous
c:\program files\Kazaa\Db\np.tmp
c:\program files\Kazaa\Help\arrow.gif
c:\program files\Kazaa\Help\arrow_sml.gif
c:\program files\Kazaa\Help\background.gif
c:\program files\Kazaa\Help\h_mykazaa.gif
c:\program files\Kazaa\Help\h_myMedia.gif
c:\program files\Kazaa\Help\h_myplaylists.gif
c:\program files\Kazaa\Help\mykazaa.css
c:\program files\Kazaa\Help\mykazaa.htm
c:\program files\Kazaa\Help\mymedia.htm
c:\program files\Kazaa\Help\myplaylists.htm
c:\program files\Kazaa\Help\spacer.gif
c:\program files\Kazaa\Help\Thumbs.db
c:\program files\Kazaa\kazaa.exe
c:\program files\Kazaa\Kazaa.url
c:\program files\Kazaa\kzscan.dll
c:\program files\Kazaa\libfn.dll
c:\program files\Kazaa\linksfolder.ico
c:\program files\Kazaa\My Shared Folder\(NEW) Torrie Wilson Playboy pics 12.jpeg
c:\program files\Kazaa\My Shared Folder\(NEW) Torrie Wilson Playboy pics 13.jpeg
c:\program files\Kazaa\My Shared Folder\007.jpg
c:\program files\Kazaa\My Shared Folder\008 (2).jpg
c:\program files\Kazaa\My Shared Folder\anim\cuts.dir
c:\program files\Kazaa\My Shared Folder\anim\gta3.ini
c:\program files\Kazaa\My Shared Folder\anim\ped.ifp
c:\program files\Kazaa\My Shared Folder\audio\BET.mp3
c:\program files\Kazaa\My Shared Folder\audio\c1_tex.mp3
c:\program files\Kazaa\My Shared Folder\audio\cat1.wav
c:\program files\Kazaa\My Shared Folder\audio\CHAT.wav
c:\program files\Kazaa\My Shared Folder\audio\City.wav
c:\program files\Kazaa\My Shared Folder\audio\CLASS.wav
c:\program files\Kazaa\My Shared Folder\audio\copybyte.exe
c:\program files\Kazaa\My Shared Folder\audio\d1_stog.mp3
c:\program files\Kazaa\My Shared Folder\audio\d2_kk.mp3
c:\program files\Kazaa\My Shared Folder\audio\d3_ado.mp3
c:\program files\Kazaa\My Shared Folder\audio\d4_gta.mp3
c:\program files\Kazaa\My Shared Folder\audio\d4_gta2.mp3
c:\program files\Kazaa\My Shared Folder\audio\d5_es.mp3
c:\program files\Kazaa\My Shared Folder\audio\d6_sts.mp3
c:\program files\Kazaa\My Shared Folder\audio\d7_mld.mp3
c:\program files\Kazaa\My Shared Folder\audio\door_3.wav
c:\program files\Kazaa\My Shared Folder\audio\door_4.wav
c:\program files\Kazaa\My Shared Folder\audio\door_5.wav
c:\program files\Kazaa\My Shared Folder\audio\door_6.wav
c:\program files\Kazaa\My Shared Folder\audio\el_ph1.mp3
c:\program files\Kazaa\My Shared Folder\audio\el_ph2.mp3
c:\program files\Kazaa\My Shared Folder\audio\el_ph3.mp3
c:\program files\Kazaa\My Shared Folder\audio\el_ph4.mp3
c:\program files\Kazaa\My Shared Folder\audio\END.mp3
c:\program files\Kazaa\My Shared Folder\audio\FLASH.wav
c:\program files\Kazaa\My Shared Folder\audio\GAME.wav
c:\program files\Kazaa\My Shared Folder\audio\hd_ph1.mp3
c:\program files\Kazaa\My Shared Folder\audio\hd_ph2.mp3
c:\program files\Kazaa\My Shared Folder\audio\hd_ph3.mp3
c:\program files\Kazaa\My Shared Folder\audio\hd_ph4.mp3
c:\program files\Kazaa\My Shared Folder\audio\hd_ph5.mp3
c:\program files\Kazaa\My Shared Folder\audio\HEAD.wav
c:\program files\Kazaa\My Shared Folder\audio\j0_dm2.mp3
c:\program files\Kazaa\My Shared Folder\audio\j1_lfl.mp3
c:\program files\Kazaa\My Shared Folder\audio\j2_kcl.mp3
c:\program files\Kazaa\My Shared Folder\audio\j3_vh.mp3
c:\program files\Kazaa\My Shared Folder\audio\j4_eth.mp3
c:\program files\Kazaa\My Shared Folder\audio\j5_dst.mp3
c:\program files\Kazaa\My Shared Folder\audio\j6_tbj.mp3
c:\program files\Kazaa\My Shared Folder\audio\JB.mp3
c:\program files\Kazaa\My Shared Folder\audio\k1_kbo.mp3
c:\program files\Kazaa\My Shared Folder\audio\k2_gis.mp3
c:\program files\Kazaa\My Shared Folder\audio\k3_ds.mp3
c:\program files\Kazaa\My Shared Folder\audio\k4_shi.mp3
c:\program files\Kazaa\My Shared Folder\audio\k4_shi2.mp3
c:\program files\Kazaa\My Shared Folder\audio\k5_sd.mp3
c:\program files\Kazaa\My Shared Folder\audio\KJAH.wav
c:\program files\Kazaa\My Shared Folder\audio\l1_lg.mp3
c:\program files\Kazaa\My Shared Folder\audio\l2_dsb.mp3
c:\program files\Kazaa\My Shared Folder\audio\l3_dm.mp3
c:\program files\Kazaa\My Shared Folder\audio\l4_pap.mp3
c:\program files\Kazaa\My Shared Folder\audio\l5_tfb.mp3
c:\program files\Kazaa\My Shared Folder\audio\LIPS.wav
c:\program files\Kazaa\My Shared Folder\audio\mf4_a.wav
c:\program files\Kazaa\My Shared Folder\audio\mf4_b.wav
c:\program files\Kazaa\My Shared Folder\audio\mf4_c.wav
c:\program files\Kazaa\My Shared Folder\audio\MSX.wav
c:\program files\Kazaa\My Shared Folder\audio\mt_ph1.mp3
c:\program files\Kazaa\My Shared Folder\audio\mt_ph2.mp3
c:\program files\Kazaa\My Shared Folder\audio\mt_ph3.mp3
c:\program files\Kazaa\My Shared Folder\audio\mt_ph4.mp3
c:\program files\Kazaa\My Shared Folder\audio\police.wav
c:\program files\Kazaa\My Shared Folder\audio\r0_pdr2.mp3
c:\program files\Kazaa\My Shared Folder\audio\r1_sw.mp3
c:\program files\Kazaa\My Shared Folder\audio\r2_ap.mp3
c:\program files\Kazaa\My Shared Folder\audio\r3_ed.mp3
c:\program files\Kazaa\My Shared Folder\audio\r4_gf.mp3
c:\program files\Kazaa\My Shared Folder\audio\r5_pb.mp3
c:\program files\Kazaa\My Shared Folder\audio\r6_mm.mp3
c:\program files\Kazaa\My Shared Folder\audio\RISE.wav
c:\program files\Kazaa\My Shared Folder\audio\s0_mas.mp3
c:\program files\Kazaa\My Shared Folder\audio\s1_pf.mp3
c:\program files\Kazaa\My Shared Folder\audio\s2_ctg.mp3
c:\program files\Kazaa\My Shared Folder\audio\s2_ctg2.mp3
c:\program files\Kazaa\My Shared Folder\audio\s3_rtc.mp3
c:\program files\Kazaa\My Shared Folder\audio\s4_bdba.mp3
c:\program files\Kazaa\My Shared Folder\audio\s4_bdbb.mp3
c:\program files\Kazaa\My Shared Folder\audio\s4_bdbd.mp3
c:\program files\Kazaa\My Shared Folder\audio\s5_lrq.mp3
c:\program files\Kazaa\My Shared Folder\audio\s5_lrqb.mp3
c:\program files\Kazaa\My Shared Folder\audio\s5_lrqc.mp3
c:\program files\Kazaa\My Shared Folder\audio\sfx.SDT
c:\program files\Kazaa\My Shared Folder\audio\t1_tol.mp3
c:\program files\Kazaa\My Shared Folder\audio\t2_tpu.mp3
c:\program files\Kazaa\My Shared Folder\audio\t3_mas.mp3
c:\program files\Kazaa\My Shared Folder\audio\t4_tat.mp3
c:\program files\Kazaa\My Shared Folder\audio\t5_bf.mp3
c:\program files\Kazaa\My Shared Folder\audio\Water.wav
c:\program files\Kazaa\My Shared Folder\audio\yd_ph1.mp3
c:\program files\Kazaa\My Shared Folder\audio\yd_ph2.mp3
c:\program files\Kazaa\My Shared Folder\audio\yd_ph3.mp3
c:\program files\Kazaa\My Shared Folder\audio\yd_ph4.mp3
c:\program files\Kazaa\My Shared Folder\Battlegrounds.exe
c:\program files\Kazaa\My Shared Folder\bkrnd12.jpg
c:\program files\Kazaa\My Shared Folder\Bleem 1.5 full.exe
c:\program files\Kazaa\My Shared Folder\Bleem! (1.5b)&CdKey.exe
c:\program files\Kazaa\My Shared Folder\Britney_Spears_Crossroads02 (1).jpg
c:\program files\Kazaa\My Shared Folder\C&C Generals - NO CD KEY - PLUS REG KEY.exe
c:\program files\Kazaa\My Shared Folder\CONNECTIX VGS.EXE
c:\program files\Kazaa\My Shared Folder\data\animviewer.dat
c:\program files\Kazaa\My Shared Folder\data\carcols.dat
c:\program files\Kazaa\My Shared Folder\data\CULLZONE.DAT
c:\program files\Kazaa\My Shared Folder\data\default.dat
c:\program files\Kazaa\My Shared Folder\data\default.ide
c:\program files\Kazaa\My Shared Folder\data\fistfite.dat
c:\program files\Kazaa\My Shared Folder\data\gta3.dat
c:\program files\Kazaa\My Shared Folder\data\gta3.zon
c:\program files\Kazaa\My Shared Folder\data\handling.cfg
c:\program files\Kazaa\My Shared Folder\data\main.scm
c:\program files\Kazaa\My Shared Folder\data\map.zon
c:\program files\Kazaa\My Shared Folder\data\maps\comNbtm.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\comnbtm\comNbtm.col
c:\program files\Kazaa\My Shared Folder\data\maps\comnbtm\comnbtm.ide
c:\program files\Kazaa\My Shared Folder\data\maps\comnbtm\comNbtm.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\comNtop.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\comntop\comNtop.col
c:\program files\Kazaa\My Shared Folder\data\maps\comntop\comntop.ide
c:\program files\Kazaa\My Shared Folder\data\maps\comntop\comNtop.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\comroad\comroad.col
c:\program files\Kazaa\My Shared Folder\data\maps\comroad\comroad.ide
c:\program files\Kazaa\My Shared Folder\data\maps\comroad\comroad.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\comSE.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\comse\comSE.col
c:\program files\Kazaa\My Shared Folder\data\maps\comse\comse.ide
c:\program files\Kazaa\My Shared Folder\data\maps\comse\comSE.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\comSW.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\comsw\comSW.col
c:\program files\Kazaa\My Shared Folder\data\maps\comsw\comsw.ide
c:\program files\Kazaa\My Shared Folder\data\maps\comsw\comSW.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\cull.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\generic.ide
c:\program files\Kazaa\My Shared Folder\data\maps\gta3.IDE
c:\program files\Kazaa\My Shared Folder\data\maps\indroads\indroads.col
c:\program files\Kazaa\My Shared Folder\data\maps\indroads\indroads.ide
c:\program files\Kazaa\My Shared Folder\data\maps\indroads\indroads.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\industNE.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\industne\industNE.col
c:\program files\Kazaa\My Shared Folder\data\maps\industne\industne.ide
c:\program files\Kazaa\My Shared Folder\data\maps\industne\industNE.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\industNW.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\industnw\industNW.col
c:\program files\Kazaa\My Shared Folder\data\maps\industnw\industnw.ide
c:\program files\Kazaa\My Shared Folder\data\maps\industnw\industNW.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\industSE.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\industse\industSE.col
c:\program files\Kazaa\My Shared Folder\data\maps\industse\industse.ide
c:\program files\Kazaa\My Shared Folder\data\maps\industse\industSE.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\industSW.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\industsw\industSW.col
c:\program files\Kazaa\My Shared Folder\data\maps\industsw\industsw.ide
c:\program files\Kazaa\My Shared Folder\data\maps\industsw\industSW.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\landne\landne.col
c:\program files\Kazaa\My Shared Folder\data\maps\landne\landne.ide
c:\program files\Kazaa\My Shared Folder\data\maps\landne\landne.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\landsw\landsw.col
c:\program files\Kazaa\My Shared Folder\data\maps\landsw\landsw.ide
c:\program files\Kazaa\My Shared Folder\data\maps\landsw\landsw.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\making\making.col
c:\program files\Kazaa\My Shared Folder\data\maps\making\making.ide
c:\program files\Kazaa\My Shared Folder\data\maps\making\making.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\overview.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\props.IPL
c:\program files\Kazaa\My Shared Folder\data\maps\subroads\subroads.col
c:\program files\Kazaa\My Shared Folder\data\maps\subroads\subroads.ide
c:\program files\Kazaa\My Shared Folder\data\maps\subroads\subroads.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\suburbne.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\suburbsw.ipl
c:\program files\Kazaa\My Shared Folder\data\maps\temppart\temppart.col
c:\program files\Kazaa\My Shared Folder\data\maps\temppart\temppart.ide
c:\program files\Kazaa\My Shared Folder\data\maps\temppart\temppart.ipl
c:\program files\Kazaa\My Shared Folder\data\object.dat
c:\program files\Kazaa\My Shared Folder\data\particle.cfg
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE0.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE1.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE10.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE11.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE14.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE16.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE18.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE19.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE2.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE3.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE4.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE5.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE6.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\CHASE7.DAT
c:\program files\Kazaa\My Shared Folder\data\paths\flight.dat
c:\program files\Kazaa\My Shared Folder\data\paths\flight2.dat
c:\program files\Kazaa\My Shared Folder\data\paths\flight3.dat
c:\program files\Kazaa\My Shared Folder\data\paths\flight4.dat
c:\program files\Kazaa\My Shared Folder\data\paths\tracks.dat
c:\program files\Kazaa\My Shared Folder\data\paths\tracks2.dat
c:\program files\Kazaa\My Shared Folder\data\ped.dat
c:\program files\Kazaa\My Shared Folder\data\pedgrp.dat
c:\program files\Kazaa\My Shared Folder\data\pedstats.dat
c:\program files\Kazaa\My Shared Folder\data\surface.dat
c:\program files\Kazaa\My Shared Folder\data\timecyc.dat
c:\program files\Kazaa\My Shared Folder\data\train.dat
c:\program files\Kazaa\My Shared Folder\data\train2.dat
c:\program files\Kazaa\My Shared Folder\data\water.dat
c:\program files\Kazaa\My Shared Folder\data\waterpro.dat
c:\program files\Kazaa\My Shared Folder\data\weapon.dat
c:\program files\Kazaa\My Shared Folder\deviance.nfo
c:\program files\Kazaa\My Shared Folder\Dixie Chicks - Goodbye Earl.mp3
c:\program files\Kazaa\My Shared Folder\download1043422381155035359.dat
c:\program files\Kazaa\My Shared Folder\download104541047084502765.dat
c:\program files\Kazaa\My Shared Folder\download104542138095413109.dat
c:\program files\Kazaa\My Shared Folder\download1045499121173154187.dat
c:\program files\Kazaa\My Shared Folder\download1049463382430273359.dat
c:\program files\Kazaa\My Shared Folder\download1051647867112095312.dat
c:\program files\Kazaa\My Shared Folder\download1056130511589734.dat
c:\program files\Kazaa\My Shared Folder\download1056130561640046.dat
c:\program files\Kazaa\My Shared Folder\download10561312811360093.dat
c:\program files\Kazaa\My Shared Folder\DVD Copy Plus 4.0 - Includes Crack for 4.0.exe
c:\program files\Kazaa\My Shared Folder\DVD X Copy Crack.exe
c:\program files\Kazaa\My Shared Folder\DVDCopyPlus Crack (2).zip
c:\program files\Kazaa\My Shared Folder\DVDXCopy v1.0.625.exe
c:\program files\Kazaa\My Shared Folder\dvdxcopy_v10_b625.exe
c:\program files\Kazaa\My Shared Folder\Electronica - Emerging Artists.kpl
c:\program files\Kazaa\My Shared Folder\FIXED_Pokemon Ruby (1).exe
c:\program files\Kazaa\My Shared Folder\Funk - Emerging Artists.kpl
c:\program files\Kazaa\My Shared Folder\game.dat
c:\program files\Kazaa\My Shared Folder\gta3-therealdeal-nobullshittin_unpacked517MB.exe
c:\program files\Kazaa\My Shared Folder\gta3.exe
c:\program files\Kazaa\My Shared Folder\gta3.ini
c:\program files\Kazaa\My Shared Folder\gty.jpg
c:\program files\Kazaa\My Shared Folder\Hip-Hop - Emerging Artists.kpl
c:\program files\Kazaa\My Shared Folder\Icons\gta3.ico
c:\program files\Kazaa\My Shared Folder\Icons\gtaPcWaste.ico
c:\program files\Kazaa\My Shared Folder\Icons\rockstar.ico
c:\program files\Kazaa\My Shared Folder\img.uha
c:\program files\Kazaa\My Shared Folder\janine on black couch-red dildo in pussy.jpg
c:\program files\Kazaa\My Shared Folder\Jenna Jamison Nude #1 (1).jpg
c:\program files\Kazaa\My Shared Folder\Jenna Jameson - Blowjobs 16.jpg
c:\program files\Kazaa\My Shared Folder\Jenna Jameson Fucking on boat.jpg
c:\program files\Kazaa\My Shared Folder\kmd200_en.exe
c:\program files\Kazaa\My Shared Folder\kmd202_en.exe
c:\program files\Kazaa\My Shared Folder\kmd202gu_en.exe
c:\program files\Kazaa\My Shared Folder\kmd211_en.exe
c:\program files\Kazaa\My Shared Folder\maura_tierney-001-lagrange-5.jpg
c:\program files\Kazaa\My Shared Folder\midtown\Midtown Madness.exe
c:\program files\Kazaa\My Shared Folder\models\Coll\commer.col
c:\program files\Kazaa\My Shared Folder\models\Coll\generic.col
c:\program files\Kazaa\My Shared Folder\models\Coll\indust.col
c:\program files\Kazaa\My Shared Folder\models\Coll\peds.col
c:\program files\Kazaa\My Shared Folder\models\Coll\suburb.col
c:\program files\Kazaa\My Shared Folder\models\Coll\vehicles.col
c:\program files\Kazaa\My Shared Folder\models\Coll\weapons.col
c:\program files\Kazaa\My Shared Folder\models\Generic\air_vlo.DFF
c:\program files\Kazaa\My Shared Folder\models\Generic\arrow.DFF
c:\program files\Kazaa\My Shared Folder\models\Generic\loplyguy.dff
c:\program files\Kazaa\My Shared Folder\models\Generic\peds.dff
c:\program files\Kazaa\My Shared Folder\models\Generic\player.bmp
c:\program files\Kazaa\My Shared Folder\models\Generic\qsphere.DFF
c:\program files\Kazaa\My Shared Folder\models\Generic\sphere.DFF
c:\program files\Kazaa\My Shared Folder\models\Generic\weapons.dff
c:\program files\Kazaa\My Shared Folder\models\Generic\wheels.DFF
c:\program files\Kazaa\My Shared Folder\models\Generic\zonecyla.DFF
c:\program files\Kazaa\My Shared Folder\models\Generic\zonecylb.DFF
c:\program files\Kazaa\My Shared Folder\models\Generic\zonesphr.DFF
c:\program files\Kazaa\My Shared Folder\models\gta3.dir
c:\program files\Kazaa\My Shared Folder\movies\GTAtitles.mpg
c:\program files\Kazaa\My Shared Folder\movies\GTAtitlesGER.mpg
c:\program files\Kazaa\My Shared Folder\movies\Logo.mpg
c:\program files\Kazaa\My Shared Folder\movies\Thumbs.db
c:\program files\Kazaa\My Shared Folder\mss\Mp3dec.asi
c:\program files\Kazaa\My Shared Folder\mss\Mssa3d.m3d
c:\program files\Kazaa\My Shared Folder\mss\Mssa3d2.m3d
c:\program files\Kazaa\My Shared Folder\mss\Mssds3dh.m3d
c:\program files\Kazaa\My Shared Folder\mss\Mssds3ds.m3d
c:\program files\Kazaa\My Shared Folder\mss\Msseax.m3d
c:\program files\Kazaa\My Shared Folder\mss\msseax3.m3d
c:\program files\Kazaa\My Shared Folder\mss\Mssfast.m3d
c:\program files\Kazaa\My Shared Folder\mss\Mssrsx.m3d
c:\program files\Kazaa\My Shared Folder\mss\Reverb3.flt
c:\program files\Kazaa\My Shared Folder\Mss32.dll
c:\program files\Kazaa\My Shared Folder\myth.acm
c:\program files\Kazaa\My Shared Folder\myth.nfo
c:\program files\Kazaa\My Shared Folder\myth.pak
c:\program files\Kazaa\My Shared Folder\myth2.pak
c:\program files\Kazaa\My Shared Folder\mythXuha.exe
c:\program files\Kazaa\My Shared Folder\Norton AntiVirus 2002 serial.doc
c:\program files\Kazaa\My Shared Folder\Paint Shop Pro 7 Crack.exe
c:\program files\Kazaa\My Shared Folder\Paint Shop Pro 7.04 Crack.exe
c:\program files\Kazaa\My Shared Folder\paint shop pro 7.04 with crack.exe
c:\program files\Kazaa\My Shared Folder\PATCH 4 WinXP_US&FR\Q306676_WXP_SP1_x86_ENU.exe
c:\program files\Kazaa\My Shared Folder\PATCH 4 WinXP_US&FR\Q306676_WXP_SP1_x86_FRA.exe
c:\program files\Kazaa\My Shared Folder\Pokemon Sapphire (1) (1).exe
c:\program files\Kazaa\My Shared Folder\Pop Rock - Emerging Artists.kpl
c:\program files\Kazaa\My Shared Folder\PS2 Emulator.exe
c:\program files\Kazaa\My Shared Folder\R&B - Emerging Artists.kpl
c:\program files\Kazaa\My Shared Folder\ReadMe\ReadMe.txt
c:\program files\Kazaa\My Shared Folder\ReadMe\ReadMe_FRENCH.txt
c:\program files\Kazaa\My Shared Folder\ReadMe\ReadMe_GERMAN.txt
c:\program files\Kazaa\My Shared Folder\ReadMe\Readme_ITALIAN.txt
c:\program files\Kazaa\My Shared Folder\ReadMe\ReadMe_SPANISH.txt
c:\program files\Kazaa\My Shared Folder\setup.bat
c:\program files\Kazaa\My Shared Folder\Shania Twain Playboy Picture (1).jpg
c:\program files\Kazaa\My Shared Folder\shania_twain_(nipple_slip)(1).jpg
c:\program files\Kazaa\My Shared Folder\skins\playa2.bmp
c:\program files\Kazaa\My Shared Folder\skins\player.bmp
c:\program files\Kazaa\My Shared Folder\TEXT\american.gxt
c:\program files\Kazaa\My Shared Folder\TEXT\english.gxt
c:\program files\Kazaa\My Shared Folder\TEXT\french.gxt
c:\program files\Kazaa\My Shared Folder\TEXT\german.gxt
c:\program files\Kazaa\My Shared Folder\TEXT\italian.gxt
c:\program files\Kazaa\My Shared Folder\TEXT\spanish.gxt
c:\program files\Kazaa\My Shared Folder\TONKA Search & Rescue 2.lnk
c:\program files\Kazaa\My Shared Folder\Torrie Wilson 01.jpg
c:\program files\Kazaa\My Shared Folder\Torrie Wilson Playboy 05.jpg
c:\program files\Kazaa\My Shared Folder\Torrie Wilson Playboy Cover.jpg
c:\program files\Kazaa\My Shared Folder\Torrie Wilson Playboy Pic 1 -Madrox-.jpg
c:\program files\Kazaa\My Shared Folder\Torrie Wilson Playboy Pic 2 -Madrox-.jpg
c:\program files\Kazaa\My Shared Folder\Torrie Wilson Playboy Pic 3- Real Thing.jpg
c:\program files\Kazaa\My Shared Folder\Torrie Wilson Playboy Pic 3 -Madrox-.jpg
c:\program files\Kazaa\My Shared Folder\Torrie Wilson Playboy Pic 4 -Madrox-.jpg
c:\program files\Kazaa\My Shared Folder\Torrie Wilson playboy pic 6 (1) (1).jpg
c:\program files\Kazaa\My Shared Folder\Torrie Wilson playboy pic 6 (1).jpg
c:\program files\Kazaa\My Shared Folder\Torrie Wilson Playboy Picture (1).jpg
c:\program files\Kazaa\My Shared Folder\Torrie Wilson Playboy Picture.jpg
c:\program files\Kazaa\My Shared Folder\Torrie_Wilson_PB_Squidscans2.jpg
c:\program files\Kazaa\My Shared Folder\tracy_dali_856758.jpg
c:\program files\Kazaa\My Shared Folder\txd.uha
c:\program files\Kazaa\My Shared Folder\WCW Stacy Keibler wet top 2 (1) (1) (1).jpg
c:\program files\Kazaa\My Shared Folder\Website\website.url
c:\program files\Kazaa\My Shared Folder\WWF-WWE.Torrie Wilson 0011 (1).jpg
c:\program files\Kazaa\plugins.htm
c:\program files\Kazaa\plugins\ace.xmd
c:\program files\Kazaa\plugins\arc.xmd
c:\program files\Kazaa\plugins\arj.xmd
c:\program files\Kazaa\plugins\bach.xmd
c:\program files\Kazaa\plugins\bzip2.xmd
c:\program files\Kazaa\plugins\cab.xmd
c:\program files\Kazaa\plugins\cevakrnl.cvd
c:\program files\Kazaa\plugins\cevakrnl.ivd
c:\program files\Kazaa\plugins\cevakrnl.rvd
c:\program files\Kazaa\plugins\cevakrnl.xmd
c:\program files\Kazaa\plugins\chm.xmd
c:\program files\Kazaa\plugins\cpio.xmd
c:\program files\Kazaa\plugins\dbx.xmd
c:\program files\Kazaa\plugins\docfile.xmd
c:\program files\Kazaa\plugins\emalware.cvd
c:\program files\Kazaa\plugins\emalware.ivd
c:\program files\Kazaa\plugins\emalware.xmd
c:\program files\Kazaa\plugins\gzip.xmd
c:\program files\Kazaa\plugins\ha.xmd
c:\program files\Kazaa\plugins\hlp.xmd
c:\program files\Kazaa\plugins\hpe.cvd
c:\program files\Kazaa\plugins\hpe.xmd
c:\program files\Kazaa\plugins\hqx.xmd
c:\program files\Kazaa\plugins\imp.xmd
c:\program files\Kazaa\plugins\inno.xmd
c:\program files\Kazaa\plugins\instyler.xmd
c:\program files\Kazaa\plugins\iso.xmd
c:\program files\Kazaa\plugins\java.xmd
c:\program files\Kazaa\plugins\lha.xmd
c:\program files\Kazaa\plugins\lnk.xmd
c:\program files\Kazaa\plugins\mbox.xmd
c:\program files\Kazaa\plugins\mbx.xmd
c:\program files\Kazaa\plugins\mdx.xmd
c:\program files\Kazaa\plugins\mdx_97.cvd
c:\program files\Kazaa\plugins\mdx_97.ivd
c:\program files\Kazaa\plugins\mdx_w95.cvd
c:\program files\Kazaa\plugins\mdx_x95.cvd
c:\program files\Kazaa\plugins\mdx_xf.cvd
c:\program files\Kazaa\plugins\mime.xmd
c:\program files\Kazaa\plugins\mso.xmd
c:\program files\Kazaa\plugins\nelf.cvd
c:\program files\Kazaa\plugins\nelf.xmd
c:\program files\Kazaa\plugins\objd.xmd
c:\program files\Kazaa\plugins\pdf.xmd
c:\program files\Kazaa\plugins\pst.xmd
c:\program files\Kazaa\plugins\rar.xmd
c:\program files\Kazaa\plugins\rpm.xmd
c:\program files\Kazaa\plugins\rtf.xmd
c:\program files\Kazaa\plugins\rup.cvd
c:\program files\Kazaa\plugins\rup.xmd
c:\program files\Kazaa\plugins\sdx.cvd
c:\program files\Kazaa\plugins\sdx.ivd
c:\program files\Kazaa\plugins\sdx.xmd
c:\program files\Kazaa\plugins\sfx.xmd
c:\program files\Kazaa\plugins\swf.xmd
c:\program files\Kazaa\plugins\tar.xmd
c:\program files\Kazaa\plugins\td0.xmd
c:\program files\Kazaa\plugins\thebat.xmd
c:\program files\Kazaa\plugins\tnef.xmd
c:\program files\Kazaa\plugins\unpack.cvd
c:\program files\Kazaa\plugins\unpack.xmd
c:\program files\Kazaa\plugins\uudecode.xmd
c:\program files\Kazaa\plugins\ve.cvd
c:\program files\Kazaa\plugins\ve.ivd
c:\program files\Kazaa\plugins\ve.xmd
c:\program files\Kazaa\plugins\vedata.cvd
c:\program files\Kazaa\plugins\viza.xmd
c:\program files\Kazaa\plugins\xishield.xmd
c:\program files\Kazaa\plugins\z.xmd
c:\program files\Kazaa\plugins\zip.xmd
c:\program files\Kazaa\plugins\zoo.xmd
c:\program files\Kazaa\Promotions\Earn Money.url
c:\program files\Kazaa\Promotions\Get Access with Tiscali.url
c:\program files\Kazaa\Promotions\Love and Dating.url
c:\program files\Kazaa\Promotions\Netflix.url
c:\program files\Kazaa\Promotions\readme.lnk
c:\program files\Kazaa\Search\kazaa.css
c:\program files\Kazaa\Search\KazaaAd.htm
c:\program files\Kazaa\Search\spacer.gif
c:\program files\Kazaa\Search\WebSearch.htm
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_mykazaa.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_mykazaa_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_mykazaa_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_mykazaa_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_search.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_search_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_search_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_search_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_shop.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_shop_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_shop_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_shop_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_start.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_start_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_start_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_start_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_tell.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_tell_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_tell_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_tell_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_theatre.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_theatre_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_theatre_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_theatre_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_traffic.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_traffic_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_traffic_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mainbar_traffic_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_addtoplay.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_addtoplay_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_addtoplay_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_addtoplay_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_next.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_next_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_next_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_next_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_pause.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_pause_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_pause_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_pause_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_play.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_play_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_play_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_play_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_prev.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_prev_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_prev_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_prev_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_slider.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_sliderThumb.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_sliderThumb_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_stop.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_stop_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_stop_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_stop_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_volume.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_volume_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_volume_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mediabar_volume_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_delete.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_delete_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_delete_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_delete_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_folders.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_folders_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_folders_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_folders_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_importfold.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_importfold_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_importfold_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_importfold_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_moreinfo.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_moreinfo_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_moreinfo_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_moreinfo_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_share.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_share_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_share_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_share_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_download.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_download_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_download_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_download_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_messageuser.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_messageuser_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_messageuser_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_messageuser_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_newsearch.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_newsearch_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_newsearch_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_newsearch_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_searchuser.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_searchuser_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_searchuser_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_searchuser_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_showsearch.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_showsearch_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_showsearch_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\searchbar_showsearch_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\skin.xml
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_back.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_back_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_back_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_back_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_fwd.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_fwd_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_fwd_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_fwd_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_home.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_home_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_home_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_home_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_refresh.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_refresh_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_refresh_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_refresh_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_stop.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_stop_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_stop_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\startbar_stop_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\theatrebar_fullscreen.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\theatrebar_fullscreen_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\theatrebar_fullscreen_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\theatrebar_fullscreen_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\trafficbar_cancel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\trafficbar_cancel_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\trafficbar_cancel_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\trafficbar_cancel_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\trafficbar_pause.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\trafficbar_pause_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\trafficbar_pause_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\trafficbar_pause_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\trafficbar_resume.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\trafficbar_resume_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\trafficbar_resume_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\trafficbar_resume_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\window_btm.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\window_btmLeft.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\window_btmright.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\window_left.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\window_right.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\window_top.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\window_topleft.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\window_topright.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_close.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_close_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_close_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_close_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_maximise.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_maximise_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_maximise_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_maximise_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_minimise.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_minimise_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_minimise_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_minimise_sel.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_restore.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_restore_dis.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_restore_over.bmp
c:\program files\Kazaa\Skins\Ceramic Biscuit\windowbar_restore_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_mykazaa.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_mykazaa_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_mykazaa_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_mykazaa_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_search.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_search_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_search_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_search_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_shop.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_shop_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_shop_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_shop_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_start.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_start_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_start_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_start_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_tell.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_tell_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_tell_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_tell_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_theatre.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_theatre_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_theatre_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_theatre_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_traffic.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_traffic_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_traffic_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_traffic_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_addtoplay.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_addtoplay_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_addtoplay_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_addtoplay_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_next.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_next_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_next_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_next_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_pause.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_pause_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_pause_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_pause_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_play.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_play_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_play_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_play_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_prev.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_prev_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_prev_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_prev_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_slider.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_sliderThumb.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_sliderThumb_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_stop.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_stop_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_stop_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_stop_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_volume.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_volume_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_volume_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_volume_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_delete.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_delete_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_delete_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_delete_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_folders.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_folders_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_folders_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_folders_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_importfold.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_importfold_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_importfold_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_importfold_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_moreinfo.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_moreinfo_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_moreinfo_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_moreinfo_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_share.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_share_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_share_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_share_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_download.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_download_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_download_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_download_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_messageuser.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_messageuser_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_messageuser_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_messageuser_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_newsearch.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_newsearch_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_newsearch_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_newsearch_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_searchuser.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_searchuser_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_searchuser_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_searchuser_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_showsearch.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_showsearch_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_showsearch_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_showsearch_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\skin.xml
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_back.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_back_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_back_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_back_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_fwd.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_fwd_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_fwd_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_fwd_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_home.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_home_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_home_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_home_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_refresh.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_refresh_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_refresh_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_refresh_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_stop.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_stop_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_stop_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_stop_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\theatrebar_fullscreen.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\theatrebar_fullscreen_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\theatrebar_fullscreen_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\theatrebar_fullscreen_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_cancel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_cancel_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_cancel_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_cancel_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_pause.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_pause_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_pause_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_pause_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_resume.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_resume_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_resume_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_resume_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\window_btm.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\window_btmLeft.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\window_btmright.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\window_left.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\window_right.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\window_top.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\window_topleft.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\window_topright.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_close.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_close_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_close_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_close_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_maximise.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_maximise_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_maximise_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_maximise_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_minimise.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_minimise_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_minimise_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_minimise_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_restore.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_restore_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_restore_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_restore_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_mykazaa.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_mykazaa_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_mykazaa_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_mykazaa_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_search.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_search_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_search_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_search_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_shop.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_shop_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_shop_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_shop_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_start.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_start_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_start_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_start_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_theatre.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_theatre_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_theatre_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_theatre_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_traffic.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_traffic_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_traffic_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_traffic_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_addtoplay.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_addtoplay_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_addtoplay_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_addtoplay_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_next.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_next_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_next_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_next_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_pause.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_pause_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_pause_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_pause_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_play.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_play_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_play_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_play_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_prev.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_prev_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_prev_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_prev_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_slider.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_sliderThumb.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_sliderThumb_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_stop.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_stop_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_stop_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_stop_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_tell.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_tell_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_tell_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_tell_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_volume.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_volume_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_volume_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_volume_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_delete.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_delete_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_delete_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_delete_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_folders.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_folders_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_folders_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_folders_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_importfold.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_importfold_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_importfold_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_importfold_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_moreinfo.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_moreinfo_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_moreinfo_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_moreinfo_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_share.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_share_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_share_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_share_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_closetabs.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_closetabs_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_closetabs_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_closetabs_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_download.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_download_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_download_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_download_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_messageuser.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_messageuser_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_messageuser_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_messageuser_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_newsearch.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_newsearch_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_newsearch_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_newsearch_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_searchuser.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_searchuser_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_searchuser_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_searchuser_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_showsearch.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_showsearch_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_showsearch_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_showsearch_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\skin.xml
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_back.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_back_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_back_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_back_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_fwd.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_fwd_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_fwd_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_fwd_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_home.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_home_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_home_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_home_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_refresh.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_refresh_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_refresh_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_refresh_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_stop.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_stop_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_stop_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_stop_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\theatrebar_fullscreen.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\theatrebar_fullscreen_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\theatrebar_fullscreen_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\theatrebar_fullscreen_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_cancel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_cancel_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_cancel_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_cancel_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_pause.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_pause_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_pause_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_pause_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_resume.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_resume_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_resume_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_resume_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\vssver.scc
c:\program files\Kazaa\Skins\Toasted Sherbert\window_btm.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\window_btmLeft.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\window_btmright.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\window_left.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\window_right.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\window_top.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\window_topleft.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\window_topright.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_close.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_close_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_close_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_close_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_maximise.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_maximise_dis.bmp
fdpatches
2009-07-30, 20:17
had to split the combo fix log...
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_maximise_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_maximise_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_minimise.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_minimise_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_minimise_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_minimise_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_restore.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_restore_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_restore_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_restore_sel.bmp
c:\program files\Kazaa\tsi2.cab
c:\program files\Symantec
c:\program files\Symantec\SYMEVENT.CAT
c:\program files\Symantec\SYMEVENT.INF
.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.
2009-07-27 12:45 . 2009-07-27 12:45 -------- d-----w- c:\program files\ERUNT
2009-07-14 19:20 . 2009-07-14 19:20 410984 ----a-w- c:\winnt\system32\deploytk.dll
2009-07-14 19:19 . 2009-07-14 19:19 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 17:06 . 2005-12-15 13:21 -------- d-----w- c:\program files\BOINC
2009-07-30 16:39 . 2002-03-15 02:01 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-29 13:09 . 2002-12-16 15:52 -------- d-----w- c:\program files\KazStamp
2009-07-29 13:09 . 2004-04-03 22:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-29 13:09 . 2003-06-05 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-27 19:34 . 2008-04-23 17:06 16314380 --sha-w- c:\winnt\system32\drivers\fidbox.idx
2009-07-27 19:34 . 2008-04-23 17:06 1393936416 --sha-w- c:\winnt\system32\drivers\fidbox.dat
2009-07-23 19:56 . 2008-07-01 12:32 34 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat
2009-07-22 15:33 . 2004-12-24 02:47 -------- d-----w- c:\documents and settings\Owner\Application Data\WeatherBug
2009-07-18 12:45 . 2009-01-28 21:14 335752 ----a-w- c:\winnt\system32\drivers\avgldx86.sys
2009-07-14 19:20 . 2005-01-30 19:17 -------- d-----w- c:\program files\Java
2009-07-14 17:18 . 2002-03-28 18:39 -------- d-----w- c:\program files\Return to Castle Wolfenstein
2009-07-14 17:17 . 2004-11-11 13:16 -------- d-----w- c:\program files\AvantGo
2009-07-14 17:17 . 2002-03-15 00:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-14 17:15 . 2002-11-22 19:29 -------- d-----w- c:\program files\EA GAMES
2009-07-14 17:14 . 2006-07-20 20:08 -------- d-----w- c:\program files\America's Army
2009-07-14 17:14 . 2006-07-20 20:10 -------- d-----w- c:\program files\America's Army Server Manager
2009-07-14 17:09 . 2002-05-25 18:21 -------- d-----w- c:\program files\Nancy Drew
2009-07-14 13:41 . 2009-01-29 22:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-14 13:40 . 2009-03-23 18:45 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-13 17:36 . 2009-01-29 22:19 38160 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2009-01-29 22:19 19096 ----a-w- c:\winnt\system32\drivers\mbam.sys
2009-06-24 13:33 . 2009-01-28 21:14 11952 ----a-w- c:\winnt\system32\avgrsstx.dll
2009-06-24 13:33 . 2007-03-06 00:13 27784 ----a-w- c:\winnt\system32\drivers\avgmfx86.sys
2009-06-23 23:18 . 2002-03-20 19:47 -------- d-----w- c:\program files\Hasbro Interactive
2009-06-18 12:26 . 2009-06-18 12:26 29696 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{312255E7-E2C2-4F3E-BBCB-02C5B8696CCB}\IconF0CEFCC9.exe
2009-06-18 12:21 . 2009-05-21 17:21 -------- d-----w- c:\program files\Verizon
2009-05-08 12:42 . 2009-01-28 21:14 108552 ----a-w- c:\winnt\system32\drivers\avgtdix.sys
2008-05-20 19:25 . 2008-05-20 19:25 0 ----a-w- c:\program files\temp01
2003-08-27 19:19 . 2003-10-30 11:31 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2009-07-18 13:01 . 2009-02-03 21:13 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2004-09-09 1597440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-04-16 196608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-30 39408]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-11-12 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-11 339968]
"GWMDMpi"="c:\winnt\GWMDMpi.exe" [2001-11-27 40960]
"UpdReg"="c:\winnt\Updreg.exe" [1999-11-12 86016]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-04 684032]
"CapFax"="c:\program files\PhoneTools\CapFax.EXE" [2001-11-07 20480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 99480]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"SM1BG"="c:\winnt\SM1BG.EXE" [2003-08-27 94208]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-06 50688]
"PSPVideo9"="c:\program files\pspvideo9\pspVideo9.exe" [2005-05-25 643072]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-21 180269]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-16 69705]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"HostManager"="c:\program files\Common Files\AOL\1180989014\ee\AOLSoftware.exe" [2006-09-26 50736]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-14 919016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-14 148888]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" - c:\winnt\system32\SK9910DM.EXE [2001-01-03 66048]
"GWMDMMSG"="GWMDMMSG.exe" - c:\winnt\GWMDMMSG.exe [2001-11-27 101615]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\winnt\system32\narrator.exe [2004-08-04 53760]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
BOINC Manager.lnk - c:\program files\BOINC\boincmgr.exe [2006-5-5 1966080]
HotSync Manager.lnk - c:\program files\Handspring\HOTSYNC.EXE [2003-3-17 299008]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
ZoneAlarm.lnk - c:\program files\Zone Labs\ZoneAlarm\zonealarm.exe [2003-6-5 50664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-24 13:33 11952 ----a-w- c:\winnt\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\winnt\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1180989014\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Nexon\\KartRider\\NMService.exe"=
"c:\\WINNT\\system32\\PnkBstrA.exe"=
"c:\\WINNT\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [1/28/2009 5:14 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [1/28/2009 5:14 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/24/2009 9:33 AM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/6/2009 10:53 AM 298776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/5/2007 6:42 PM 24652]
S3 Gcr432;Gcr432;c:\winnt\system32\drivers\gcr432.sys [10/4/2001 3:18 PM 53701]
S3 PacketNTx;Packet helper driver;c:\winnt\system32\drivers\PacketNTx.sys [11/27/2002 12:30 PM 24544]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\atf\Qctest\PCDoc\PCDRDRV.sys --> c:\atf\Qctest\PCDoc\PCDRDRV.sys [?]
S3 VisorUsb;Handspring USB;c:\winnt\system32\DRIVERS\VisorUsb.sys --> c:\winnt\system32\DRIVERS\VisorUsb.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-07-24 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.runevillage.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.gateway.net
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
Trusted Zone: taxslayer.com\www
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} - hxxp://cdn.digitalcity.com/_media/dalaillama/ampx.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ryzeoko5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.runescape.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npietab.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwinamp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
disk not found C:\
please note that you need administrator rights to perform deep scan
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PSSdk21]
"ImagePath"="\??\c:\winnt\System32\Drivers\HNPsSdk.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ó™őw$µ*]
"DisplayName"="\09"
"DeviceDesc"="\09"
"ProviderName"=""
"MFG"="?"
"ReinstallString"="2002, 6.13.10.6118"
"DeviceInstanceIds"=multi:"\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(536)
c:\winnt\System32\iac25_32.ax
.
Completion time: 2009-07-30 13:08
ComboFix-quarantined-files.txt 2009-07-30 17:08
ComboFix2.txt 2009-07-27 19:46
Pre-Run: 43,760,726,016 bytes free
Post-Run: 43,333,087,232 bytes free
1183 --- E O F --- 2009-02-09 14:06
fdpatches
2009-07-30, 20:21
And the hijack this log...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:56 PM, on 7/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\WINNT\SM1BG.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\BOINC\boinc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runevillage.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229602947828
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4029.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.konicaminoltaonline.com/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINNT\system32\avgrsstx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINNT\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\SYSTEM32\GEARSEC.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
--
End of file - 12228 bytes
Bio-Hazard
2009-07-30, 21:22
Remove programs
Click Start
Go to Control Panel
Go to Add/Remove Programs
Find and click Remove for the following (if present):
Batch Assistant
BMSE dbl
Data Compiler
IE Help
IEC system
Indexing Function
SBM OS
SE Assistant
SE Help
Search Assistant
Search Function
Search OS
Sidebar Search
URL.IE APP
WinMX
NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.
ATF-Cleaner
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.
Save it to your desktop
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords please click No at the prompt.
Click Exit on the Main menu to close the program.
Kaspersky Online Scan
You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
Optional Fix
I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player's components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.
To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything bad. This may change,read Viewpoint to Plunge Into Adware (http://www.clickz.com/showPage.html?page=3561546).
I recommend that you remove the Viewpoint products; however, decide for yourself.
To uninstall the the Viewpoint components :
Click Start, point to Settings, and then click Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
How to prevent it from being recreated every time you run the AOL software:
Open AOL
Go to Help on the toolbar
Select About AOL
Hit Ctrl D and a secret panel can be accessed which will allow you to disable all desktop and IM features associated with Viewpoint.
Optional Fix
WeatherBug is a system tray icon that offers weather information and includes built-in ads. WeatherBug is controlled by AWS Convergence Technologies (weatherbugmedia.com). There is some controversy over whether WeatherBug should be targeted by anti-parasite software. AWS strongly deny their software is 'spyware', and by the definition used here, it is not, as it does not leak information back to its controlling servers. However, WeatherBug has in the past been silently installed by the FavoriteMan parasite and Freeze.com screensavers, and more recently has been bundled by software such as AIM and Blubster. This makes it 'unsolicited', and since it is installed to raise money for its creators through the built-in ads it is certainly 'commercial'. So it does meet the definition for 'parasite': unsolicited commercial software. It is nonetheless listed as a borderline case because it is not overtly harmful and many people do install it deliberately. WeatherBug bundles the MySearch parasite in its standalone distribution and has in the past, installed Gator and SVAPlayer.
I recommend that you uninstall WeatherBugand choose one of these alternatives:
Weather Pulse (http://tropicdesigns.net/weatherpulse.php)
Weather Watcher (http://www.singerscreations.com/)
or
Get mozilla Firefox (http://www.mozilla.com/) and then get FORECASTFOX!!! (https://addons.mozilla.org/firefox/398/)
or check the weather at these websites:
Weather Street: US Weather (http://www.weatherstreet.com)
Intellicast (http://www.intellicast.com/IcastPage/LoadPage.aspx)
To uninstall WeatherBug:
Click Start, point to Settings, and then click Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs, highlight WeatherBug, click Remove.
Close the Add or Remove Programs and the Control Panel windows.
Logs/Information to Post in Next Reply
Please post the following logs/Information in your reply:
Let me know if you removed Viewpoint and Weatherbug
Answer to My question
Kaspersky Log
A fresh HijackThis Log ( after all the above has been done)
A description of how your computer is behaving
fdpatches
2009-07-31, 06:22
Please post the following logs/Information in your reply:
* Let me know if you removed Viewpoint and Weatherbug
* Answer to My question
* Kaspersky Log
* A fresh HijackThis Log ( after all the above has been done)
* A description of how your computer is behaving
Viewpoint and Weatherbug are gone.
not sure what question you asked
posting Kasperspy log and hijack this log
computer seems ok, havent been using it much because of the problems
the java expoits from Kaspersky should they be a worry? I use java alot for online games.
Thanks,
Tom
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, July 30, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, July 30, 2009 22:40:15
Records in database: 2564753
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: no
Scan area - My Computer:
A:\
C:\
D:\
E:\
Scan statistics:
Files scanned: 150429
Threat name: 12
Infected objects: 18
Suspicious objects: 0
Duration of the scan: 04:09:03
File name / Threat name / Threats count
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-54b58e74 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-4cf6b578.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Owner\My Documents\BS250.exe Infected: not-a-virus:AdWare.Win32.180Solutions.d 1
C:\Documents and Settings\Owner\My Documents\BS250.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\Documents and Settings\Owner\My Documents\BS250.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ag 2
C:\Documents and Settings\Owner\My Documents\hhousefree.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c 1
C:\Documents and Settings\Owner\My Documents\hhousefree.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af 1
C:\Documents and Settings\Owner\My Documents\hhousefree.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v 2
C:\Documents and Settings\Owner\My Documents\hhousefree.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\Documents and Settings\Owner\My Documents\mirc617.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1
C:\Documents and Settings\Owner\My Documents\My Received Files\BSINSTALL.exe Infected: not-a-virus:AdWare.Win32.CommonName.p 1
C:\Documents and Settings\Owner\My Documents\My Received Files\BSINSTALL.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ak 1
C:\Documents and Settings\Owner\My Documents\My Received Files\BSINSTALL.exe Infected: not-a-virus:AdWare.Win32.SaveNow.aw 1
C:\Documents and Settings\Owner\My Documents\My Received Files\BSINSTALL.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1
C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP969\A0224385.EXE Infected: not-a-virus:AdWare.Win32.MyWay.j 1
The selected area was scanned.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:46 PM, on 7/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\WINNT\SM1BG.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\BOINC\boinc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINNT\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runevillage.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229602947828
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4029.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.konicaminoltaonline.com/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINNT\system32\avgrsstx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINNT\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\SYSTEM32\GEARSEC.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
--
End of file - 11940 bytes
Bio-Hazard
2009-08-01, 01:15
Remove HijackThis entries
Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
Close all open windows and browsers/email etc...
Click on the Fix Checked button
When completed close the application.
Download and run OTM
Download OTM (http://oldtimer.geekstogo.com/OTM.exe) by Old Timer and save it to your Desktop.
Double-click OTM.exe to run it.
Paste the following code under the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/pasteline.png area. Do not include the word Code.
:Files
C:\Documents and Settings\Owner\My Documents\BS250.exe
C:\Documents and Settings\Owner\My Documents\hhousefree.exe
C:\Documents and Settings\Owner\My Documents\My Received Files\BSINSTALL.exe
c:\program files\AWS
c:\program files\KazStamp
c:\documents and settings\Owner\Application Data\WeatherBug
c:\program files\temp01
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
:Commands
[emptytemp]
[Reboot]
Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Push the large http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/btnmoveit.png button.
OTM may ask to reboot the machine. Please do so if asked.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Update Java Runtime and Run JavaRa
Download Java Runtime
Go to HERE (http://java.sun.com/javase/downloads/index.jsp) to download Java Runtime Environment Version 6 Update 14
Click on the link named Java Runtime Environment (JRE) 6 Update 14
Click on the radio button to Accept License Agreement
Click on Windows Offline Installation Multi-language and save the downloaded file to your desktop
Run JavaRa
Please download JavaRa (http://prm753.bchea.org/click/click.php?id=9) and unzip it to your desktop.
Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location.
Install Java
Install the new version of Java by running the newly-downloaded file ( jre-6u14-windows-i586-p.exe) with the java icon which will be at your desktop, and follow the on-screen instructions.
Reboot your computer
Logs/Information to Post in Next Reply
Please post the following logs/Information in your reply:
OTM log
A fresh HijackThis Log ( after all the above has been done)
A description of how your computer is behaving
fdpatches
2009-08-01, 16:13
Hi,
I was able to run the hijack this and remove what you said. I ran the OTM and posted the log. I was unable to access the JAVARA said error 403. Can I delete the old version with add/remove programs? Here are the logs.
All processes killed
========== FILES ==========
C:\Documents and Settings\Owner\My Documents\BS250.exe moved successfully.
C:\Documents and Settings\Owner\My Documents\hhousefree.exe moved successfully.
C:\Documents and Settings\Owner\My Documents\My Received Files\BSINSTALL.exe moved successfully.
c:\program files\AWS moved successfully.
c:\program files\KazStamp moved successfully.
c:\documents and settings\Owner\Application Data\WeatherBug moved successfully.
c:\program files\temp01 moved successfully.
File/Folder c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 1623240 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 65670 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32835 bytes
User: Owner
->Temp folder emptied: 77930811 bytes
->Temporary Internet Files folder emptied: 246471 bytes
->Java cache emptied: 727044689 bytes
->FireFox cache emptied: 78057498 bytes
%systemdrive% .tmp files removed: 0 bytes
C:\WINNT\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 19528 bytes
%systemroot%\System32 .tmp files removed: 404039 bytes
File delete failed. C:\WINNT\temp\ZLT06004.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINNT\temp\ZLT06032.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied: 531863 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 844.95 mb
OTM by OldTimer - Version 3.0.0.5 log created on 08012009_084815
Files moved on Reboot...
File C:\WINNT\temp\ZLT06004.TMP not found!
File C:\WINNT\temp\ZLT06032.TMP not found!
Registry entries deleted on Reboot...
and hijack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:45 AM, on 8/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\SYSTEM32\GEARSEC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINNT\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\WINNT\SM1BG.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BOINC\boinc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_1.90_windows_intelx86.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runevillage.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229602947828
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4029.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.konicaminoltaonline.com/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINNT\system32\avgrsstx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINNT\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\SYSTEM32\GEARSEC.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
--
End of file - 11685 bytes
fdpatches
2009-08-01, 16:23
I forgot to add how the computer is running. I did several google searches and none were redirected. Also I checked the java under add/remove programs and I have Java 6 update 14 and Java 6 update 7 can I just delete the old one since JavaRA I cannot access? Also the only reason I knew about the problem was AVG and spybot picked it up. I haven't done any of those scans since we started.
Thanks for all you help so far.
Tom
Bio-Hazard
2009-08-01, 20:22
I forgot to add how the computer is running. I did several google searches and none were redirected. Also I checked the java under add/remove programs and I have Java 6 update 14 and Java 6 update 7 can I just delete the old one since JavaRA I cannot access? Also the only reason I knew about the problem was AVG and spybot picked it up. I haven't done any of those scans since we started.
Thanks for all you help so far.
Tom
Hello!
Yes, you can just remove the older version through add/remove panel. You can do scan with Spybot and AVG, if they find something please post the result fot me to see.
I want to check one registry entry so please run this batch file and post the result to me.
Batch file - reginfo.bat
Open Notepad (not wordpad) by click start
Click Run
Type notepad into the box and click enter
Notepad will open
Copy and Paste everything from the Code box into Notepad (not wordpad):
regedit /e regexport.txt "HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ó™őw$µ*"
start regexport.txt
Make sure there are NO blank lines before @echo off
Make sure there IS one blank line at the end of the file.
Go to File > Save As
Save File name as reginfo.bat
Change Save as Type to All Files and save the file to your desktop.
Close Notepad
Double-click reginfo.bat on your Desktop
Post back with the text that will open in notepad.
fdpatches
2009-08-01, 20:39
Hello!
Yes, you can just remove the older version through add/remove panel. You can do scan with Spybot and AVG, if they find something please post the result fot me to see.
I want to check one registry entry so please run this batch file and post the result to me.
Batch file - reginfo.bat
Open Notepad (not wordpad) by click start
Click Run
Type notepad into the box and click enter
Notepad will open
Copy and Paste everything from the Code box into Notepad (not wordpad):
regedit /e regexport.txt "HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ó™őw$µ*"
start regexport.txt
Make sure there are NO blank lines before @echo off
Make sure there IS one blank line at the end of the file.
Go to File > Save As
Save File name as reginfo.bat
Change Save as Type to All Files and save the file to your desktop.
Close Notepad
Double-click reginfo.bat on your Desktop
Post back with the text that will open in notepad.
Hello,
I do not see any line that says echo off?
Thanks,
Tom
Bio-Hazard
2009-08-01, 21:04
Sorry Tom, that was my mistake.
Batch file - reginfo.bat
Open Notepad (not wordpad) by click start
Click Run
Type notepad into the box and click enter
Notepad will open
Copy and Paste everything from the Code box into Notepad (not wordpad):
regedit /e regexport.txt "HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ó™őw$µ*"
start regexport.txt
Go to File > Save As
Save File name as reginfo.bat
Change Save as Type to All Files and save the file to your desktop.
Close Notepad
Double-click reginfo.bat on your Desktop
Post back with the text that will open in notepad.
fdpatches
2009-08-01, 21:41
So far I was only able to run spybot it only found 30 cookies and an ebay toolbar which I have no idea what it is and don't use it.
Thanks,
Tom
PS gonna run AVG while I sleep and I will post results
fdpatches
2009-08-02, 02:30
AVG says there are 2 infections that it couldn't heal and 1 spyware that it removed I think they were files that were in kazaa and were deleted??
Thanks,
Tom
"C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP969\A0224244.exe:\DVD Copy Plus 4.0 Crack\Run DVD Copy Plus.exe";"Trojan horse Generic12.ATFF";"Infected"
"C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP969\A0224244.exe";"Trojan horse Generic12.ATFF";"Infected"
"C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP969\A0224366.exe";"Adware Generic2.YCK";"Moved to Virus Vault"
fdpatches
2009-08-02, 02:34
tried the last thing and it says it could not find regexport.txt?
Thanks,
Tom
Bio-Hazard
2009-08-02, 16:03
tried the last thing and it says it could not find regexport.txt?
Thanks,
Tom
Hello!
I am just looking into it.
Bio-Hazard
2009-08-02, 16:20
Hello!
Those AVG entries are all in system restore which we will get rid of when we are done. So no need to worry about those entries.
Run CFScript
Close any open browsers.
Open Notepad by click start
Click Run
Type notepad into the box and click enter
Notepad will open
Copy and Paste everything from the Code box into Notepad:
RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ó™őw$µ*]
Save this as CFScript.txt, in the same location as ComboFix.exe (on your desktop)
http://i219.photobucket.com/albums/cc99/BioHazard_030/CFScriptExample.jpg
Refering to the picture below, drag CFScript into ComboFix.exe
http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
When finished, it shall produce a log for you at C:\ComboFix.txt
NOTE: Do not mouseclick combofix's window whilst it's running. That may cause it to stall it.
Batch file - reginfo.bat
Open Notepad (not wordpad) by click start
Click Run
Type notepad into the box and click enter
Notepad will open
Copy and Paste everything from the Code box into Notepad (not wordpad):
regedit /e regexport.txt "HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ó™őw$µ*"
start regexport.txt
Go to File > Save As
Save File name as reginfo.bat
Change Save as Type to All Files and save the file to your desktop.
Close Notepad
Double-click reginfo.bat on your Desktop
Post back with the text that will open in notepad.
Next Reply
Please reply with:
batch info
ComboFix log (found at C:\Combofix.txt)
New HijackThis log
fdpatches
2009-08-02, 16:57
here is the log..
still cannot find regexport
ComboFix 09-08-01.06 - Owner 08/02/2009 9:29.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.407 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Owner\LOCALS~1\Temp\catchme.dll
c:\documents and settings\Owner\Local Settings\temp\catchme.dll
.
((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
.
2009-08-01 12:48 . 2009-08-01 12:48 -------- d-----w- C:\_OTM
2009-07-27 12:45 . 2009-07-27 12:45 -------- d-----w- c:\program files\ERUNT
2009-07-14 19:20 . 2009-07-14 19:20 410984 ----a-w- c:\winnt\system32\deploytk.dll
2009-07-14 19:19 . 2009-07-14 19:19 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 13:45 . 2005-12-15 13:21 -------- d-----w- c:\program files\BOINC
2009-08-01 18:38 . 2003-06-05 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-01 17:51 . 2004-04-03 22:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-01 17:40 . 2005-01-30 19:17 -------- d-----w- c:\program files\Java
2009-08-01 12:56 . 2008-04-23 17:06 16314380 --sha-w- c:\winnt\system32\drivers\fidbox.idx
2009-08-01 12:56 . 2008-04-23 17:06 1393936416 --sha-w- c:\winnt\system32\drivers\fidbox.dat
2009-07-30 20:42 . 2003-11-27 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-07-30 20:39 . 2004-01-06 21:03 -------- d-----w- c:\program files\WinMX
2009-07-30 16:39 . 2002-03-15 02:01 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-23 19:56 . 2008-07-01 12:32 34 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat
2009-07-18 12:45 . 2009-01-28 21:14 335752 ----a-w- c:\winnt\system32\drivers\avgldx86.sys
2009-07-14 17:18 . 2002-03-28 18:39 -------- d-----w- c:\program files\Return to Castle Wolfenstein
2009-07-14 17:17 . 2004-11-11 13:16 -------- d-----w- c:\program files\AvantGo
2009-07-14 17:17 . 2002-03-15 00:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-14 17:15 . 2002-11-22 19:29 -------- d-----w- c:\program files\EA GAMES
2009-07-14 17:14 . 2006-07-20 20:08 -------- d-----w- c:\program files\America's Army
2009-07-14 17:14 . 2006-07-20 20:10 -------- d-----w- c:\program files\America's Army Server Manager
2009-07-14 17:09 . 2002-05-25 18:21 -------- d-----w- c:\program files\Nancy Drew
2009-07-14 13:41 . 2009-01-29 22:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-14 13:40 . 2009-03-23 18:45 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-13 17:36 . 2009-01-29 22:19 38160 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2009-01-29 22:19 19096 ----a-w- c:\winnt\system32\drivers\mbam.sys
2009-06-24 13:33 . 2009-01-28 21:14 11952 ----a-w- c:\winnt\system32\avgrsstx.dll
2009-06-24 13:33 . 2007-03-06 00:13 27784 ----a-w- c:\winnt\system32\drivers\avgmfx86.sys
2009-06-23 23:18 . 2002-03-20 19:47 -------- d-----w- c:\program files\Hasbro Interactive
2009-06-18 12:26 . 2009-06-18 12:26 29696 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{312255E7-E2C2-4F3E-BBCB-02C5B8696CCB}\IconF0CEFCC9.exe
2009-06-18 12:21 . 2009-05-21 17:21 -------- d-----w- c:\program files\Verizon
2009-05-08 12:42 . 2009-01-28 21:14 108552 ----a-w- c:\winnt\system32\drivers\avgtdix.sys
2003-08-27 19:19 . 2003-10-30 11:31 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2009-07-18 13:01 . 2009-02-03 21:13 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-27_19.39.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-01 12:58 . 2009-08-01 12:58 16384 c:\winnt\Temp\Perflib_Perfdata_718.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-04-16 196608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-30 39408]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-11-12 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-11 339968]
"GWMDMpi"="c:\winnt\GWMDMpi.exe" [2001-11-27 40960]
"UpdReg"="c:\winnt\Updreg.exe" [1999-11-12 86016]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-04 684032]
"CapFax"="c:\program files\PhoneTools\CapFax.EXE" [2001-11-07 20480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 99480]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"SM1BG"="c:\winnt\SM1BG.EXE" [2003-08-27 94208]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-06 50688]
"PSPVideo9"="c:\program files\pspvideo9\pspVideo9.exe" [2005-05-25 643072]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-21 180269]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-16 69705]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"HostManager"="c:\program files\Common Files\AOL\1180989014\ee\AOLSoftware.exe" [2006-09-26 50736]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-14 919016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-14 148888]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" - c:\winnt\system32\SK9910DM.EXE [2001-01-03 66048]
"GWMDMMSG"="GWMDMMSG.exe" - c:\winnt\GWMDMMSG.exe [2001-11-27 101615]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\winnt\system32\narrator.exe [2004-08-04 53760]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
BOINC Manager.lnk - c:\program files\BOINC\boincmgr.exe [2006-5-5 1966080]
HotSync Manager.lnk - c:\program files\Handspring\HOTSYNC.EXE [2003-3-17 299008]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
ZoneAlarm.lnk - c:\program files\Zone Labs\ZoneAlarm\zonealarm.exe [2003-6-5 50664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-24 13:33 11952 ----a-w- c:\winnt\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\winnt\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1180989014\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Nexon\\KartRider\\NMService.exe"=
"c:\\WINNT\\system32\\PnkBstrA.exe"=
"c:\\WINNT\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [1/28/2009 5:14 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [1/28/2009 5:14 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/24/2009 9:33 AM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/6/2009 10:53 AM 298776]
S3 Gcr432;Gcr432;c:\winnt\system32\drivers\gcr432.sys [10/4/2001 3:18 PM 53701]
S3 PacketNTx;Packet helper driver;c:\winnt\system32\drivers\PacketNTx.sys [11/27/2002 12:30 PM 24544]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\atf\Qctest\PCDoc\PCDRDRV.sys --> c:\atf\Qctest\PCDoc\PCDRDRV.sys [?]
S3 VisorUsb;Handspring USB;c:\winnt\system32\DRIVERS\VisorUsb.sys --> c:\winnt\system32\DRIVERS\VisorUsb.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-07-31 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.runevillage.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.gateway.net
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
Trusted Zone: taxslayer.com\www
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} - hxxp://cdn.digitalcity.com/_media/dalaillama/ampx.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ryzeoko5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.runescape.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npietab.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwinamp.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
disk not found C:\
please note that you need administrator rights to perform deep scan
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PSSdk21]
"ImagePath"="\??\c:\winnt\System32\Drivers\HNPsSdk.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ó™őw$µ*]
"DisplayName"="\09"
"DeviceDesc"="\09"
"ProviderName"=""
"MFG"="?"
"ReinstallString"="2002, 6.13.10.6118"
"DeviceInstanceIds"=multi:"\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(540)
c:\winnt\System32\iac25_32.ax
.
Completion time: 2009-08-02 9:53
ComboFix-quarantined-files.txt 2009-08-02 13:53
ComboFix2.txt 2009-07-30 17:08
ComboFix3.txt 2009-07-27 19:46
Pre-Run: 43,822,804,992 bytes free
Post-Run: 43,773,415,424 bytes free
245 --- E O F --- 2009-02-09 14:06
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:20 AM, on 8/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINNT\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\WINNT\SM1BG.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BOINC\boinc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
C:\WINNT\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runevillage.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229602947828
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4029.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.konicaminoltaonline.com/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINNT\system32\avgrsstx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINNT\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\SYSTEM32\GEARSEC.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
--
End of file - 11968 bytes
fdpatches
2009-08-02, 19:27
Hello,
I just had a google redirect search, when I went back and reclicked it it went to the right site, not sure if it was a fluke or what, I tried a few more searches and they were all fine.
Thanks,
Tom
Bio-Hazard
2009-08-04, 01:20
Hello,
I just had a google redirect search, when I went back and reclicked it it went to the right site, not sure if it was a fluke or what, I tried a few more searches and they were all fine.
Hello!
Thank you for your reply.
Lets see if it was jsuta fluke. Did this happen with firefox or IE?
GooredFix
Please download GooredFix from one of the locations below and save it to your Desktop
LINK 1 (http://jpshortstuff.247fixes.com/GooredFix.exe)
LINK 2 (http://downloads.securitycadets.com/GooredFix.exe)
Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
random's system information tool (RSIT)
Download random's system information tool (RSIT) by random/random from HERE (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt (<<will be maximized)
info.txt (<<will be minimized)
Post both of these logs in your next reply (Sometimes you have to make several post to get the logs posted.)
Logs/Information to Post in Next Reply
Please post the following logs/Information in your reply:
GooredFix.txt
RSIT Logs,log.txt (<<will be maximized) and info.txt (<<will be minimized)
A description of how your computer is behaving
fdpatches
2009-08-04, 01:25
Hello,
it happened with firefox.
GooredFix by jpshortstuff (12.07.09)
Log created at 18:23 on 03/08/2009 (Owner)
Firefox version 3.5.1 (en-US)
========== GooredScan ==========
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [19:13 30/01/2005]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [19:20 14/07/2009]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox" [21:14 28/01/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [19:20 14/07/2009]
-=E.O.F=-
fdpatches
2009-08-04, 01:28
it had me run a program owner.exe I hope it was ok.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-08-03 18:26:08
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 42 GB (36%) free of 114 GB
Total RAM: 1023 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:26:41 PM, on 8/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINNT\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\WINNT\SM1BG.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BOINC\boinc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINNT\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Documents and Settings\Owner\Desktop\Owner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runevillage.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229602947828
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4029.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.konicaminoltaonline.com/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINNT\system32\avgrsstx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINNT\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\SYSTEM32\GEARSEC.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
--
End of file - 11967 bytes
======Scheduled tasks folder======
C:\WINNT\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-18 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-07-14 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-23 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-27 669168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-09 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-14 41368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-14 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-23 259696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-07-10 339968]
"Hot Key Kbd 9910 Daemon"=C:\WINNT\system32\SK9910DM.EXE [2001-01-03 66048]
"GWMDMMSG"=C:\WINNT\GWMDMMSG.exe [2001-11-27 101615]
"GWMDMpi"=C:\WINNT\GWMDMpi.exe [2001-11-27 40960]
"UpdReg"=C:\WINNT\Updreg.exe [1999-11-12 86016]
"AdaptecDirectCD"=C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-04 684032]
"CapFax"=C:\Program Files\PhoneTools\CapFax.EXE [2001-11-07 20480]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-10-25 282624]
"Pure Networks Port Magic"=C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe [2004-05-07 99480]
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2006-10-23 71216]
"SM1BG"=C:\WINNT\SM1BG.EXE [2003-08-27 94208]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2003-06-06 50688]
"PSPVideo9"=C:\Program Files\pspvideo9\pspVideo9.exe [2005-05-25 643072]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2004-03-18 892928]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-12-21 180269]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2006-06-21 35328]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"ATI DeviceDetect"=C:\Program Files\ATI Multimedia\main\ATIDtct.EXE [2004-06-15 69705]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576]
"HostManager"=C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe [2006-09-25 50736]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-03-13 919016]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-24 1948440]
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe [2009-03-10 1553920]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-14 148888]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-04-21 94208]
"ATI Remote Control"=C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe [2004-04-16 196608]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-30 39408]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-11-12 2321600]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
ZoneAlarm.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup
BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe
HotSync Manager.lnk - C:\Program Files\Handspring\HOTSYNC.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINNT\system32\avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
Ati2evxx.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINNT\system32\avgrsstx.dll [2009-06-24 11952]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe"="C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\Program Files\Common Files\AOL\1180989014\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1180989014\ee\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\KartRider\NMService.exe"="C:\Nexon\KartRider\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\WINNT\system32\PnkBstrA.exe"="C:\WINNT\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINNT\system32\PnkBstrB.exe"="C:\WINNT\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
======List of files/folders created in the last 1 months======
2009-08-03 18:26:08 ----D---- C:\rsit
2009-08-02 09:53:09 ----A---- C:\ComboFix.txt
2009-08-01 08:48:15 ----D---- C:\_OTM
2009-07-27 15:00:31 ----A---- C:\Boot.bak
2009-07-27 15:00:12 ----RASHD---- C:\cmdcons
2009-07-27 14:57:20 ----A---- C:\WINNT\zip.exe
2009-07-27 14:57:20 ----A---- C:\WINNT\SWXCACLS.exe
2009-07-27 14:57:20 ----A---- C:\WINNT\SWSC.exe
2009-07-27 14:57:20 ----A---- C:\WINNT\SWREG.exe
2009-07-27 14:57:20 ----A---- C:\WINNT\sed.exe
2009-07-27 14:57:20 ----A---- C:\WINNT\PEV.exe
2009-07-27 14:57:20 ----A---- C:\WINNT\NIRCMD.exe
2009-07-27 14:57:20 ----A---- C:\WINNT\grep.exe
2009-07-27 14:44:40 ----D---- C:\Qoobox
2009-07-27 08:46:09 ----D---- C:\WINNT\ERDNT
2009-07-27 08:45:01 ----D---- C:\Program Files\ERUNT
2009-07-14 15:20:31 ----A---- C:\WINNT\system32\javaws.exe
2009-07-14 15:20:31 ----A---- C:\WINNT\system32\javaw.exe
2009-07-14 15:20:31 ----A---- C:\WINNT\system32\java.exe
2009-07-14 15:20:31 ----A---- C:\WINNT\system32\deploytk.dll
======List of files/folders modified in the last 1 months======
2009-08-03 18:26:00 ----D---- C:\Program Files\BOINC
2009-08-03 18:24:12 ----D---- C:\Program Files\Mozilla Firefox
2009-08-03 18:12:05 ----D---- C:\WINNT\Internet Logs
2009-08-03 08:09:29 ----D---- C:\WINNT\Temp
2009-08-02 09:53:14 ----AD---- C:\WINNT\system32
2009-08-02 09:44:02 ----AD---- C:\WINNT
2009-08-02 09:44:02 ----A---- C:\WINNT\system.ini
2009-08-02 09:38:50 ----D---- C:\WINNT\system32\drivers
2009-08-02 09:38:50 ----D---- C:\WINNT\AppPatch
2009-08-02 09:38:36 ----D---- C:\Program Files\Common Files
2009-08-02 09:29:12 ----D---- C:\WINNT\system32\CatRoot2
2009-08-02 09:28:28 ----A---- C:\WINNT\SchedLgU.Txt
2009-08-01 16:37:14 ----HD---- C:\$AVG8.VAULT$
2009-08-01 14:38:57 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-01 13:51:35 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-01 13:40:32 ----SHD---- C:\WINNT\Installer
2009-08-01 13:40:23 ----D---- C:\Program Files\Java
2009-08-01 09:01:27 ----A---- C:\WINNT\ModemLog_GTW V.92 Voice Modem.txt
2009-08-01 08:48:43 ----AD---- C:\Program Files
2009-07-31 19:04:41 ----A---- C:\WINNT\win.ini
2009-07-30 16:42:28 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-07-30 16:39:33 ----D---- C:\Program Files\WinMX
2009-07-30 16:36:20 ----A---- C:\VETlog.txt
2009-07-30 12:39:46 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-07-29 09:09:57 ----D---- C:\WINNT\ShellNew
2009-07-29 09:08:29 ----SD---- C:\WINNT\Tasks
2009-07-27 15:44:53 ----RSHD---- C:\WINNT\system32\dllcache
2009-07-27 15:32:16 ----SD---- C:\WINNT\Downloaded Program Files
2009-07-27 15:00:32 ----RASH---- C:\boot.ini
2009-07-27 14:44:23 ----D---- C:\WINNT\Prefetch
2009-07-27 13:12:11 ----D---- C:\WINNT\Minidump
2009-07-26 13:32:15 ----A---- C:\WINNT\WININIT.INI
2009-07-26 12:47:44 ----A---- C:\WINNT\ntbtlog.txt
2009-07-14 13:18:54 ----D---- C:\Program Files\Return to Castle Wolfenstein
2009-07-14 13:18:49 ----A---- C:\WINNT\Rtcw.INI
2009-07-14 13:17:56 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-14 13:17:56 ----D---- C:\WINNT\Help
2009-07-14 13:17:56 ----D---- C:\Program Files\AvantGo
2009-07-14 13:15:09 ----D---- C:\Program Files\EA GAMES
2009-07-14 13:14:08 ----D---- C:\Program Files\America's Army
2009-07-14 13:14:05 ----D---- C:\Program Files\America's Army Server Manager
2009-07-14 13:09:04 ----D---- C:\Program Files\Nancy Drew
2009-07-14 09:41:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINNT\System32\Drivers\avgldx86.sys [2009-07-18 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINNT\System32\Drivers\avgmfx86.sys [2009-06-24 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINNT\System32\Drivers\avgtdix.sys [2009-05-08 108552]
R1 Cdr4_xp;Cdr4_xp; C:\WINNT\system32\drivers\Cdr4_xp.sys [2006-05-19 2432]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2006-05-19 2560]
R1 cdudf_xp;cdudf_xp; C:\WINNT\system32\drivers\cdudf_xp.sys [2002-12-04 240640]
R1 intelppm;Intel Processor Driver; C:\WINNT\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINNT\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 KLIF;KLIF; C:\WINNT\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 pwd_2K;pwd_2K; C:\WINNT\system32\drivers\pwd_2K.sys [2002-12-04 134426]
R1 Sk9920nt;PS/2 Keyboard Filter Driver for NT 4.0; C:\WINNT\System32\DRIVERS\Sk9920nt.sys [2000-09-12 6208]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINNT\system32\drivers\UdfReadr_xp.sys [2002-12-04 206464]
R1 vsdatant;vsdatant; C:\WINNT\System32\vsdatant.sys [2008-03-13 394952]
R2 MxlW2k;MxlW2k; C:\WINNT\system32\drivers\MxlW2k.sys [2002-03-19 27924]
R2 PfModNT;PfModNT; \??\C:\WINNT\System32\PfModNT.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINNT\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ATI Remote Wonder II;ATI Remote Wonder II; C:\WINNT\system32\drivers\ATIRWVD.SYS [2003-12-15 257872]
R3 ati2mtag;ati2mtag; C:\WINNT\System32\DRIVERS\ati2mtag.sys [2004-07-10 747008]
R3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINNT\System32\DRIVERS\e100b325.sys [2001-11-06 119808]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINNT\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664]
R3 GTWModem;GTW V.92 Voice Modem; C:\WINNT\System32\DRIVERS\GWMDM.sys [2001-11-27 1143360]
R3 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 itchfltr;iTouch Keyboard Filter; C:\WINNT\system32\DRIVERS\itchfltr.sys [2004-03-10 12953]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINNT\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINNT\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB Root Hub (usbport); C:\WINNT\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 wanatw;WAN Miniport (ATW); C:\WINNT\System32\DRIVERS\wanatw4.sys [2002-07-16 33588]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINNT\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 BCMModem;BCM V.90 56K Modem; C:\WINNT\System32\DRIVERS\BCMDM.sys [2001-08-17 871388]
S3 BRIDGE;MAC Bridge; C:\WINNT\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINNT\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 ctljystk;Creative SBLive! Gameport; C:\WINNT\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINNT\System32\DRIVERS\Dot4.sys [2004-08-04 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINNT\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINNT\System32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINNT\System32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 dvd_2K;dvd_2K; C:\WINNT\system32\drivers\dvd_2K.sys [2002-12-04 25674]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINNT\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 emu10k;Creative SB Live! Value (WDM); C:\WINNT\system32\drivers\emu10k1f.sys [2001-12-18 777088]
S3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINNT\system32\drivers\ctlface.sys [2001-12-18 6912]
S3 Gcr432;Gcr432; C:\WINNT\System32\Drivers\gcr432.sys [2001-10-04 53701]
S3 mmc_2K;mmc_2K; C:\WINNT\system32\drivers\mmc_2K.sys [2002-12-04 30406]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 NPPTNT2;NPPTNT2; \??\C:\WINNT\system32\npptNT2.sys []
S3 nv;nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 nv4;nv4; C:\WINNT\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 PacketNTx;Packet helper driver; \??\C:\WINNT\system32\drivers\PacketNTx.sys []
S3 PalmUSBD;PalmUSBD; C:\WINNT\system32\drivers\PalmUSBD.sys [2003-03-17 16509]
S3 PCDRDRV;Pcdr Helper Driver; \??\C:\Atf\Qctest\PCDoc\PCDRDRV.sys []
S3 PcdrNt;PcdrNt; C:\WINNT\System32\drivers\PcdrNt.sys [2000-03-23 44192]
S3 PSSdk21;PSSdk21; \??\C:\WINNT\System32\Drivers\HNPsSdk.drv []
S3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINNT\system32\drivers\sfman.sys [2001-12-18 36992]
S3 Sk99202k;PS/2 Keyboard Filter Driver for Win2000; C:\WINNT\System32\DRIVERS\Sk99202k.sys [2000-09-11 7552]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINNT\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 usbser;Magellan eXplorist USB Modem Driver; C:\WINNT\system32\DRIVERS\usbser.sys [2004-08-04 25600]
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 VisorUsb;Handspring USB; C:\WINNT\System32\DRIVERS\VisorUsb.sys []
S3 WpdUsb;WpdUsb; C:\WINNT\System32\Drivers\wpdusb.sys [2004-09-22 18944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2006-10-23 46640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINNT\system32\Ati2evxx.exe [2004-07-10 385024]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-18 907032]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-24 298776]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINNT\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-14 152984]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2009-02-20 303104]
R2 PnkBstrA;PnkBstrA; C:\WINNT\system32\PnkBstrA.exe [2007-11-23 66872]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINNT\System32\wdfmgr.exe [2004-09-22 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINNT\system32\ZoneLabs\vsmon.exe [2008-03-13 75304]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINNT\wanmpsvc.exe [2003-08-27 65536]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
S2 ATI Smart;ATI Smart; C:\WINNT\system32\ati2sgag.exe [2004-07-10 516096]
S2 GEARSecurity;GEARSecurity; C:\WINNT\SYSTEM32\GEARSEC.EXE [2002-09-25 49152]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-09 182768]
S3 PictureTaker;PictureTaker; c:\fixit\pt\PCTKRNT.SYS []
S3 usprserv;User Privilege Service; C:\WINNT\System32\svchost.exe [2004-08-04 14336]
S3 x10nets;X10 Device Network Service; C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe []
-----------------EOF-----------------
fdpatches
2009-08-04, 01:29
info.txt logfile of random's system information tool 1.06 2009-08-03 18:26:52
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\SBLive\AudioHQ.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Midi.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Restore.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\SBLive\SBLiveXP.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\SBLive\SoundFont.isu"
-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Wstudio.isu"
-->C:\WINNT\IsUninst.exe -fC:\WINNT\orun32.isu
-->C:\WINNT\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINNT\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINNT\UNNeroShowTime.exe /UNINSTALL
-->C:\WINNT\UNNeroVision.exe /UNINSTALL
-->C:\WINNT\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
2002 TaxSlayer OLF-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5FC73EB1-B966-43D7-84B5-888970C24CB8}
3D Groove Playback Engine-->RunDll32 C:\WINNT\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
911 Fire Rescue-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D23EC0BD-D6B6-4E2E-BA60-BDFB67C428B6}\setup.exe" -uninst
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Flash Player 10 Plugin-->C:\WINNT\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ARC-EazyStream Client-->MsiExec.exe /I{7B3F18E1-7DAA-4953-B7A0-BFA8A06FD25B}
Army Men RTS-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4DB775C7-E32D-11D5-B2A8-00C04F538F89} /x
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Decoder-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EDE28287-D32C-415E-9C97-2BF9F9260150} /l1033
ATI Display Driver-->rundll32 C:\WINNT\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Multimedia Center 9.01-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{8988F5D0-C83F-41F4-B41B-86031F9B37F5} /l1033
ATI Remote Wonder 2.3-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3347F781-9C89-4C9B-B471-B1FFC3BC4A84} /l1033
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Bob the Builder - Bob's Castle Adventure-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E993AC6-2086-4CAA-9486-702D28B296C0}\setup.exe" -l0x9
Bob the Builder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{36373CE1-6999-11D5-96DC-98302790D441}\setup.exe"
BOINC-->MsiExec.exe /I{975CA8AD-809D-46A1-B505-10B42B75F8C1}
Call of Duty - United Offensive-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A662E280-64A8-4CF5-8407-13D0808602B3}
Call of Duty(R) 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l1033
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch-->C:\Program Files\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty-->C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
Chuzzle Deluxe 1.01-->C:\Program Files\PopCap Games\Chuzzle Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Chuzzle Deluxe\Install.log"
Command & Conquer Generals-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command & Conquer Renegade-->C:\Westwood\Renegade\Uninstll.exe
Command and ConquerTM Generals Zero Hour-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Creative PlayCenter-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\PlayCenter\Player.isu"
Creative Recorder-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Creative\Recorder\Recorder.isu"
Cypress USB Mass Storage Driver Installation-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
DAO-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}
Day of Defeat-->C:\WINNT\IsUninst.exe -fC:\SIERRA\Half-Life\Uninst.isu
Diner Dash®: Flo on the Go-->C:\PROGRA~1\SHOCKW~1.COM\DINERD~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\DINERD~1\INSTALL.LOG
Dora Lost City-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{747C231B-062D-4586-8221-8E7870987D5B}\setup.exe" -l0x9 -uninst
DVD Copy Plus-->MsiExec.exe /I{2E661193-B28F-4D59-A534-9E0D294B39F8}
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVDFab Decrypter 2.9.7.3-->"C:\Program Files\DVDFab Decrypter\unins000.exe"
DVDXCopy (remove only)-->C:\Program Files\321Studios\DVDXCopy\Uninst.exe
EACOM Game Installer-->C:\Program Files\EAcom\GILS\uninstall.exe C:\PROGRA~1\EAcom\GILS\INSTALL.LOG
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Easy CD-DA Extractor 8.0.2-->"C:\WINNT\Easy CD-DA Extractor\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 8\irunin.xml"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
eXplorist Wizard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92A40DC2-0ECD-4602-A79E-1DC53545C6EE}\setup.exe" -l0x9
FDNY Firefighter: American Hero-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6A68F551-E5FB-4130-BAB8-294A5250887A}\Setup.exe" -l0x9
Fisher Price ABC 32-->C:\WINNT\uninst.exe -f"C:\Program Files\Davidson\FPABC32\DeIsL1.isu"
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
GTW V.92 Voice Modem-->C:\WINNT\GWMDMU.exe verbose
Guild Wars-->"C:\Program Files\Guild Wars\Gw.exe" -uninstall
Handmark Monopoly-->C:\WINNT\unvise32.exe C:\Program Files\Handmark\Monopoly\uninstal.log
Harry Potter II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7BF68B83-5057-4D4B-0093-28285EEB9EE3}\setup.exe" -l0x9 Uninstall
HelpSpot-->MsiExec.exe /I{8DE73C0C-34EA-4888-86DB-EEDB9B69DB94}
Hidden Expedition - Titanic (remove only)-->"C:\Program Files\Yahoo! Games\Hidden Expedition - Titanic\Uninstall.exe"
Hidden Expedition Titanic (remove only)-->C:\Program Files\Hidden Expedition Titanic\Uninstall.exe
Hidden Mysteries: Civil War-->"C:\Program Files\Hidden Mysteries - Civil War\Uninstall.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Owner\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINNT\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hubble Images Screen Saver-->sstunst2.exe Hubble Images
HyperLoad-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Nabisco\HyperLoad\Uninst.isu"
Imaginext(TM) Battle Castle-->C:\Program Files\Common Files\Imaginext(TM)\Uninstall\CastleUn.exe
Intel(R) PRO Ethernet Adapter and Software-->Prounstl.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes-->MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Kazaa Media Desktop 2.1.1-->RunDll32 C:\WINNT\System32\cd_clint.dll,ServiceRunDll u_291 "{FA89A7AC-EABF-4D73-B19F-0C3D858D24EF}"
Kids Next Door-->C:\PROGRA~1\CARTOO~1\BEST\UNWISE.EXE C:\PROGRA~1\CARTOO~1\BEST\INSTALL.LOG
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Logitech iTouch Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL
Macromedia Shockwave Player-->C:\WINNT\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~2\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MCP-1A-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9362611-F875-49CB-8C51-1F5C8A3D14BA}\setup.exe"
Medal of Honor Allied Assault-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x9
Media Library Management Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\mplibwiz.inf,DefaultUninstall
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINNT\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Data Access Components KB870669-->C:\WINNT\muninst.exe C:\WINNT\INF\KB870669.inf
Microsoft Links 2001-->"C:\Program Files\Microsoft Games\Links 2001\UNINSTAL.EXE" /runtemp /addremove
Microsoft Links 2003-->"C:\Program Files\Microsoft Games\Links 2003\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Small Business-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Photo Premium 9-->C:\WINNT\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft Rise Of Nations Trial-->"C:\Program Files\Microsoft Games\Rise of Nations Trial\UNINSTAL.EXE" /runtemp /addremove
Microsoft Smart Card Base Components-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\scBase.inf, DefaultUninstall.NT
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft XML Parser and SDK-->MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
mIRC-->"C:\Program Files\mIRC\mirc.exe" -uninstall
MobileDB for Palm OS-->C:\WINNT\unvise32.exe C:\Program Files\Handmark\MobileDB for Palm OS\uninstal.log
Monopoly Tycoon-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B975F4A1-63B6-11D4-BFEC-005004AF2D32}\Setup.exe"
Movie Maker Background Music Files-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\mmmusic.inf,DefaultUninstall
Movie Maker Sound Effects-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\mmsounds.inf,DefaultUninstall
Movie Maker Title Images-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\mmtitle.inf,DefaultUninstall
Mozilla Firefox (3.5.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Gaming Zone-->C:\PROGRA~1\MSNGAM~1\zsetup.exe /Uninstall
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINNT\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MyMouse 4.3-->"C:\Program Files\MyMouse\unins000.exe"
Nancy Drew: Ghost Dogs of Moon Lake-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Nancy Drew\Ghost Dogs of Moon Lake\setup.exe" -l0x9
Nancy Drew: Secret of the Scarlet Hand-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Nancy Drew\Secret of the Scarlet Hand\setup.exe" -l0x9
Nancy Drew: Stay Tuned For Danger-->C:\WINNT\IsUninst.exe -f"C:\Nancy Drew\Stay Tuned For Danger\Uninst.isu"
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster Label Creator-->MsiExec.exe /X{16FD907B-FA72-4F3C-B959-E076C8238F80}
Napster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9
Nero 7 Premium-->MsiExec.exe /I{70AB1576-7883-2313-C650-7A71270B1033}
neXBC 5.0-->C:\PROGRA~1\neXBC\UNWISE.EXE C:\PROGRA~1\neXBC\INSTALL.LOG
Operation-->C:\WINNT\uninst.exe -f"C:\Program Files\Hasbro Interactive\Operation\DeIsL1.isu"
Paint Shop Pro 7 Try And Buy-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Palm Desktop and Synchronization Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0F44C2-A883-11D1-AD0A-006097D15E2C}\setup.exe" Uninstall
Palm Desktop-->MsiExec.exe /X{72765AF7-BEA5-4C62-9EC9-A9E386305D04}
PC-Doctor for Windows-->C:\WINNT\UNWISE32.EXE C:\PROGRA~1\PC-DOC~1\INSTALL.LOG
Personal License Update Wizard for Windows Media Player-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\drmtool.inf,DefaultUninstall
PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
PhotoParade Player-->"C:\Program Files\PhotoParade\Uninstall PhotoParade Player.exe" "PhotoParade.exe"
Plus! MP3 Audio Converter LE-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\audcle.inf,DefaultUninstall
Pokémon Edu Series-->C:\Program Files\The Learning Company\Pokémon\Sanctuary\Uninstall.exe Pokémon Edu Series
ProScan Client 1.8-->"C:\Program Files\ProScan Client\unins000.exe"
ProScan Client-->MsiExec.exe /I{9988754C-6374-445F-8E52-9DA3148433EC}
PS/2 Millennium Keyboard-->SKUninst.exe SK_PS2MillenniumKeyboard
PSP Video 9 1.51-->C:\Program Files\pspvideo9\uninst.exe
Pure Networks Port Magic-->C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Uninstall -ShowUI
QuickTime-->MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rise of Nations-->"C:\Program Files\Microsoft Games\Rise of Nations\Uninstal.exe" /runtemp /uninstall
Roll-->C:\WINNT\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
RollerCoaster Tycoon 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\Setup.exe" -l0x9
Scooby-Doo(TM), Phantom of the Knight(TM)-->C:\Program Files\The Learning Company\Scooby-Doo(TM), Phantom of the Knight(TM)\uninstall.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINNT\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINNT\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINNT\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINNT\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINNT\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINNT\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINNT\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINNT\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"C:\WINNT\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINNT\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINNT\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINNT\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINNT\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINNT\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINNT\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINNT\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINNT\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINNT\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINNT\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINNT\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINNT\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINNT\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINNT\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINNT\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINNT\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINNT\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINNT\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINNT\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINNT\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINNT\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINNT\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINNT\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINNT\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINNT\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINNT\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINNT\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINNT\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINNT\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINNT\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINNT\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINNT\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINNT\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINNT\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINNT\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINNT\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINNT\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINNT\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINNT\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINNT\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINNT\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINNT\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINNT\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINNT\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINNT\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINNT\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINNT\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINNT\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINNT\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINNT\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINNT\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINNT\$NtUninstallKB960714$\spuninst\spuninst.exe"
ServerWatch AntiCheat-->"C:\WINNT\lsb_un20.exe" /C=UC /N=ServerWatch AntiCheat
Shockwave-->C:\WINNT\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~1\Install.log
Shutterfly SmartUpload -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC0EDFA8-7700-11D5-9B6C-00601D22E8EA}\Setup.exe"
Sierra Utilities-->C:\Program Files\Sierra On-Line\sutil32.exe uninstall
smart Card Reader-->MsiExec.exe /X{A6E4D63F-861B-438F-B56B-9B2BE2E0F1C5}
Solitare Pack I-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1061F223-2CCE-42B0-A1BB-4356596712CC}\Setup.exe"
Sound Blaster Live! Value-->C:\Program Files\Creative\SBLive\PROGRAM\CTUNINST.EXE
SpongeBob SquarePants Diner Dash (remove only)-->C:\Program Files\SpongeBob SquarePants Diner Dash\Uninstall.exe
SpongeBob SquarePants Diner Dash 2-->C:\PROGRA~1\NICKAR~1\SPONGE~1\UNWISE.EXE C:\PROGRA~1\NICKAR~1\SPONGE~1\INSTALL.LOG
SpongeBob SquarePants Obstacle Odyssey 2-->C:\PROGRA~1\NICKAR~1\SPONGE~2\UNWISE.EXE C:\PROGRA~1\NICKAR~1\SPONGE~2\INSTALL.LOG
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Support.com Web Controls-->"C:\Program Files\Support.com\unins000.exe"
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TeamSpeak 2 Server RC2-->"C:\Program Files\Teamspeak2_RC2\unins001.exe"
The Print Shop Ensemble III-->C:\WINNT\uninst.exe -f"C:\Program Files\The Print Shop Ensemble III\DeIsL1.isu"
Thomas & Friends - The Great Festival Adventure-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\The Great Festival Adventure\Uninst.isu"
Thomas New Line-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12230A4C-6902-4001-B606-48C6FC98B42A}\setup.exe" -l0x9 -uninst
TinyCars 1.1-->"C:\Program Files\Realore\TinyCars\unins000.exe"
To The Eds-treme-->C:\PROGRA~1\CARTOO~1\TOTHEE~1\UNWISE.EXE C:\PROGRA~1\CARTOO~1\TOTHEE~1\INSTALL.LOG
TONKA Firefighter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{49F51417-DF8C-4272-94E3-A0D4B64060EA}\setup.exe" -l0x9
TONKA Search & Rescue 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E254C0-94AA-4B33-AF6D-5276A169A680}\setup.exe" -l0x9
Tonka Search and Rescue-->C:\HASBRO\TONKA_SR\SR_DEL95.EXE
TrunkStar780-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A2B7140-229C-4DEF-A237-EE63D5C205BD}\Setup.exe" -l0x9 -XYZ
Update for Windows XP (KB894391)-->"C:\WINNT\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINNT\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINNT\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINNT\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINNT\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINNT\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINNT\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINNT\$NtUninstallKB955839$\spuninst\spuninst.exe"
USB Storage Adapter FX (SM1)-->SM1UN.EXE SM1FX_AT
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Verizon FiOS Activation-->"C:\WINNT\FIOS\unins000.exe"
Verizon FiOS Connection Wizard-->MsiExec.exe /I{312255E7-E2C2-4F3E-BBCB-02C5B8696CCB}
Verizon Help and Support Tool-->C:\Program Files\Verizon\Uninstall.exe
Westwood Shared Internet Components-->C:\Westwood\Internet\UnstllAP.exe
WildWest Version 1.12-->MsiExec.exe /I{5E607A24-6C11-4DA9-938E-6392D8248929}
WinAce Archiver 2.0-->C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
WinAce Archiver-->C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINNT\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Bonus Pack for Windows XP-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\wmbonus.inf,DefaultUninstall
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player Playlist Import to Excel Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\mpxlswiz.inf,DefaultUninstall
Windows Media Player Skin Importer-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\wa2wmp.inf,DefaultUninstall
Windows Media Player Tray Control-->RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\mpxptray.inf,DefaultUninstall
Windows XP Hotfix - KB873333-->C:\WINNT\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINNT\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINNT\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINNT\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINNT\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINNT\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINNT\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINNT\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINNT\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINNT\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINNT\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINNT\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINNT\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINNT\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINNT\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066-->"C:\WINNT\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINNT\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
XLink Kai Evolution 7-->MsiExec.exe /X{7A1C83C7-2F60-4C0A-BA82-867DD20BE32C}
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
=====HijackThis Backups=====
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) [2009-08-01]
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file) [2009-08-01]
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) [2009-08-01]
======Security center information======
AV: AVG Anti-Virus Free
FW: ZoneAlarm Firewall
======System event log======
Computer Name: FAMILY
Event Code: 7000
Message: The TrueVector Internet Monitor service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Record Number: 75211
Source Name: Service Control Manager
Time Written: 20090628081611.000000-240
Event Type: error
User:
Computer Name: FAMILY
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.
Record Number: 75210
Source Name: Service Control Manager
Time Written: 20090628081611.000000-240
Event Type: error
User:
Computer Name: FAMILY
Event Code: 7000
Message: The TrueVector Internet Monitor service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Record Number: 75209
Source Name: Service Control Manager
Time Written: 20090628081539.000000-240
Event Type: error
User:
Computer Name: FAMILY
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.
Record Number: 75208
Source Name: Service Control Manager
Time Written: 20090628081539.000000-240
Event Type: error
User:
Computer Name: FAMILY
Event Code: 7000
Message: The TrueVector Internet Monitor service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Record Number: 75207
Source Name: Service Control Manager
Time Written: 20090628081507.000000-240
Event Type: error
User:
=====Application event log=====
Computer Name: FAMILY
Event Code: 4354
Message: The COM+ Event System failed to fire the ConnectionLost method on subscription {A8EDB33C-55FF-4D5D-965A-27769CC279AD}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80010105.
Record Number: 22165
Source Name: EventSystem
Time Written: 20070511033048.000000-240
Event Type: warning
User:
Computer Name: FAMILY
Event Code: 4354
Message: The COM+ Event System failed to fire the ConnectionLost method on subscription {A8EDB33C-55FF-4D5D-965A-27769CC279AD}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80010105.
Record Number: 22164
Source Name: EventSystem
Time Written: 20070511032001.000000-240
Event Type: warning
User:
Computer Name: FAMILY
Event Code: 4354
Message: The COM+ Event System failed to fire the ConnectionLost method on subscription {A8EDB33C-55FF-4D5D-965A-27769CC279AD}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80010105.
Record Number: 22163
Source Name: EventSystem
Time Written: 20070511031047.000000-240
Event Type: warning
User:
Computer Name: FAMILY
Event Code: 4354
Message: The COM+ Event System failed to fire the ConnectionLost method on subscription {A8EDB33C-55FF-4D5D-965A-27769CC279AD}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80010105.
Record Number: 22162
Source Name: EventSystem
Time Written: 20070511030047.000000-240
Event Type: warning
User:
Computer Name: FAMILY
Event Code: 4354
Message: The COM+ Event System failed to fire the ConnectionLost method on subscription {A8EDB33C-55FF-4D5D-965A-27769CC279AD}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80010105.
Record Number: 22161
Source Name: EventSystem
Time Written: 20070511025047.000000-240
Event Type: warning
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0204
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
"tvdumpflags"=8
-----------------EOF-----------------
Bio-Hazard
2009-08-05, 15:30
Hello!
Have you had any redirection still?
Re-run OTM
Double-click OTM.exe to run it.
Paste the following code under the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/pasteline.png area. Do not include the word Code.
:Files
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Program Files\WinMX
C:\Program Files\Common Files\Symantec Shared
:Commands
[emptytemp]
[Reboot]
Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Push the large http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/btnmoveit.png button.
OTM may ask to reboot the machine. Please do so if asked.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Update Adobe Reader
Your version of Adobe Reader is out-of-date. There are known security issues with older versions of Adobe Reader. It is strongly suggested that you update to the current version. Please uninstall older version of Adobe Reader before installing the latest version.
If you are using a FULL featured, purchased version of Adobe Acrobat Reader.
These instructions will remove the current version of Adobe Reader and replace it with the limited feature FREE version. If you want to replace the paid for version with the free version, then continue, otherwise DO NOT perform these steps!
Click Start
Control Panel
Double clicking on Add/Remove Programs
Locate older version of Adobe Reader and click on Change/Remove to uninstall it
Click HERE (http://www.adobe.com/products/acrobat/readstep2.html) to download the latest version of Adobe Reader.
Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you. If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
Close your Internet browser and open it again.
If you don't like Adobe Reader, you can download Foxit PDF Reader from HERE (http://www.filehippo.com/download_foxit/download/423817ca4028434efe3f6174b07468b0/FoxitReader30_enu_Setup.exe). It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
Logs/Information to Post in Next Reply
Please post the following logs/Information in your reply:
Answer to my question
OTM Log
A fresh HijackThis Log ( after all the above has been done)
A description of how your computer is behaving
fdpatches
2009-08-05, 16:14
Hello,
I have done several more searches with no redirects, I am update adobe and here is the OTM log
All processes killed
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_03 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_02 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_01 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources\ResourceFolder_00 moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint\Resources moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint moved successfully.
C:\Program Files\WinMX moved successfully.
C:\Program Files\Common Files\Symantec Shared\Script Blocking moved successfully.
C:\Program Files\Common Files\Symantec Shared moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32835 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Owner
->Temp folder emptied: 5552 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 13425503 bytes
->FireFox cache emptied: 64170666 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINNT\temp\ZLT037e0.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINNT\temp\ZLT03825.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied: 604 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 74.07 mb
OTM by OldTimer - Version 3.0.0.5 log created on 08052009_083735
Files moved on Reboot...
File C:\WINNT\temp\ZLT037e0.TMP not found!
File C:\WINNT\temp\ZLT03825.TMP not found!
Registry entries deleted on Reboot...
HIJack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:15 AM, on 8/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\SYSTEM32\GEARSEC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINNT\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\WINNT\SM1BG.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
C:\WINNT\System32\svchost.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runevillage.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180989014\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229602947828
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4029.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.konicaminoltaonline.com/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINNT\system32\avgrsstx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINNT\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\SYSTEM32\GEARSEC.EXE
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
--
End of file - 12355 bytes
The computer seems to be running fine, I haven't really been using it that much until I get the all set from you, I need to do some windows updates and I want to do those before I start really using the computer again.
:thanks:
Tom
Bio-Hazard
2009-08-05, 18:03
Hello Tom!
You can do the updates now and use the computer.
Your log now appears to be clean. Congratulations!
You can get rid of the tools we used:
DDS - (You can just delete the exe file from your desktop)
RootRepeal - (You can just delete the exe file from your desktop)
ATF cleaner - (You can just delete the exe file from your desktop)
Gooredfix - (You can just delete the exe file from your desktop)
Javara - (You can just delete the exe file from your desktop)
Delete ComboFix and Clean Up
Click Start > Run > type combofix /u > OK (Note the space between combofix and /u)
http://i147.photobucket.com/albums/r301/DFW_photos/CF_Cleanup.png
Please advise if this step is missed for any reason as it performs some important actions.
OTC
Download OTC (http://oldtimer.geekstogo.com/OTC.exe) by Old Timer and save it to your Desktop.
Double-click OTC.exe
Click the CleanUp! button
Select Yes when the Begin cleanup Process? Prompt appears
If you are prompted to Reboot during the cleanup, select Yes
The tool will delete itself once it finishes, if not delete it by yourself
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.
Make sure that you keep your antivirus updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
NOTE:You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site (http://update.microsoft.com/microsoftupdate) on a regular basis.
NOTE: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
Update Non-Microsoft Programs
Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector (http://secunia.com/software_inspector) or F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html). I suggest that you run one of them at least once a month.
Make Internet Explorer More Secure
You are using Internet Explorer v.6.
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Recommended Programs
I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.
WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE (http://www.winpatrol.com/).
SpywareBlaster
SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE (http://www.webopedia.com/TERM/A/ActiveX_control.html). You can download SpywareBlaster from HERE (http://www.javacoolsoftware.com/sbdownload.html).
Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.You can download Malwarebytes' Anti-Malware from HERE (http://www.malwarebytes.org/mbam.php). Here are two tutorials: Malwarebytes' Anti-Malware Setup Guide (http://www.lognrock.com/forum/index.php?showtopic=6926) and Malwarebytes' Anti-Malware Scanning Guide (http://www.lognrock.com/forum/index.php?showtopic=6913).
Hosts File
For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE (http://forum.malwareremoval.com/viewtopic.php?t=22187) and for more information regarding host files read HERE (http://www.mvps.org/winhelp2002/hosts.htm).
Use an alternative Internet Browser
Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead: Firefox (http://www.mozilla.com/en-US/firefox/) or Opera (http://www.opera.com/download/) or Google Chrome (http://www.google.com/chrome)
Here is a great article by miekiemoes How to prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
Finally I am trying to make one point very clear. It is ABSOLUTELY ESSENTIAL to keep all of your security programs up to date.
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints (http://www.malwarecomplaints.info/index.php). You need to be registered to post as, unfortunately, we were hit with too many spam posts to allow guest posting to continue. Just find your country room and register your complaint.
I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
Happy surfing and stay clean!
Bio-Hazard
fdpatches
2009-08-05, 18:30
Thanks so much for all the help. I have a few question, my windows update is set to notify me when there are updates and don't download or install them. I haven't seen the yellow icon pop up in a while. What should I do? Also, can the ATF Cleaner be used on a regular basis? Again thank you so much for all your help.
Tom
Bio-Hazard
2009-08-05, 18:45
Thanks so much for all the help. I have a few question, my windows update is set to notify me when there are updates and don't download or install them. I haven't seen the yellow icon pop up in a while. What should I do? Also, can the ATF Cleaner be used on a regular basis? Again thank you so much for all your help.
Hello Tom!
Yes you can use ATF cleaner on regular bases.
You can go HERE (http://windowsupdate.microsoft.com) to do your Windows updates.
Here iare instructions to make sure the Windows updates are turned on.
To turn on Windows Automatic updates
From your log i can see that your Windows automatic updates are turned of. Unpatched Windows operating system is a vulnerable to infections.
Click Start and then click Control Panel.
Double-click Automatic updates.
Choose how you want your updates to be downloaded.
Click Apply
Click OK
If you have any problems let me know.
fdpatches
2009-08-05, 18:56
Windows update is set to notify me when there are updates but not to install or download them. The yellow box hasn't popped up to tell me there are updates. I turned it off and the red icon popped up, then I turned it back on, still no yellow icon to notify me. I do not use IE, but i was planning on updating it to the newest version, do I still need to do all those instuctions you posted for version 6?
Thanks,
Tom
Bio-Hazard
2009-08-05, 19:11
Hello!
If you are going to update IE6 to IE8 then there is no need to do those instructions.
Did you managed to get windows updates?
fdpatches
2009-08-05, 19:18
I cant get the automatic updates to work. I went to the link and it says checking for the latest updates on your computer, but I think its stuck.
fdpatches
2009-08-05, 19:19
Just got this message..
Files required to use Windows Update are no longer registered or installed on your computer. To continue:
Register or reinstall the files for me now (Recommended)
Let me read about more steps that might be required to solve the problem
Bio-Hazard
2009-08-05, 19:30
Hello!
Ok, so there is something wrong. Lets try reset the updates settings.
Dial-A-Fix
We need to repair some of windows' internal registration settings
Please download Dial-A-Fix from one of the following mirrors:
Primary Mirror (http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip)
Secondary Mirror (http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip)
Extract the zip file to your desktop.
Double click Dial-a-Fix.exe to start the program.
Press the green double checkmark box (Looks like this: http://billy-oneal.com/BleepingComputer/ScreenShots/DialAFix/checkmark.png)
UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this:
http://billy-oneal.com/BleepingComputer/ScreenShots/DialAFix/toUncheck.png
When the window looks like this, press the GO button in the bottom of the window.
http://billy-oneal.com/BleepingComputer/ScreenShots/DialAFix/mainWindow.png
Exit/Close Dial-A-Fix
fdpatches
2009-08-05, 19:44
Hello,
I got an error
C;\winnt\system32\shdocvw.dll
Then it gave an error code
-2147319780
error accessing the OLE Registry
It said they have no info for the error.
The part for the windows installer seemed to go ok.
the error came from registration center part.
Thanks,
Tom
fdpatches
2009-08-05, 19:48
Just went to the windows update website still the same message.
Files required to use Windows Update are no longer registered or installed on your computer. To continue:
Register or reinstall the files for me now (Recommended)
Let me read about more steps that might be required to solve the problem
should I let it register or reinstall the files?
Thanks,
Tom
Bio-Hazard
2009-08-05, 19:55
Hello!
I did bit more research about this error message.So try this method first:
Some have reported that simply re-registering the MSXML3.DLL seems to fix
the problem.
1. Click Start.
2. Choose Run.
3. In the Run box, type: regsvr32 MSXML3.DLL
Press okay
If that hasn't helped you may need to re-registered some more files:
1. Click Start.
2. Choose Run.
3. In the Run box, type (pressing okay after each one) :-
net stop wuauserv
Repeat for the following:
regsvr32 wuapi.dll
regsvr32 wups.dll
regsvr32 wuaueng.dll
regsvr32 wuaueng1.dll
regsvr32 wucltui.dll
regsvr32 wuweb.dll
regsvr32 MSXML3.dll
regsvr32 qmgr.dll
regsvr32 qmgrprxy.dll
regsvr32 jscript.dll
net start wuauserv
If that didnt work, try this method:
Use the Stand alone installer to install the Update Agent.
http://go.microsoft.com/fwlink/?LinkId=43264
If when you run this you get an message telling you its already installed then do the following.
Start > Run and type WindowsUpdateAgent20-x86.exe /wuforce
fdpatches
2009-08-05, 20:00
Hi
it said it was succesful for MSXML3.DLL
Should it do something?
Thanks,
Tom
fdpatches
2009-08-05, 20:15
Hello,
I tried all of the other dll's still nothing, so I downloaded the stand alone installer and ran it, it said it was already installed. when I tried the command in the run box it said it cannot find the file I saved it to the desktop The file on the desktop is WindowsUpdateAgent30-x86.exe I changed it from 20 to 30 and it still couldn't find the file.
Bio-Hazard
2009-08-05, 20:34
Hello!
So you cant get any windows updates at the moment?
I need to do bit more research about this.
Here is a workaround.
http://support.microsoft.com/kb/901037
fdpatches
2009-08-05, 20:40
Hello Again LOL
I was able to get the stand alone installer to run when It was done I got an error
0x8007041d
Thanks,
Tom
fdpatches
2009-08-05, 20:41
I can't get any windows updates, either automatically or thru the website.
Again thanks for the help.
Tom
Bio-Hazard
2009-08-05, 20:59
Hello!
One option is to upgrade you service pack from SP2 to SP3.
When you get this message:
Files required to use Windows Update are no longer registered or installed on your computer. To continue:
Register or reinstall the files for me now (Recommended)
Let me read about more steps that might be required to solve the problem
Can you or have you tried choosing the first option?
fdpatches
2009-08-05, 21:01
I have tried the first option and it seems like it is installing then I get...
The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.
Thanks,
Tom
Bio-Hazard
2009-08-06, 00:07
Hello Tom!
I think it is best if you seek help from one of these sites. My expertise is Malware removal so they are more able to help you with this problem.
Not a Malware Issues
At this stage your machine looks to be clean of malware, so the problems you are experiencing are not likely to be malware related. I think the best and fastest solution for you is to post on a PC troubleshooting forum.
WhatTheTech (http://forums.whatthetech.com/forums.html)
Software (http://forums.whatthetech.com/Software_f118.html)- problems with operating systems, windows problems and Browsers, Internet & email
Hardware Forum (http://forums.whatthetech.com/Hardware_f125.html) - problems with PC hardware
Tech support guy (http://forums.techguy.org/)
Windows (http://forums.techguy.org/49-operating-systems/)- problems with operating systems and windows problems
Software and Hardware subforum (http://forums.techguy.org/48-software-hardware/)- problems with all other software
They specialize in handling problems like this so you are certain to get expert assistance and a speedy resolution is very likely. So as I said above, your logs are showing clean so now you get my all clean speech I hope you can resolve your other problem with the links that I provided.
fdpatches
2009-08-06, 00:56
Hello,
OK Thanks for all your help!
Tom
Bio-Hazard
2009-08-07, 15:29
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.