Randomly wont connect/pages wont load

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

gholt71

Thread Starter
Joined
Aug 19, 2007
Messages
248
Our family computer is randomly having trouble connecting to the internet when loading some web pages or web pages wont load. I occasionally have the same problem with my laptop but never at the same time. Which leads me to believe it is not likely my router. Would that be correct? My wife plays alot of games from Yahoo Games. Could that be a source of some of the problems?

I have some of the tools I believe will be needed to clean the system loaded to my desktop ready to go. I need some direction to be sure I don't go out of order and cause a bigger problem.

Thank you

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:32 AM, on 9/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=20011&l=dis
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZLxdm014YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8574 bytes
 

Attachments

muppy03

Chris
Joined
Jun 19, 2006
Messages
1,893
Hello and welcome to TSG

IMPORTANT

Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
To make cleaning this machine easier:-
  • Continue to respond to this thread until I give you the All Clean!
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
  • Please follow all instructions in the order posted.
  • If you have any questions or do not understand instructions, please ask before continuing.
  • Please reply to this thread. Do not start a new topic.

Multiple Anti-virus Programs
You are operating your computer with multiple Anti-virus programs running in memory at once:
avast!
AVG8

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please remove one of them NOW.


Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply.

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:

    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply

    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.

NEXT If MBAM will not run please rename it as explained below

1. Right click Start - Click Explore
2. Navigate to: c:\program files\malwarebytes' Anti-Malware Right click on mbam.exe - click Rename
3. Type into the name box: muppy.exe

NEXT Download and Run: RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please reply with:-
  • Uninstall list
  • MBAM log
  • RSIT logs ( info.txt and log.txt)
 

gholt71

Thread Starter
Joined
Aug 19, 2007
Messages
248
FYI... I did not remember stop Avast when I ran Malwarebytes' Anti-Malware and when I returned to the computer in the morning Avast had found an item which had delayed the scan. I took no action on the Avast alert, turned off Avast and Malwarebytes continued scan.
 

gholt71

Thread Starter
Joined
Aug 19, 2007
Messages
248
Sky Kingdoms (remove only)
2Wire Wireless Client
33 Corners
Action Ball 2 (remove only)
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
Adobe Shockwave Player
Adventures of Robinson Crusoe (remove only)
Agere Systems PCI-SV92PP Soft Modem
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
avast! Antivirus
Beetle Bomp (remove only)
Bonjour
Critical Update for Windows Media Player 11 (KB959772)
Customer Experience Enhancement
DISCover
Dragonstone (remove only)
Dynomite Deluxe 2.70y
EPSON Printer Software
EPSON Scan
EPSON Stylus CX7400 Series Scanner Driver Update
Farm Frenzy 2 (remove only)
Frankenstein: The Dismembered Bride (remove only)
Garden Defense&#8482; (remove only)
GdiplusUpgrade
Gemsweeper (remove only)
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Game Console and games
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Multimedia Keyboard Software
HP Product Detection
HP PSC & OfficeJet 3.0
HP Software Update
HP Update
ieSpell
Intel(R) PRO Network Connections Drivers
InterVideo WinDVD Player
iTunes
iWin Games (remove only)
Java(TM) 6 Update 15
Loco Christmas Edition (remove only)
Malwarebytes' Anti-Malware
Masters Of Mystery Crime Of Fashion (remove only)
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mortimer Beckett and the Time Paradox (remove only)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
MySpaceIM
NVIDIA Drivers
OpenAL
Panda ActiveScan
PC Connectivity Solution
PC-Doctor 5 for Windows
Pdf995
Pharaos Mystery (remove only)
Plan It Green (remove only)
Puzzle City (remove only)
Quicken 2006
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Remove IntelliMover Demo
Ricochet Recharged (remove only)
SBC Yahoo! Applications
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SpywareBlaster 4.2
SureThing CD Labeler 4 SE
Treasures of Mystery Island (remove only)
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax Deluxe 2007
TurboTax ItsDeductible 2006
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Updates from HP (remove only)
Webshots Toolbar
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Yahoo! Ten Pin Championship Bowling
Zuma's Revenge (remove only)
 

gholt71

Thread Starter
Joined
Aug 19, 2007
Messages
248
Malwarebytes' Anti-Malware 1.41
Database version: 2820
Windows 5.1.2600 Service Pack 3

9/26/2009 9:23:14 AM
mbam-log-2009-09-26 (09-23-14).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 388254
Time elapsed: 7 hour(s), 45 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 28
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{53e0b6e8-a51d-448b-b692-40b67b285543} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f02fabcb-92dd-475a-98af-14217bd50746} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178f3fb-2560-458f-bdee-631e2fe0dfe4} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b5141620-c2b2-4d95-9f0f-134d99c87ab0} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{938a8a03-a938-4019-b764-03ff8d167d79} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{941508f8-ccd9-44e0-ac29-4f1e141373f7} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bbb05d9e-0297-404d-a6bf-d8f2876b84a6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c6039e6c-bde9-4de5-bb40-768caa584fdc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cf46bfb3-2acc-441b-b82b-36b9562c7ff1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\gvtl (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CAC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QdrDrive (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 

gholt71

Thread Starter
Joined
Aug 19, 2007
Messages
248
info.txt logfile of random's system information tool 1.06 2009-09-26 09:25:35

======Uninstall list======

Sky Kingdoms (remove only)-->"C:\Program Files\iWin.com\ Sky Kingdoms\Uninstall.exe"
-->C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2Wire Wireless Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\Setup.exe" -l0x9 -L0x9
33 Corners-->"C:\Program Files\MSN Games\33 Corners\Uninstall.exe" "C:\Program Files\MSN Games\33 Corners\install.log"
Action Ball 2 (remove only)-->"C:\Program Files\iWin.com\Action Ball 2\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adventures of Robinson Crusoe (remove only)-->"C:\Program Files\iWin.com\Adventures of Robinson Crusoe\Uninstall.exe"
Agere Systems PCI-SV92PP Soft Modem-->agrsmdel
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AnswerWorks 5.0 English Runtime-->MsiExec.exe /I{9E5A03E3-6246-4920-9630-0527D5DA9B07}
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Beetle Bomp (remove only)-->"C:\Program Files\iWin.com\Beetle Bomp\Uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
DISCover-->"C:\Program Files\DISC\uninstall.exe"
Dragonstone (remove only)-->"C:\Program Files\iWin.com\Dragonstone\Uninstall.exe"
Dynomite Deluxe 2.70y-->C:\Program Files\PopCap Games\Dynomite Deluxe\PopUninstall.exe C:\Program Files\PopCap Games\Dynomite Deluxe\Install.log
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus CX7400 Series Scanner Driver Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}\Setup.exe" -l0x9
Farm Frenzy 2 (remove only)-->"C:\Program Files\iWin.com\Farm Frenzy 2\Uninstall.exe"
Frankenstein: The Dismembered Bride (remove only)-->"C:\Program Files\iWin.com\Frankenstein The Dismembered Bride\Uninstall.exe"
Garden Defense&#8482; (remove only)-->"C:\Program Files\iWin.com\Garden Defense&#8482;\Uninstall.exe"
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Gemsweeper (remove only)-->C:\Program Files\Yahoo! Games\Gemsweeper\uninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Boot Optimizer-->C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /uninstall
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP DigitalMedia Archive-->MsiExec.exe /I{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Game Console and games-->C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Multimedia Keyboard Software-->C:\HP\KBD\Install.exe /remove
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP PSC & OfficeJet 3.0-->"C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update-->MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
ieSpell-->"C:\Program Files\ieSpell\uninst.exe"
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
iWin Games (remove only)-->"C:\Program Files\iWin Games\Uninstall.exe"
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Loco Christmas Edition (remove only)-->"C:\Program Files\iWin.com\Loco Christmas Edition\Uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Masters Of Mystery Crime Of Fashion (remove only)-->"C:\Program Files\iWin.com\Masters Of Mystery Crime Of Fashion\Uninstall.exe"
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mortimer Beckett and the Time Paradox (remove only)-->"C:\Program Files\iWin.com\Mortimer Beckett and the Time Paradox\Uninstall.exe"
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 4.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7137AFD-4E43-47A6-BDC7-533808F72B36}\setup.exe" -l0x9
muvee autoProducer unPlugged 1.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DFB0FED6-0010-4E9B-A402-E513F2459161}\setup.exe" -l0x9
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PC Connectivity Solution-->MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Pdf995-->C:\Program Files\pdf995\setup.exe uninstall
Pharaos Mystery (remove only)-->"C:\Program Files\iWin.com\Pharaos Mystery\Uninstall.exe"
Plan It Green (remove only)-->"C:\Program Files\iWin.com\Plan It Green\Uninstall.exe"
Puzzle City (remove only)-->"C:\Program Files\iWin.com\Puzzle City\Uninstall.exe"
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r
Remove IntelliMover Demo-->c:\hp\bin\cloaker.exe c:\hp\bin\commands.exe /c "C:\Program Files\IntelliMoverDemo\clean.bat"
Ricochet Recharged (remove only)-->"C:\Program Files\iWin.com\Ricochet Recharged\Uninstall.exe"
SBC Yahoo! Applications-->C:\PROGRA~1\Yahoo!\common\uninstall.exe
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
SureThing CD Labeler 4 SE-->C:\WINDOWS\mvuninst\App1\mvuninst.exe "SureThing CD Labeler 4 SE"
Treasures of Mystery Island (remove only)-->"C:\Program Files\iWin.com\Treasures of Mystery Island\Uninstall.exe"
TurboTax 2008 WinPerFedFormset-->MsiExec.exe /I{7570F1CA-016D-46AC-B586-CD74645EFB52}
TurboTax 2008 WinPerProgramHelp-->MsiExec.exe /I{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}
TurboTax 2008 WinPerReleaseEngine-->MsiExec.exe /I{88214092-836F-4E22-A5AC-569AC9EE6A0F}
TurboTax 2008 WinPerTaxSupport-->MsiExec.exe /I{B23726CF-68BF-41A6-A4EB-72F12F87FE05}
TurboTax 2008 WinPerUserEducation-->MsiExec.exe /I{29521505-F489-4822-ADFA-32C6DEE4F114}
TurboTax 2008 wrapper-->MsiExec.exe /I{B1DB1AD8-C07E-4052-81A1-D2930232BA70}
TurboTax 2008-->C:\Program Files\TurboTax\Deluxe 2008\Installer\TurboTax 2008 Installer.exe /u /t /a
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB969497)-->"C:\WINDOWS\ie8updates\KB969497-IE8\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
Webshots Toolbar-->C:\Program Files\Webshots\ToolbarUninstall.exe
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Ten Pin Championship Bowling-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6DE14135-AC19-459A-8A1F-C2AA0AD2D9F7}\Setup.exe" -l0x9 -uninst
Zuma's Revenge (remove only)-->"C:\Program Files\iWin.com\Zuma's Revenge\Uninstall.exe"

======Security center information======

AV: avast! antivirus 4.8.1351 [VPS 090926-0] (disabled)

======System event log======

Computer Name: HPDESKTOP
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 2951
Source Name: W32Time
Time Written: 20090802020910.000000-300
Event Type: warning
User:

Computer Name: HPDESKTOP
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
ftsata2

Record Number: 2918
Source Name: Service Control Manager
Time Written: 20090801123039.000000-300
Event Type: error
User:

Computer Name: HPDESKTOP
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
ftsata2

Record Number: 2889
Source Name: Service Control Manager
Time Written: 20090801105144.000000-300
Event Type: error
User:

Computer Name: HPDESKTOP
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 2883
Source Name: W32Time
Time Written: 20090801063932.000000-300
Event Type: warning
User:

Computer Name: HPDESKTOP
Event Code: 1073
Message: The attempt to unknown HPDESKTOP failed

Record Number: 2843
Source Name: USER32
Time Written: 20090801015154.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: HPDESKTOP
Event Code: 1000
Message: Faulting application tropix.scr, version 0.0.0.0, faulting module tropix.scr, version 0.0.0.0, fault address 0x000d5263.

Record Number: 25
Source Name: Application Error
Time Written: 20090907211051.000000-300
Event Type: error
User:

Computer Name: HPDESKTOP
Event Code: 1002
Message: Hanging application iWinGames.exe, version 2.79.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 24
Source Name: Application Hang
Time Written: 20090907210456.000000-300
Event Type: error
User:

Computer Name: HPDESKTOP
Event Code: 1002
Message: Hanging application iWinGames.exe, version 2.79.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 23
Source Name: Application Hang
Time Written: 20090907210322.000000-300
Event Type: error
User:

Computer Name: HPDESKTOP
Event Code: 1000
Message: Faulting application tropix.scr, version 0.0.0.0, faulting module tropix.scr, version 0.0.0.0, fault address 0x000d5263.

Record Number: 15
Source Name: Application Error
Time Written: 20090907195324.000000-300
Event Type: error
User:

Computer Name: HPDESKTOP
Event Code: 1000
Message: Faulting application tropix.scr, version 0.0.0.0, faulting module tropix.scr, version 0.0.0.0, fault address 0x000d5263.

Record Number: 14
Source Name: Application Error
Time Written: 20090907021325.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution\;c:\Python22;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
 

gholt71

Thread Starter
Joined
Aug 19, 2007
Messages
248
Logfile of random's system information tool 1.06 (written by random/random)
Run by Julie at 2009-09-26 09:28:20
Microsoft Windows XP Professional Service Pack 3
System drive C: has 192 GB (69%) free of 277 GB
Total RAM: 1534 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:21 AM, on 9/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Julie\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Julie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=20011&l=dis
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7840 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
IEHlprObj Class - C:\Program Files\iWin Games\iWinGamesHookIE.dll [2009-06-04 141312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PCDrProfiler"= []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-11-04 7307264]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"PRISMSVR.EXE"=C:\WINDOWS\system32\PRISMSVR.EXE /APPLY []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"DW6"=C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe []
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Disabled:DISCover Stream Hub"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Conference\Conference.dll"="C:\Program Files\Conference\Conference.dll:*:Enabled:Audio/Video Conference by KIOSK Team"
"C:\Documents and Settings\Josh\Application Data\MySpace\IM\bin\MySpaceIM.exe"="C:\Documents and Settings\Josh\Application Data\MySpace\IM\bin\MySpaceIM.exe:*:Disabled:MySpace Instant Messenger"
"C:\Documents and Settings\Kait\Application Data\MySpace\IM\bin\MySpaceIM.exe"="C:\Documents and Settings\Kait\Application Data\MySpace\IM\bin\MySpaceIM.exe:*:Disabled:MySpace Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\Program Files\iWin Games\iWinGames.exe"="C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application."
"C:\Program Files\iWin Games\WebUpdater.exe"="C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater."

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a962185-9187-11de-8d23-0015f29ea0ff}]
shell\AutoRun\command - H:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-09-26 09:25:24 ----D---- C:\rsit
2009-09-23 22:43:08 ----D---- C:\Documents and Settings\All Users\Application Data\SlapdashGames
2009-09-18 09:37:03 ----D---- C:\Documents and Settings\Julie\Application Data\ieSpell
2009-09-18 09:27:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-18 08:45:52 ----D---- C:\Documents and Settings\Julie\Application Data\Malwarebytes
2009-09-15 21:34:57 ----D---- C:\Documents and Settings\All Users\Application Data\EscapeFromParadise2
2009-09-14 22:56:09 ----D---- C:\Documents and Settings\Julie\Application Data\Twilight Games
2009-09-12 21:18:00 ----D---- C:\Documents and Settings\Julie\Application Data\Bloom
2009-09-11 16:20:39 ----D---- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
2009-09-09 03:02:32 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-09 03:02:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-09 03:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB973768$
2009-09-05 23:50:08 ----D---- C:\Documents and Settings\All Users\Application Data\EPSON
2009-09-05 23:37:44 ----A---- C:\WINDOWS\system32\escwiad.dll
2009-09-05 23:36:55 ----A---- C:\WINDOWS\EPSCX7400.ini
2009-08-29 22:37:49 ----D---- C:\Documents and Settings\Julie\Application Data\Argonyt

======List of files/folders modified in the last 1 months======

2009-09-26 09:25:31 ----D---- C:\WINDOWS\Prefetch
2009-09-26 08:27:51 ----D---- C:\WINDOWS\TEMP
2009-09-26 00:21:54 ----D---- C:\WINDOWS
2009-09-26 00:20:46 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-26 00:20:42 ----D---- C:\WINDOWS\Registration
2009-09-26 00:20:31 ----A---- C:\WINDOWS\ModemLog_Agere Systems PCI-SV92PP Soft Modem.txt
2009-09-26 00:19:48 ----D---- C:\WINDOWS\system32
2009-09-26 00:18:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-26 00:18:31 ----SD---- C:\Documents and Settings\Julie\Application Data\Microsoft
2009-09-26 00:18:29 ----D---- C:\WINDOWS\system32\drivers
2009-09-25 20:10:58 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-09-25 19:34:29 ----D---- C:\Program Files\iWin.com
2009-09-24 09:58:43 ----D---- C:\Documents and Settings\Julie\Application Data\iWin
2009-09-22 02:20:09 ----D---- C:\Documents and Settings\Julie\Application Data\PlayFirst
2009-09-22 02:20:09 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2009-09-20 20:38:37 ----D---- C:\WINDOWS\system32\FxsTmp
2009-09-18 09:27:34 ----D---- C:\Program Files
2009-09-18 09:06:05 ----D---- C:\Program Files\Trend Micro
2009-09-17 20:20:04 ----D---- C:\WINDOWS\network diagnostic
2009-09-15 21:30:40 ----A---- C:\WINDOWS\system32\stderr.txt
2009-09-15 20:52:47 ----A---- C:\WINDOWS\system32\stdout.txt
2009-09-11 22:08:35 ----D---- C:\Documents and Settings\Julie\Application Data\Gold Casual Games
2009-09-11 16:20:32 ----D---- C:\Documents and Settings\Julie\Application Data\Alawar
2009-09-11 08:48:55 ----A---- C:\WINDOWS\win.ini
2009-09-10 21:03:22 ----D---- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2009-09-10 21:02:16 ----D---- C:\Program Files\iWin Games
2009-09-09 03:02:36 ----HD---- C:\WINDOWS\inf
2009-09-09 03:02:35 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-09-09 03:02:30 ----A---- C:\WINDOWS\imsins.BAK
2009-09-09 03:02:23 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-09 03:02:10 ----AD---- C:\WINDOWS\ehome
2009-09-09 03:01:03 ----D---- C:\WINDOWS\ie8updates
2009-09-05 23:39:32 ----D---- C:\Program Files\epson
2009-09-05 23:38:28 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-05 23:37:44 ----D---- C:\WINDOWS\twain_32
2009-08-28 16:38:20 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2004-04-13 15781]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-09-23 1094751]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-02 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-02 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-02 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-02 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-02 10112]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture; C:\WINDOWS\system32\drivers\cxfalcon.sys [2005-08-16 100480]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-10-18 4034048]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-11-04 3532544]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidIr;Microsoft Infrared HID Driver; C:\WINDOWS\system32\DRIVERS\hidir.sys [2008-04-13 19200]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2008-04-13 46592]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 SDTHOOK;SDTHOOK; C:\WINDOWS\System32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-02 58880]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 iWinTrusted;iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [2009-09-02 78104]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-11-15 73728]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-11-04 131139]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE [2007-08-09 73728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

-----------------EOF-----------------
 

muppy03

Chris
Joined
Jun 19, 2006
Messages
1,893
1. Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present


  • R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <http://www.ask.com/?o=20011&l=dis>
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: (no name) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

Once selected close all windows except HJT an click on Fix Checked

2. DELETE the version of Combofix from your Desktop and download the latest version from one of the links below. Ensure you disable Security programs as described in the instructions.

Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • If you need help to disable your protection programs see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please reply with:-
  • Combofix log
  • New HJT log
  • Update in how computer is running
 

gholt71

Thread Starter
Joined
Aug 19, 2007
Messages
248
ComboFix 09-09-25.01 - Julie 09/27/2009 3:00.5.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.971 [GMT -5:00]
Running from: c:\documents and settings\Julie\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090926-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\iWin Games\iWinGamesHookIE.dll
c:\recycler\S-1-5-21-527237240-179605362-725345543-500
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Installer\9aa94bc.msp
c:\windows\kb913800.exe
c:\windows\MailSwitch.ocx
c:\windows\system32\bqtpfvbc.ini
c:\windows\system32\cdbipcwa.ini
c:\windows\system32\euimhrjd.ini
c:\windows\system32\focmbelv.ini
c:\windows\system32\gshfkbaa.ini
c:\windows\system32\mrvkbdjp.ini
c:\windows\system32\oyfirhhf.ini
c:\windows\system32\pnpoikwh.ini
c:\windows\system32\rqbaemtj.ini
c:\windows\system32\soatxwii.ini
c:\windows\system32\tfupdndj.ini
c:\windows\system32\ttubfpev.ini
c:\windows\system32\yvfagisc.ini
c:\windows\wpd99.drv

.
((((((((((((((((((((((((( Files Created from 2009-08-27 to 2009-09-27 )))))))))))))))))))))))))))))))
.

2009-09-26 14:25 . 2009-09-26 14:25 -------- d-----w- C:\rsit
2009-09-24 03:43 . 2009-09-24 03:43 -------- d-----w- c:\documents and settings\Julie\Local Settings\Application Data\SlapdashGames
2009-09-24 03:43 . 2009-09-24 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SlapdashGames
2009-09-21 13:41 . 2009-09-21 13:41 -------- d-sh--w- c:\documents and settings\Ignite\IETldCache
2009-09-18 14:37 . 2009-09-18 14:37 -------- d-----w- c:\documents and settings\Julie\Application Data\ieSpell
2009-09-18 14:27 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-18 14:27 . 2009-09-18 14:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-18 14:27 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-18 13:45 . 2009-09-18 13:45 -------- d-----w- c:\documents and settings\Julie\Application Data\Malwarebytes
2009-09-18 02:17 . 2009-09-18 02:17 -------- d-----w- c:\documents and settings\Julie\Local Settings\Application Data\FireAndIce
2009-09-16 02:34 . 2009-09-16 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\EscapeFromParadise2
2009-09-15 03:56 . 2009-09-15 03:56 -------- d-----w- c:\documents and settings\Julie\Application Data\Twilight Games
2009-09-13 02:18 . 2009-09-13 02:19 -------- d-----w- c:\documents and settings\Julie\Application Data\Bloom
2009-09-11 21:20 . 2009-09-12 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy2
2009-09-08 22:53 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-06 04:50 . 2009-09-06 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2009-09-06 04:37 . 2007-03-27 05:00 67072 ----a-w- c:\windows\system32\escwiad.dll
2009-08-30 03:37 . 2009-08-30 03:37 -------- d-----w- c:\documents and settings\Julie\Application Data\Argonyt

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 08:09 . 2009-06-16 23:20 -------- d-----w- c:\program files\iWin Games
2009-09-26 01:10 . 2007-10-29 01:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-26 00:34 . 2009-04-04 01:46 -------- d-----w- c:\program files\iWin.com
2009-09-24 14:58 . 2006-12-02 16:50 -------- d-----w- c:\documents and settings\Julie\Application Data\iWin
2009-09-22 07:20 . 2007-03-03 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-09-22 07:20 . 2006-11-28 02:58 -------- d-----w- c:\documents and settings\Julie\Application Data\PlayFirst
2009-09-18 14:06 . 2007-07-16 22:20 -------- d-----w- c:\program files\Trend Micro
2009-09-12 03:08 . 2009-01-10 16:29 -------- d-----w- c:\documents and settings\Julie\Application Data\Gold Casual Games
2009-09-11 21:20 . 2006-12-02 10:28 -------- d-----w- c:\documents and settings\Julie\Application Data\Alawar
2009-09-11 02:03 . 2006-06-06 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2009-09-06 04:39 . 2009-08-14 15:56 -------- d-----w- c:\program files\epson
2009-09-06 04:38 . 2005-12-23 19:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-22 22:01 . 2009-07-01 22:34 -------- d-----w- c:\program files\Common Files\Uninstall
2009-08-17 16:10 . 2008-10-31 19:55 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-10-31 19:55 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-10-31 19:55 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-10-31 19:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-10-31 19:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-10-31 19:55 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-10-31 19:55 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-10-31 19:55 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-10-31 19:55 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-16 19:56 . 2009-02-08 04:30 -------- d-----w- c:\documents and settings\All Users\Application Data\FireGlow
2009-08-15 19:57 . 2009-08-12 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\InterAction studios
2009-08-15 18:08 . 2009-08-15 18:08 -------- d-----w- c:\documents and settings\Julie\Application Data\StoneLoopsIW
2009-08-15 06:18 . 2009-08-15 06:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ScreenSeven
2009-08-15 04:06 . 2009-08-15 04:06 -------- d-----w- c:\documents and settings\All Users\Application Data\GameTantra
2009-08-12 01:58 . 2009-08-12 01:58 -------- d-----w- c:\documents and settings\Julie\Application Data\Intenium
2009-08-12 00:53 . 2009-03-28 14:54 -------- d-----w- c:\documents and settings\Julie\Application Data\ScreenSeven
2009-08-12 00:53 . 2009-08-12 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\rionix
2009-08-11 23:24 . 2005-12-23 18:45 -------- d-----w- c:\program files\Java
2009-08-06 23:54 . 2009-06-14 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayPond
2009-08-06 22:51 . 2006-12-02 09:06 -------- d-----w- c:\documents and settings\Julie\Application Data\Wildfire
2009-08-05 09:01 . 2004-08-10 05:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 01:48 . 2009-08-05 01:48 -------- d-----w- c:\documents and settings\Julie\Application Data\EleFun Games
2009-08-05 01:42 . 2009-03-01 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Intenium
2009-08-03 22:11 . 2009-08-03 22:06 34 ----a-w- c:\documents and settings\Josh\jagex_runescape_preferences.dat
2009-08-01 18:54 . 2009-02-05 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Absolutist
2009-08-01 17:17 . 2009-08-01 17:17 -------- d-----w- c:\documents and settings\Julie\Application Data\URSE Games
2009-07-27 23:27 . 2008-10-05 07:31 3960 ----a-w- c:\documents and settings\Kait\Application Data\wklnhst.dat
2009-07-25 10:23 . 2008-12-24 14:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-08-10 05:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2004-08-10 05:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-10 05:00 915456 ----a-w- c:\windows\system32\wininet.dll
2006-04-27 18:33 . 2006-04-27 18:33 774144 ----a-w- c:\program files\RngInterstitial.dll
2006-04-16 23:55 . 2006-04-16 23:55 251 ----a-w- c:\program files\wt3d.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-04 7307264]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Documents and Settings\\Josh\\Application Data\\MySpace\\IM\\bin\\MySpaceIM.exe"=
"c:\\Documents and Settings\\Kait\\Application Data\\MySpace\\IM\\bin\\MySpaceIM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/31/2008 2:55 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/31/2008 2:55 PM 20560]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [9/2/2009 12:30 PM 78104]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [12/23/2005 1:58 PM 100480]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [12/28/2007 10:00 PM 44928]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/1/2007 8:56 PM 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=20011&l=dis
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: turbotax.com
Trusted Zone: trymedia.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKLM-Run-PRISMSVR.EXE - c:\windows\system32\PRISMSVR.EXE
HKLM-Run-PCDrProfiler - (no file)
AddRemove-Adventures of Robinson Crusoe - c:\program files\iWin.com\Adventures of Robinson Crusoe\Uninstall.exe
AddRemove-Masters Of Mystery Crime Of Fashion - c:\program files\iWin.com\Masters Of Mystery Crime Of Fashion\Uninstall.exe
AddRemove-Mortimer Beckett and the Time Paradox - c:\program files\iWin.com\Mortimer Beckett and the Time Paradox\Uninstall.exe
AddRemove-SBC Self Support Tool - c:\progra~1\SBCSEL~1\CustomUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-27 03:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2009-09-27 3:23
ComboFix-quarantined-files.txt 2009-09-27 08:23
ComboFix2.txt 2008-01-01 01:43

Pre-Run: 201,066,352,640 bytes free
Post-Run: 207,349,841,920 bytes free

197 --- E O F --- 2009-09-09 08:06
 

gholt71

Thread Starter
Joined
Aug 19, 2007
Messages
248
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:44:42 AM, on 9/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=20011&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6771 bytes
 

muppy03

Chris
Joined
Jun 19, 2006
Messages
1,893
How is the computer running now?

Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present
Once selected close all windows except HJT an click on Fix Checked


COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code:
    File::
    c:\program files\wt3d.ini
     
    Folder::
    c:\program files\Viewpoint
    
    DDS::
    uStart Page = hxxp://www.ask.com/?o=20011&l=dis
    Trusted Zone: turbotax.com
    Trusted Zone: trymedia.com
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Please reply with:-
  • Combofix log
  • New HJT log
  • Update on how computer is running
 

gholt71

Thread Starter
Joined
Aug 19, 2007
Messages
248
Pages are loading much faster.

ComboFix 09-09-25.01 - Julie 09/27/2009 10:58.6.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1163 [GMT -5:00]
Running from: c:\documents and settings\Julie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Julie\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090926-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\program files\wt3d.ini"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Viewpoint
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Viewpoint\Common\VistaBoot.sdll
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr.dll
c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr_03000F11.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMgr.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\Cursors.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SWFView.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VETScriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt
c:\program files\wt3d.ini

.
((((((((((((((((((((((((( Files Created from 2009-08-27 to 2009-09-27 )))))))))))))))))))))))))))))))
.

2009-09-27 08:49 . 2009-09-27 08:49 -------- d-sh--w- c:\documents and settings\Ignite\IECompatCache
2009-09-27 08:48 . 2009-09-27 08:48 -------- d-sh--w- c:\documents and settings\Ignite\PrivacIE
2009-09-26 14:25 . 2009-09-26 14:25 -------- d-----w- C:\rsit
2009-09-24 03:43 . 2009-09-24 03:43 -------- d-----w- c:\documents and settings\Julie\Local Settings\Application Data\SlapdashGames
2009-09-24 03:43 . 2009-09-24 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SlapdashGames
2009-09-21 13:41 . 2009-09-21 13:41 -------- d-sh--w- c:\documents and settings\Ignite\IETldCache
2009-09-18 14:37 . 2009-09-18 14:37 -------- d-----w- c:\documents and settings\Julie\Application Data\ieSpell
2009-09-18 14:27 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-18 14:27 . 2009-09-18 14:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-18 14:27 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-18 13:45 . 2009-09-18 13:45 -------- d-----w- c:\documents and settings\Julie\Application Data\Malwarebytes
2009-09-18 02:17 . 2009-09-18 02:17 -------- d-----w- c:\documents and settings\Julie\Local Settings\Application Data\FireAndIce
2009-09-16 02:34 . 2009-09-16 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\EscapeFromParadise2
2009-09-15 03:56 . 2009-09-15 03:56 -------- d-----w- c:\documents and settings\Julie\Application Data\Twilight Games
2009-09-13 02:18 . 2009-09-13 02:19 -------- d-----w- c:\documents and settings\Julie\Application Data\Bloom
2009-09-11 21:20 . 2009-09-12 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy2
2009-09-08 22:53 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-06 04:50 . 2009-09-06 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2009-09-06 04:37 . 2007-03-27 05:00 67072 ----a-w- c:\windows\system32\escwiad.dll
2009-08-30 03:37 . 2009-08-30 03:37 -------- d-----w- c:\documents and settings\Julie\Application Data\Argonyt

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 08:09 . 2009-06-16 23:20 -------- d-----w- c:\program files\iWin Games
2009-09-26 01:10 . 2007-10-29 01:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-26 00:34 . 2009-04-04 01:46 -------- d-----w- c:\program files\iWin.com
2009-09-24 14:58 . 2006-12-02 16:50 -------- d-----w- c:\documents and settings\Julie\Application Data\iWin
2009-09-22 07:20 . 2007-03-03 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-09-22 07:20 . 2006-11-28 02:58 -------- d-----w- c:\documents and settings\Julie\Application Data\PlayFirst
2009-09-18 14:06 . 2007-07-16 22:20 -------- d-----w- c:\program files\Trend Micro
2009-09-12 03:08 . 2009-01-10 16:29 -------- d-----w- c:\documents and settings\Julie\Application Data\Gold Casual Games
2009-09-11 21:20 . 2006-12-02 10:28 -------- d-----w- c:\documents and settings\Julie\Application Data\Alawar
2009-09-11 02:03 . 2006-06-06 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2009-09-06 04:39 . 2009-08-14 15:56 -------- d-----w- c:\program files\epson
2009-09-06 04:38 . 2005-12-23 19:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-22 22:01 . 2009-07-01 22:34 -------- d-----w- c:\program files\Common Files\Uninstall
2009-08-17 16:10 . 2008-10-31 19:55 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-10-31 19:55 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-10-31 19:55 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-10-31 19:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-10-31 19:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-10-31 19:55 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-10-31 19:55 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-10-31 19:55 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-10-31 19:55 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-16 19:56 . 2009-02-08 04:30 -------- d-----w- c:\documents and settings\All Users\Application Data\FireGlow
2009-08-15 19:57 . 2009-08-12 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\InterAction studios
2009-08-15 18:08 . 2009-08-15 18:08 -------- d-----w- c:\documents and settings\Julie\Application Data\StoneLoopsIW
2009-08-15 06:18 . 2009-08-15 06:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ScreenSeven
2009-08-15 04:06 . 2009-08-15 04:06 -------- d-----w- c:\documents and settings\All Users\Application Data\GameTantra
2009-08-12 01:58 . 2009-08-12 01:58 -------- d-----w- c:\documents and settings\Julie\Application Data\Intenium
2009-08-12 00:53 . 2009-03-28 14:54 -------- d-----w- c:\documents and settings\Julie\Application Data\ScreenSeven
2009-08-12 00:53 . 2009-08-12 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\rionix
2009-08-11 23:24 . 2005-12-23 18:45 -------- d-----w- c:\program files\Java
2009-08-06 23:54 . 2009-06-14 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayPond
2009-08-06 22:51 . 2006-12-02 09:06 -------- d-----w- c:\documents and settings\Julie\Application Data\Wildfire
2009-08-05 09:01 . 2004-08-10 05:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 01:48 . 2009-08-05 01:48 -------- d-----w- c:\documents and settings\Julie\Application Data\EleFun Games
2009-08-05 01:42 . 2009-03-01 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Intenium
2009-08-03 22:11 . 2009-08-03 22:06 34 ----a-w- c:\documents and settings\Josh\jagex_runescape_preferences.dat
2009-08-01 18:54 . 2009-02-05 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Absolutist
2009-08-01 17:17 . 2009-08-01 17:17 -------- d-----w- c:\documents and settings\Julie\Application Data\URSE Games
2009-07-27 23:27 . 2008-10-05 07:31 3960 ----a-w- c:\documents and settings\Kait\Application Data\wklnhst.dat
2009-07-25 10:23 . 2008-12-24 14:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-08-10 05:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2004-08-10 05:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-10 05:00 915456 ------w- c:\windows\system32\wininet.dll
2006-04-27 18:33 . 2006-04-27 18:33 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-04 7307264]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Documents and Settings\\Josh\\Application Data\\MySpace\\IM\\bin\\MySpaceIM.exe"=
"c:\\Documents and Settings\\Kait\\Application Data\\MySpace\\IM\\bin\\MySpaceIM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/31/2008 2:55 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/31/2008 2:55 PM 20560]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [9/2/2009 12:30 PM 78104]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [12/23/2005 1:58 PM 100480]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [12/28/2007 10:00 PM 44928]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-27 11:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2009-09-27 11:09
ComboFix-quarantined-files.txt 2009-09-27 16:09
ComboFix2.txt 2009-09-27 08:23
ComboFix3.txt 2008-01-01 01:43

Pre-Run: 207,392,620,544 bytes free
Post-Run: 207,364,874,240 bytes free

206 --- E O F --- 2009-09-09 08:06
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top