1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

"Your computer is infected!" Popup message. Computer infected with Trojan

Discussion in 'Virus & Other Malware Removal' started by sullivan8231985, Sep 10, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. sullivan8231985

    sullivan8231985 Thread Starter

    Joined:
    Sep 10, 2009
    Messages:
    15
    Hi, this is my first time posting here.

    I'm running Windows XP Pro SP2, and my computer has a virus that, at first, was giving me a tool-tip-like message from the system tray saying "Your computer is infected! ..." and something about installing a scam antivirus program. I've done a lot of searching for this issue and have seen many cases of it. Posts on other forums offered specialized programs like "Smitfraudfix.exe" and others that I was unable to get to work.

    I've updated my Java (which stopped the annoying "Your computer is infected!" popup), removed my Temporary Internet Files, and run Avast! and Avira every time I restart my computer, but each time there seems to be malware that needs removed. Can someone please help me clean this virus / trojan off of my machine completely?

    Thank you for your time, here is a HJT log from the time of this post:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:10:53 PM, on 9/10/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\dlbucoms.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Microsoft Windows OneCare Live\winss.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\NWTRAY.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Westminster College
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sproxy:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.westminster.edu;10.*;<local>
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [TitanNET] D:\TitanNET2k6.exe
    O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,[email protected]
    O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
    O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.westminster.edu/
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program Files/Jojo's Fashion Show/Images/stg_drm.ocx
    O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/d.../mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program Files/Jojo's Fashion Show/Images/armhelper.ocx
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: dlbu_device - - C:\WINDOWS\system32\dlbucoms.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
    --
    End of file - 10886 bytes
     
  2. muppy03

    muppy03 Malware Specialist

    Joined:
    Jun 19, 2006
    Messages:
    1,880
    Hello and welcome to TSG

    IMPORTANT

    Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
    To make cleaning this machine easier:-
    • Continue to respond to this thread until I give you the All Clean!
    • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
    • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
    • Please follow all instructions in the order posted.
    • If you have any questions or do not understand instructions, please ask before continuing.
    • Please reply to this thread. Do not start a new topic.

    Make an uninstall list using HijackThis
    To access the Uninstall Manager you would do the following:
    • Start HijackThis
    • Click on the Config button
    • Click on the Misc Tools button
    • Click on the Open Uninstall Manager button.
    • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

    Please post this log on your next reply.

    Download and run Combofix
    This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper


    Please download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
    • If you need help to disable your protection programs see here.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]
    Click on Yes, to continue scanning for malware.

    When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

    If you need help, see this link:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please reply with:-
    • Combofix log
    • New HJT log
    • Uninstall list
     
  3. sullivan8231985

    sullivan8231985 Thread Starter

    Joined:
    Sep 10, 2009
    Messages:
    15
    Hi, thanks for your response.

    I downloaded ComboFix to my desktop. When I double click the .exe it shows a loading bar near the icon on my desktop. When the loading bar fills up to 100% it dissapears, then nothing happens. I'm not prompted with anything at all. Do you have any suggestions? In the meantime I'll try removing and re-downloading ComboFix.exe.

    Also, I was checking for the file C:\ComboFix.txt, to see if it had run without showing any dialog and found another file, C:\Bug.txt that I don't remember. Is this filename something you recognize as coming from HJT or ComboFix? It's contents are pasted below:


    PUSHD "C:\32788R22FWJFW"
    SET "Comspec=C:\WINDOWS\system32\cmd.execf"
    IF NOT EXIST C:\WINDOWS\system32\cmd.exe GOTO Not_NT
    VER 1>OsVer
    GREP.cfxxe -F "5.1.2" OsVer 1>XP.mac
    IF 0 == 0 GOTO NT
    SET "Ver_CF=09-09-12.08"
    IF NOT EXIST NircmdB.exe COPY /Y Nircmd.cfxxe NircmdB.exe
    1 file(s) copied.
    PEV UZIP License\pv_5_2_2.zip .\
    MOVE /Y PV.exe PV.cfxxe
    IF NOT EXIST PEV.cfxxe COPY /Y PEV.exe PEV.cfxxe
    1 file(s) copied.
    GREP.cfxxe -isq "ProductType.*WinNT" WinNT00 || GOTO Not_NT
    'SED' is not recognized as an internal or external command,
    operable program or batch file.

    Once again, thank you for your help and patience with my issue.
     
  4. muppy03

    muppy03 Malware Specialist

    Joined:
    Jun 19, 2006
    Messages:
    1,880
    Please delete the copy of Combofix from your desktop and re-download. This time when prompted to save RENAME to Combo-fix (include the hypen), then run as directed before.
     
  5. sullivan8231985

    sullivan8231985 Thread Starter

    Joined:
    Sep 10, 2009
    Messages:
    15
    Hi again, I was able to run ComboFix after following your directions. Here are the log files you've requested and thank you again for taking the time to help me. (They're too long to put in one post so they'll each be in a separate post)

    ComboFix:
    ComboFix 09-09-14.02 - user 09/14/2009 21:11.1.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1191 [GMT -4:00]
    Running from: c:\documents and settings\user\Desktop\Combo-Fix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: avast! antivirus 4.8.1351 [VPS 090914-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\program files\iWin Games\iWinGamesHookIE.dll
    c:\recycler\S-1-5-21-1250370062-1484723724-854930171-1005
    c:\recycler\S-1-5-21-130192073-2191006979-1048334737-1005
    c:\recycler\S-1-5-21-130192073-2191006979-1048334737-500
    c:\recycler\S-1-5-21-1724336966-726014334-1075995774-1005
    c:\windows\Installer\52e528.msi
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    -------\Legacy_FAD

    ((((((((((((((((((((((((( Files Created from 2009-08-15 to 2009-09-15 )))))))))))))))))))))))))))))))
    .
    2009-09-12 01:55 . 2009-09-12 01:55 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
    2009-09-11 00:28 . 2009-09-11 00:28 -------- d-----w- c:\program files\Trend Micro
    2009-09-10 23:19 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll
    2009-09-10 23:08 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll
    2009-09-10 23:08 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
    2009-09-10 23:04 . 2009-09-10 23:04 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2009-09-10 00:37 . 2009-09-10 00:37 -------- d-sh--w- c:\documents and settings\user\IECompatCache
    2009-09-08 00:16 . 2009-09-08 00:37 -------- d-----w- C:\$AVG8.VAULT$
    2009-09-08 00:07 . 2007-11-28 02:56 116416 ----a-w- c:\windows\system32\drivers\msfwhlpr.sys
    2009-09-08 00:06 . 2008-05-15 20:15 53168 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2009-09-08 00:06 . 2009-09-08 00:06 -------- d-----w- c:\windows\system32\bits
    2009-09-08 00:04 . 2007-03-29 12:56 7168 ------w- c:\windows\system32\dllcache\bitsprx4.dll
    2009-09-08 00:04 . 2007-03-29 12:56 7168 ------w- c:\windows\system32\dllcache\bitsprx3.dll
    2009-09-08 00:04 . 2007-03-29 12:56 7168 ------w- c:\windows\system32\bitsprx4.dll
    2009-09-08 00:04 . 2007-03-29 12:56 8192 ------w- c:\windows\system32\dllcache\bitsprx2.dll
    2009-09-08 00:04 . 2007-03-29 12:56 409600 ------w- c:\windows\system32\dllcache\qmgr.dll
    2009-09-08 00:04 . 2007-03-29 12:56 18944 ------w- c:\windows\system32\dllcache\qmgrprxy.dll
    2009-09-07 23:55 . 2009-09-15 01:22 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
    2009-09-07 23:55 . 2009-09-07 23:55 -------- d-----w- C:\4d29738ae7a93a939ab46c0e90e7
    2009-09-07 23:10 . 2009-09-07 23:10 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2009-09-07 23:10 . 2009-09-07 23:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-09-07 23:10 . 2009-09-07 23:10 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-09-07 23:10 . 2009-09-07 23:10 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-09-07 23:10 . 2009-09-07 23:10 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-09-07 23:09 . 2009-09-13 21:09 -------- d-----w- c:\windows\system32\drivers\Avg
    2009-09-07 23:09 . 2009-09-07 23:09 -------- d-----w- c:\program files\AVG
    2009-09-07 23:09 . 2009-09-07 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
    2009-09-07 22:50 . 2009-09-07 22:50 -------- d-----w- c:\documents and settings\user\Application Data\AVG8
    2009-09-03 11:46 . 2009-09-03 11:46 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
    2009-09-03 11:46 . 2009-09-03 11:46 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
    2009-09-03 10:07 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2009-09-03 10:07 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2009-09-03 02:02 . 2009-09-03 02:02 -------- d-sh--w- c:\documents and settings\user\PrivacIE
    2009-09-03 00:50 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2009-09-03 00:50 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2009-09-03 00:50 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2009-09-03 00:50 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
    2009-09-03 00:50 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2009-09-03 00:50 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2009-09-03 00:50 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2009-09-03 00:50 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2009-09-03 00:49 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
    2009-09-03 00:49 . 2009-09-03 00:49 -------- d-----w- c:\program files\Alwil Software
    2009-09-02 23:14 . 2009-09-02 23:14 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2009-09-02 23:14 . 2009-09-02 23:14 -------- d-sh--w- c:\documents and settings\user\IETldCache
    2009-09-02 23:10 . 2009-09-12 01:54 -------- d-----w- c:\windows\ie8updates
    2009-09-02 23:10 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
    2009-09-02 23:05 . 2009-09-02 23:08 -------- dc-h--w- c:\windows\ie8
    2009-09-02 22:59 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-09-02 22:59 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-09-02 22:59 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2009-09-02 22:59 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2009-09-02 22:59 . 2009-09-02 22:59 -------- d-----w- c:\program files\Avira
    2009-09-02 22:59 . 2009-09-02 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2009-08-17 13:11 . 2009-09-13 22:25 -------- d-----w- c:\program files\Ranch Rush
    2009-08-17 13:10 . 2009-08-17 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Amazon
    2009-08-17 13:10 . 2009-08-17 13:10 -------- d-----w- c:\program files\Amazon
    2009-08-16 15:31 . 2009-08-16 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\FreshGames
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-09-15 01:22 . 2005-06-23 15:12 -------- d-----w- c:\program files\Symantec AntiVirus
    2009-09-15 01:17 . 2008-12-16 23:31 -------- d-----w- c:\program files\iWin Games
    2009-09-15 00:25 . 2005-06-23 14:57 43960 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-09-07 22:36 . 2005-06-01 11:25 -------- d-----w- c:\program files\Java
    2009-09-03 11:51 . 2005-06-23 21:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-09-02 18:42 . 2005-08-17 03:34 -------- d-----w- c:\program files\Dl_cats
    2009-08-27 20:39 . 2008-05-29 04:09 64 ---h--w- c:\windows\popcreg.dat
    2009-08-27 20:39 . 2008-05-29 04:09 16 ----a-w- c:\windows\popcinfot.dat
    2009-08-16 16:31 . 2009-05-13 14:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-08-05 09:11 . 2004-08-11 22:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-07-25 09:23 . 2009-05-30 21:22 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-07-17 18:55 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-14 03:43 . 2004-08-11 22:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-03 17:09 . 2004-08-11 22:00 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-06-25 18:36 . 2004-08-11 22:00 95744 ----a-w- c:\windows\system32\mqsec.dll
    2009-06-25 18:36 . 2004-08-11 22:00 661504 ----a-w- c:\windows\system32\mqqm.dll
    2009-06-25 18:36 . 2004-08-11 22:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
    2009-06-25 18:36 . 2004-08-11 22:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
    2009-06-25 18:36 . 2004-08-11 22:00 471552 ----a-w- c:\windows\system32\mqutil.dll
    2009-06-25 18:36 . 2004-08-11 22:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
    2009-06-25 18:36 . 2004-08-11 22:00 225280 ----a-w- c:\windows\system32\mqoa.dll
    2009-06-25 18:36 . 2004-08-11 22:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
    2009-06-25 18:36 . 2004-08-11 22:00 177152 ----a-w- c:\windows\system32\mqrt.dll
    2009-06-25 18:36 . 2004-08-11 22:00 16896 ----a-w- c:\windows\system32\mqise.dll
    2009-06-25 18:36 . 2004-08-11 22:00 138240 ----a-w- c:\windows\system32\mqad.dll
    2009-06-25 18:36 . 2004-08-11 22:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
    2009-06-25 08:44 . 2004-08-11 22:00 59392 ----a-w- c:\windows\system32\wdigest.dll
    2009-06-25 08:44 . 2004-08-11 22:00 56320 ----a-w- c:\windows\system32\secur32.dll
    2009-06-25 08:44 . 2004-08-11 22:00 168448 ----a-w- c:\windows\system32\schannel.dll
    2009-06-25 08:44 . 2004-08-11 22:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
    2009-06-25 08:44 . 2004-08-11 22:00 724480 ----a-w- c:\windows\system32\lsasrv.dll
    2009-06-25 08:44 . 2004-08-11 22:00 298496 ----a-w- c:\windows\system32\kerberos.dll
    2009-06-22 11:49 . 2004-08-11 22:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
    2009-06-22 11:49 . 2004-08-11 22:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
    2009-06-22 11:49 . 2004-08-11 22:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
    2009-06-22 11:48 . 2004-08-11 22:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
    2009-06-22 11:34 . 2004-08-11 22:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2005-05-11 17:28 . 2005-06-23 15:29 94208 ----a-w- c:\program files\mozilla firefox\components\BrandRes.dll
    2005-05-11 17:28 . 2005-06-23 15:29 150912 ----a-w- c:\program files\mozilla firefox\components\fullsoft.dll
    2005-05-11 17:28 . 2005-06-23 15:29 41573 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
    2005-05-11 17:28 . 2005-06-23 15:29 48223 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
    2005-05-11 17:28 . 2005-06-23 15:29 8813 ----a-w- c:\program files\mozilla firefox\components\qfaservices.dll
    2005-05-11 17:28 . 2005-06-23 15:29 159335 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
    .
    ------- Sigcheck -------
    [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll
    [-] 2007-03-29 . CC431E6DEAAD867A583EE5E804EE4CF2 . 409600 . . [6.7.2600.3109] . . c:\windows\system32\qmgr.dll
    [-] 2007-03-29 . CC431E6DEAAD867A583EE5E804EE4CF2 . 409600 . . [6.7.2600.3109] . . c:\windows\system32\bits\qmgr.dll
    [-] 2007-03-29 . CC431E6DEAAD867A583EE5E804EE4CF2 . 409600 . . [6.7.2600.3109] . . c:\windows\system32\dllcache\qmgr.dll
    [-] 2007-03-29 . 65E23953D337574E549B1EF34FE0B1DA . 409600 . . [6.7.2600.3109] . . c:\windows\$hf_mig$\KB923845\SP2QFE\qmgr.dll
    [7] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtUninstallKB923845$\qmgr.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-15 126976]
    "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-02-03 606208]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]
    "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-05-27 124656]
    "DLBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2007-02-12 73728]
    "AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-05-20 223744]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-07 2007832]
    "OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-07-09 65240]
    "NWTRAY"="NWTRAY.EXE" - c:\windows\system32\nwtray.exe [2005-06-22 28672]
    c:\documents and settings\user\Start Menu\Programs\Startup\
    iWin Desktop Alerts.lnk - c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2009-5-13 108544]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-6-1 24576]
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-6-21 282624]
    KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "CompatibleRUPSecurity"= 1 (0x1)
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-09-07 23:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
    @="Service"
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001
    "FirewallOverride"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\StubInstaller.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\dlbucoms.exe"=
    "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\iWin Games\\iWinGames.exe"=
    "c:\\Program Files\\iWin Games\\WebUpdater.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "123:UDP"= 123:UDP:Westminster Novell NTP
    "427:TCP"= 427:TCP:Westminster Novell SLP TCP
    "427:UDP"= 427:UDP:Westminster Novell SLP UDP
    "524:TCP"= 524:TCP:Westminster Novell NCP TCP
    "524:UDP"= 524:UDP:Westminster Novell NCP UDP
    "2302:TCP"= 2302:TCP:Westminster Novell Command TCP
    "2645:UDP"= 2645:UDP:Westminster Novell Command UDP
    "3024:UDP"= 3024:UDP:Westminster Novell ClientTrust
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [9/7/2009 7:10 PM 12552]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/2/2009 8:50 PM 114768]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/7/2009 7:10 PM 335240]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/7/2009 7:10 PM 108552]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/2/2009 6:59 PM 108289]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/2/2009 8:50 PM 20560]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/7/2009 7:09 PM 297752]
    R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [7/9/2009 12:15 PM 26104]
    R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [5/26/2006 9:01 PM 115952]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/16/2007 12:07 AM 24652]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/20/2008 1:03 PM 109616]
    S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [8/17/2009 9:10 AM 297472]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = hxxp://www.google.com
    mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyServer = sproxy:8080
    uInternet Settings,ProxyOverride = *.westminster.edu;10.*;<local>
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\wj600a20.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.westminster.edu/home.cfm?page=current
    FF - prefs.js: network.proxy.ftp - sproxy
    FF - prefs.js: network.proxy.ftp_port - 8080
    FF - prefs.js: network.proxy.gopher - sproxy
    FF - prefs.js: network.proxy.gopher_port - 8080
    FF - prefs.js: network.proxy.http - sproxy
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.ssl - sproxy
    FF - prefs.js: network.proxy.ssl_port - 8080
    FF - prefs.js: network.proxy.type - 1
    FF - component: c:\program files\Mozilla Firefox\components\qfaservices.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version",
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id",
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
    .
    - - - - ORPHANS REMOVED - - - -
    HKLM-Run-TitanNET - D:\TitanNET2k6.exe
    Notify-OdysseyClient - (no file)

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-09-14 21:22
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'Explorer.exe'(5360)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\NLS\ENGLISH\NWSHLXNR.DLL
    c:\windows\system32\NLS\ENGLISH\NOVNPNTR.DLL
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
    c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    c:\windows\system32\BCMWLTRY.EXE
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\windows\system32\Crypserv.exe
    c:\program files\Symantec AntiVirus\DefWatch.exe
    c:\windows\system32\dlbucoms.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
    c:\program files\Symantec AntiVirus\Rtvscan.exe
    c:\progra~1\AVG\AVG8\avgam.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\program files\Microsoft Windows OneCare Live\winss.exe
    c:\program files\Alwil Software\Avast4\ashMaiSv.exe
    c:\program files\Alwil Software\Avast4\ashWebSv.exe
    c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    c:\windows\system32\WLTRAY.EXE
    c:\program files\Apoint\ApntEx.exe
    c:\program files\Symantec AntiVirus\DoScan.exe
    .
    **************************************************************************
    .
    Completion time: 2009-09-15 21:30 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-09-15 01:29
    Pre-Run: 15,480,733,696 bytes free
    Post-Run: 15,629,238,272 bytes free
    359 --- E O F --- 2009-09-15 00:37
     
  6. sullivan8231985

    sullivan8231985 Thread Starter

    Joined:
    Sep 10, 2009
    Messages:
    15
    HijackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:47:38 PM, on 9/14/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\dlbucoms.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Microsoft Windows OneCare Live\winss.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\NWTRAY.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sproxy:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.westminster.edu;10.*;<local>
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,[email protected]
    O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.westminster.edu/
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Jojo's%20Fashion%20Show/Images/stg_drm.ocx
    O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/d.../mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program Files/Jojo's Fashion Show/Images/armhelper.ocx
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: dlbu_device - - C:\WINDOWS\system32\dlbucoms.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
    --
    End of file - 10730 bytes
     
  7. sullivan8231985

    sullivan8231985 Thread Starter

    Joined:
    Sep 10, 2009
    Messages:
    15
    Uninstall List:

    Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
    Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
    Adobe Flash Player 10 ActiveX
    Adobe Photoshop Album 2.0 Starter Edition
    Adobe Reader 7.0
    Adobe Reader Digital Editions and Accessibility Package
    Adobe Reader Multimedia Package
    Adobe Shockwave Player
    ALPS Touch Pad Driver
    Amazon Games & Software Downloader
    avast! Antivirus
    AVG 8.5
    Avira AntiVir Personal - Free Antivirus
    Broadcom Management Programs 2
    CCScore
    Conexant D110 MDC V.9x Modem
    Critical Update for Windows Media Player 11 (KB959772)
    Dell ResourceCD
    Dell Wireless WLAN Card
    Digital Line Detect
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSSONIC
    ESSTOOLS
    essvatgt
    fflink
    GTOneCare
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Intel(R) Graphics Media Accelerator Driver for Mobile
    Internal Network Card Power Management
    iWin Games (remove only)
    Jasc Paint Shop Photo Album
    Java(TM) 6 Update 15
    Jojos Fashion Show 2
    kgcbaby
    kgcbase
    kgchday
    kgchlwn
    kgcinvt
    kgckids
    kgcmove
    kgcvday
    Kodak EasyShare software
    KSU
    LimeWire 4.14.10
    LiveUpdate 3.0 (Symantec Corporation)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Windows Live OneCare Resources v2.5.2900.28
    Microsoft Windows OneCare Live AntiSpyware and AntiVirus
    Microsoft Windows OneCare Live v2.5.2900.28
    Microsoft Windows OneCare Live v2.5.2900.28 Idcrl Install
    Modem Helper
    MOViewer
    Mozilla Firefox (1.0.4)
    MSN
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 6 Service Pack 2 (KB954459)
    netbrdg
    NetWaiting
    NICI (Shared) U.S./Worldwide (128 bit) (2.6.8-2)
    NMAS Challenge Response Method
    NMAS Client
    Notifier
    Novell Client for Windows
    OfotoXMI
    Peggle Deluxe 1.0
    Peggle Deluxe 1.01
    PowerDVD 5.1
    PX Engine
    QuickSet
    Ranch Rush
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB883939)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937143)
    Security Update for Windows XP (KB937894)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971032)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    SFR
    SHASTA
    skin0001
    SKINXSDK
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.3
    staticcr
    Symantec AntiVirus
    tooltips
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB914882)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB923845)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973815)
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    Viewpoint Toolbar
    VPRINTOL
    WC Firewall Controller 1.0.4
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live OneCare
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB887797
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    WIRELESS
     
  8. muppy03

    muppy03 Malware Specialist

    Joined:
    Jun 19, 2006
    Messages:
    1,880
    Hi there, before we continue with cleaning:-

    Multiple Anti-virus Programs
    You are operating your computer with multiple Anti-virus programs running in memory at once:
    avast! Antivirus
    AVG 8.5
    Avira AntiVir
    Symantec AntiVirus
    Windows Live OneCare


    Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two or more anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please remove all but one of them NOW.

    While in ADD/REMOVE programs please also uninstall the following:-

    • iWin Games (remove only)
      Viewpoint Manager (Remove Only)
      Viewpoint Media Player
      Viewpoint Toolbar
      LiveUpdate 3.0 (Symantec Corporation) ONLY UNINSTALL THIS IF SYMANTEC IS ONE OF THE AV’S YOU REMOVE
      Spybot - Search & Destroy
      Spybot - Search & Destroy 1.3 Both outdated

    When done please post a NEW HJT and a NEW Uninstall list

    Please reply with:-
    • New HJT log
    • Uninstall list
     
  9. sullivan8231985

    sullivan8231985 Thread Starter

    Joined:
    Sep 10, 2009
    Messages:
    15
    Hi, I've removed all but Symantec. (The machine was set up by a college's tech desk crew and Symantec's uninstaller is password protected :( still looking for a way around this)

    HijackThis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:27:48 PM, on 9/15/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\dlbucoms.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\NWTRAY.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\Symantec AntiVirus\DoScan.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sproxy:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.westminster.edu;10.*;<local>
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,[email protected]
    O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.westminster.edu/
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Jojo's%20Fashion%20Show/Images/stg_drm.ocx
    O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/d.../mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program Files/Jojo's Fashion Show/Images/armhelper.ocx
    O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: dlbu_device - - C:\WINDOWS\system32\dlbucoms.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
    --
    End of file - 8262 bytes


    Uninstall List:
    Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
    Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
    Adobe Flash Player 10 ActiveX
    Adobe Photoshop Album 2.0 Starter Edition
    Adobe Reader 7.0
    Adobe Reader Digital Editions and Accessibility Package
    Adobe Reader Multimedia Package
    Adobe Shockwave Player
    ALPS Touch Pad Driver
    Amazon Games & Software Downloader
    Broadcom Management Programs 2
    CCScore
    Conexant D110 MDC V.9x Modem
    Critical Update for Windows Media Player 11 (KB959772)
    Dell ResourceCD
    Dell Wireless WLAN Card
    Digital Line Detect
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSSONIC
    ESSTOOLS
    essvatgt
    fflink
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Intel(R) Graphics Media Accelerator Driver for Mobile
    Internal Network Card Power Management
    Jasc Paint Shop Photo Album
    Java(TM) 6 Update 15
    Jojos Fashion Show 2
    kgcbaby
    kgcbase
    kgchday
    kgchlwn
    kgcinvt
    kgckids
    kgcmove
    kgcvday
    Kodak EasyShare software
    KSU
    LimeWire 4.14.10
    LiveUpdate 3.0 (Symantec Corporation)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Modem Helper
    MOViewer
    Mozilla Firefox (1.0.4)
    MSN
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 6 Service Pack 2 (KB954459)
    netbrdg
    NetWaiting
    NICI (Shared) U.S./Worldwide (128 bit) (2.6.8-2)
    NMAS Challenge Response Method
    NMAS Client
    Notifier
    Novell Client for Windows
    OfotoXMI
    Peggle Deluxe 1.0
    Peggle Deluxe 1.01
    PowerDVD 5.1
    QuickSet
    Ranch Rush
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB883939)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937143)
    Security Update for Windows XP (KB937894)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971032)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    SFR
    SHASTA
    skin0001
    SKINXSDK
    staticcr
    Symantec AntiVirus
    tooltips
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB914882)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB923845)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973815)
    VPRINTOL
    WC Firewall Controller 1.0.4
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB887797
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    WIRELESS
     
  10. muppy03

    muppy03 Malware Specialist

    Joined:
    Jun 19, 2006
    Messages:
    1,880
    Hi. Sorry my fault really, :eek: but that’s the one that is outdated and is no good to you in any way, shape or form. The default password for uninstalling Symantec AntiVirus Corporate Edition clients is: Symantec.

    See if that works, and I will have to get you to reinstall, Avira or Avast etc. ONLY ONE.

    Let me know how it goes.
     
  11. sullivan8231985

    sullivan8231985 Thread Starter

    Joined:
    Sep 10, 2009
    Messages:
    15
    Hi again, I tried to uninstall Symantec with the password "Symantec" and was told it was incorrect. I also tried "symantec" and "SYMANTEC" just for fun but no luck.

    I saw an article somewhere about editing your registry to disable this password prompt, but I thought I'd ask for your advice on this.

    Also, I'm planning to reinstall AVG Free once I get rid of Symantec.
     
  12. muppy03

    muppy03 Malware Specialist

    Joined:
    Jun 19, 2006
    Messages:
    1,880
    Lets try Nortons way first :eek:, follow these directions to download the Norton Removal Tool and run it to remove the above programs.
    • Click Here to download the Norton removal tool
    • Click Save and save the file to your desktop
    • Close all Norton Application windows you may have open, and double-click on Norton_Removal_Tool.exe to start the removal tool. Windows Vista users will have to right-click on the file and select "Run as Administrator"
    • After the removal tool finishes, you should be prompted to restart your computer.
    • Once the computer restarts, hoptfully your Norton product should be uninstalled.

    IMPORTANT Make sure you install and update an Antivirus Now if it works.
     
  13. sullivan8231985

    sullivan8231985 Thread Starter

    Joined:
    Sep 10, 2009
    Messages:
    15
    When running Norton Removal Tool, I'm told "The following applications must be removed through Add/Remove Programs before continuing: "

    Symantec Antivirus 9

    I don't recall installing this in the past (however I could have a long time ago and forgot). I thought the only version I still had was Symantec Corporate Edition 10.1. The above uninstall and HJT logs would still be accurate with regard to Symantec products if they can help you find any trace of Symantec 9. Thanks again for your continued help
     
  14. muppy03

    muppy03 Malware Specialist

    Joined:
    Jun 19, 2006
    Messages:
    1,880
    That is just the corporate version we are trying to uninstall.

    It was suggested to me that you try Revo uninstaller, although I don’t know if the password will get in the way of this too.

    http://www.revouninstaller.com/

    Give it a go, and I will dig a bit deeper.
     
  15. sullivan8231985

    sullivan8231985 Thread Starter

    Joined:
    Sep 10, 2009
    Messages:
    15
    I just finished installing and trying RevoUninstaller. It still prompted me for Symantec's uninstaller password, so no luck :p
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/859904

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice