Help Removing Smitfraud-c.coreservice [RESOLVED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Help Removing Smitfraud-c.coreservice [RESOLVED]

Options

Sazerac View Member Profile	Nov 24 2008, 02:45 AM Post #1
New Member Posts: 8 OS: Windows XP	Ok, I can't manage to get rid of this... Spybot S&D can't get rid of it, and Smitfraudfix won't either. Any help at all would be greatly appreciated... the popups are killing me, haha. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:43:34 PM, on 11/23/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\PixArt\PAC7302\Monitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Documents and Settings\Robert\Application Data\gadcom\gadcom.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hijackthis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {26718452-E867-4821-A306-C9B7B5A5511A} - C:\WINDOWS\system32\qoMccBqO.dll (file missing) O2 - BHO: (no name) - {73259091-9574-4ED8-A40F-7F65AFC28634} - C:\WINDOWS\system32\pmnmmLDt.dll (file missing) O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [DriverCD] D:\Run.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Robert\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.gaiaonline.com O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab O20 - Winlogon Notify: acpiz - acpiz.dll (file missing) O20 - Winlogon Notify: pmnmmLDt - pmnmmLDt.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -- End of file - 9734 bytes

Rorschach112 View Member Profile	Nov 24 2008, 08:40 AM Post #2
GeekU Teacher Posts: 34,358 From: Dublin OS: XP	Hello Disable resident protections (Antivirus...); you'll re-enable them after the scan Download Lop S&D < here Double-click Lop S&D.exe Choose the language, then choose Option 1 (Search) Wait till the end of the scan Post the log which is created: (%SystemDrive%\lopR.txt)

Sazerac View Member Profile	Nov 24 2008, 10:44 AM Post #3
New Member Posts: 8 OS: Windows XP	Ok, here's what I got... --------------------\\ Lop S&D 4.2.4-9c XP/Vista Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : AMD Athlon™ 64 X2 Dual Core Processor 3800+ ) BIOS : Award Modular BIOS v6.00PG USER : Robert ( Administrator ) BOOT : Normal boot A:\ (USB) C:\ (Local Disk) - NTFS - Total:93 Go (Free:58 Go) D:\ (CD or DVD) E:\ (USB) F:\ (USB) G:\ (USB) H:\ (USB) "C:\Lop SD" ( MAJ : 01-11-2008\|16:30 ) Option : [1] ( Mon 11/24/2008\| 6:40 ) --------------------\\ Listing folders in APPLIC~1 [10/06/2008\|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6} [08/04/2008\|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> acccore [10/24/2008\|06:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe [06/03/2008\|08:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL [06/03/2008\|08:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP [12/24/2007\|09:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple [12/24/2007\|09:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer [11/23/2008\|07:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google Updater [07/09/2008\|06:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Gtek [09/17/2008\|04:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield [10/22/2008\|07:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kaspersky Lab Setup Files [11/23/2008\|04:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft [09/24/2008\|07:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft [01/19/2008\|10:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles [09/18/2008\|08:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Office Genuine Advantage [10/05/2008\|10:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap [11/23/2008\|06:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy [11/24/2008\|06:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP [08/04/2008\|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint [01/19/2008\|10:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage [12/24/2007\|05:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller [02/29/2008\|03:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! [07/28/2005\|07:38] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities [07/28/2005\|07:38] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft [07/28/2005\|07:38] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft [07/28/2005\|07:38] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft [06/03/2008\|08:24] C:\DOCUME~1\Robert\APPLIC~1\<DIR> acccore [10/27/2008\|10:40] C:\DOCUME~1\Robert\APPLIC~1\<DIR> Adobe [10/16/2008\|08:02] C:\DOCUME~1\Robert\APPLIC~1\<DIR> AdobeUM [10/13/2008\|05:13] C:\DOCUME~1\Robert\APPLIC~1\<DIR> Apple Computer [08/30/2008\|06:14] C:\DOCUME~1\Robert\APPLIC~1\<DIR> ArcSoft [11/23/2008\|03:00] C:\DOCUME~1\Robert\APPLIC~1\<DIR> gadcom [07/09/2008\|06:46] C:\DOCUME~1\Robert\APPLIC~1\<DIR> GTek [02/16/2008\|03:32] C:\DOCUME~1\Robert\APPLIC~1\<DIR> Help [07/28/2005\|07:38] C:\DOCUME~1\Robert\APPLIC~1\<DIR> Identities [10/23/2008\|04:56] C:\DOCUME~1\Robert\APPLIC~1\<DIR> InstallShield [11/23/2008\|03:05] C:\DOCUME~1\Robert\APPLIC~1\<DIR> IUpd721 [03/29/2008\|08:15] C:\DOCUME~1\Robert\APPLIC~1\<DIR> Macromedia [09/18/2008\|08:54] C:\DOCUME~1\Robert\APPLIC~1\<DIR> Microsoft [11/23/2008\|04:14] C:\DOCUME~1\Robert\APPLIC~1\<DIR> NI.GSCNS [02/16/2008\|03:31] C:\DOCUME~1\Robert\APPLIC~1\<DIR> NJStar [08/18/2008\|06:47] C:\DOCUME~1\Robert\APPLIC~1\<DIR> OpenOffice.org2 [11/23/2008\|07:47] C:\DOCUME~1\Robert\APPLIC~1\<DIR> PC Tools [10/17/2008\|07:44] C:\DOCUME~1\Robert\APPLIC~1\<DIR> SecuROM [12/24/2007\|07:19] C:\DOCUME~1\Robert\APPLIC~1\<DIR> Sun [06/21/2008\|02:23] C:\DOCUME~1\Robert\APPLIC~1\<DIR> Viewpoint [06/10/2008\|08:50] C:\DOCUME~1\Robert\APPLIC~1\<DIR> WinRAR [02/29/2008\|04:02] C:\DOCUME~1\Robert\APPLIC~1\<DIR> yahoo! --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [10/31/2008 03:00 PM][--a------] C:\WINDOWS\tasks\Norton Security Scan for Robert.job [11/18/2008 09:19 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [11/24/2008 06:33 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT [08/04/2004 09:00 AM][-r-h-c---] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing Folders in C:\Program Files [01/21/2008\|06:27] C:\Program Files\<DIR> AbiSuite2 [10/24/2008\|06:56] C:\Program Files\<DIR> Adobe [08/04/2008\|09:31] C:\Program Files\<DIR> AIM6 [08/09/2008\|06:47] C:\Program Files\<DIR> Apple Software Update [08/30/2008\|06:13] C:\Program Files\<DIR> ArcSoft [09/14/2008\|05:29] C:\Program Files\<DIR> Bonjour [11/23/2008\|04:55] C:\Program Files\<DIR> Common Files [07/28/2005\|07:38] C:\Program Files\<DIR> ComPlus Applications [12/24/2007\|09:15] C:\Program Files\<DIR> DIFX [11/18/2008\|06:20] C:\Program Files\<DIR> EA GAMES [10/17/2008\|05:33] C:\Program Files\<DIR> Electronic Arts [10/22/2008\|08:40] C:\Program Files\<DIR> Google [11/23/2008\|10:41] C:\Program Files\<DIR> Hijackthis [10/13/2008\|06:00] C:\Program Files\<DIR> HooTech [12/27/2007\|07:04] C:\Program Files\<DIR> HP [10/17/2008\|05:33] C:\Program Files\<DIR> InstallShield Installation Information [11/14/2008\|07:10] C:\Program Files\<DIR> Internet Explorer [10/06/2008\|12:13] C:\Program Files\<DIR> iPod [10/06/2008\|12:13] C:\Program Files\<DIR> iTunes [10/30/2008\|06:11] C:\Program Files\<DIR> Java [11/23/2008\|04:55] C:\Program Files\<DIR> Lavasoft [07/09/2008\|06:27] C:\Program Files\<DIR> Linksys Wireless-G USB Wireless Network Monitor [11/01/2008\|05:29] C:\Program Files\<DIR> Messenger [12/23/2007\|04:42] C:\Program Files\<DIR> Microsoft ActiveSync [07/28/2005\|07:38] C:\Program Files\<DIR> microsoft frontpage [01/29/2008\|07:33] C:\Program Files\<DIR> Microsoft Hardware [12/23/2007\|04:42] C:\Program Files\<DIR> Microsoft Office [11/01/2008\|05:26] C:\Program Files\<DIR> Movie Maker [11/14/2008\|07:13] C:\Program Files\<DIR> MSBuild [07/28/2005\|07:38] C:\Program Files\<DIR> MSN [07/28/2005\|07:38] C:\Program Files\<DIR> MSN Gaming Zone [12/28/2007\|04:24] C:\Program Files\<DIR> MSXML 4.0 [11/01/2008\|05:24] C:\Program Files\<DIR> NetMeeting [02/16/2008\|03:50] C:\Program Files\<DIR> NJStar Japanese WP [11/23/2008\|09:07] C:\Program Files\<DIR> Norton Security Scan [12/22/2007\|06:25] C:\Program Files\<DIR> Online Services [08/18/2008\|06:48] C:\Program Files\<DIR> OpenOffice.org 2.3 [11/01/2008\|05:24] C:\Program Files\<DIR> Outlook Express [11/14/2008\|07:15] C:\Program Files\<DIR> Paint.NET [10/22/2008\|09:42] C:\Program Files\<DIR> Picasa2 [09/14/2008\|05:28] C:\Program Files\<DIR> QuickTime [12/24/2007\|09:16] C:\Program Files\<DIR> Realtek [11/14/2008\|07:12] C:\Program Files\<DIR> Reference Assemblies [11/23/2008\|07:05] C:\Program Files\<DIR> Spybot - Search & Destroy [11/23/2008\|09:05] C:\Program Files\<DIR> Spyware Doctor [10/26/2008\|05:58] C:\Program Files\<DIR> TheSimsResource [11/23/2008\|10:43] C:\Program Files\<DIR> Trend Micro [07/28/2005\|07:38] C:\Program Files\<DIR> Uninstall Information [08/30/2008\|06:06] C:\Program Files\<DIR> VGA USB Camera [06/03/2008\|08:23] C:\Program Files\<DIR> Viewpoint [10/23/2008\|04:56] C:\Program Files\<DIR> Walmart MP3 Music Downloads [01/17/2008\|03:38] C:\Program Files\<DIR> WiFiConnector [11/18/2008\|10:36] C:\Program Files\<DIR> Windows Live [01/19/2008\|11:20] C:\Program Files\<DIR> Windows Media Connect 2 [11/01/2008\|05:24] C:\Program Files\<DIR> Windows Media Player [11/01/2008\|05:24] C:\Program Files\<DIR> Windows NT [07/28/2005\|07:38] C:\Program Files\<DIR> WindowsUpdate [06/10/2008\|08:50] C:\Program Files\<DIR> WinRAR [07/28/2005\|07:38] C:\Program Files\<DIR> xerox [02/29/2008\|04:02] C:\Program Files\<DIR> Yahoo! --------------------\\ Listing Folders in C:\Program Files\Common Files [10/24/2008\|06:56] C:\Program Files\Common Files\<DIR> Adobe [06/03/2008\|08:23] C:\Program Files\Common Files\<DIR> AOL [09/14/2008\|05:28] C:\Program Files\Common Files\<DIR> Apple [08/30/2008\|06:13] C:\Program Files\Common Files\<DIR> ArcSoft [12/23/2007\|04:42] C:\Program Files\Common Files\<DIR> DESIGNER [12/27/2007\|07:04] C:\Program Files\Common Files\<DIR> Hewlett-Packard [10/17/2008\|05:32] C:\Program Files\Common Files\<DIR> InstallShield [12/24/2007\|07:05] C:\Program Files\Common Files\<DIR> Java [06/16/2008\|07:38] C:\Program Files\Common Files\<DIR> Microsoft Shared [07/28/2005\|07:38] C:\Program Files\Common Files\<DIR> MSSoap [07/28/2005\|07:38] C:\Program Files\Common Files\<DIR> ODBC [12/22/2007\|06:32] C:\Program Files\Common Files\<DIR> Services [07/28/2005\|07:38] C:\Program Files\Common Files\<DIR> SpeechEngines [11/23/2008\|09:08] C:\Program Files\Common Files\<DIR> Symantec Shared [11/01/2008\|05:24] C:\Program Files\Common Files\<DIR> System [12/24/2007\|06:02] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller [11/23/2008\|04:55] C:\Program Files\Common Files\<DIR> Wise Installation Wizard --------------------\\ Process ( 49 Processes ) iexplore.exe ~ [PID:3052] --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders C:\DOCUME~1\Robert\LOCALS~1\Temp\nsh62.tmp C:\DOCUME~1\Robert\Cookies\robert@advertising[1].txt C:\DOCUME~1\Robert\Cookies\robert@adopt.euroclick[2].txt --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-24 06:41:31 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Searching for other infections No other infections found ! [F:40][D:22]-> C:\DOCUME~1\Robert\LOCALS~1\Temp [F:391][D:0]-> C:\DOCUME~1\Robert\Cookies [F:1432][D:26]-> C:\DOCUME~1\Robert\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - Mon 11/24/2008\| 6:43 - Option : [1] --------------------\\ Scan completed at 6:43:24

Rorschach112 View Member Profile	Nov 24 2008, 10:45 AM Post #4
GeekU Teacher Posts: 34,358 From: Dublin OS: XP	Hello Download random's system information tool (RSIT) by random/random from here and save it to your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Sazerac View Member Profile	Nov 24 2008, 10:51 AM Post #5
New Member Posts: 8 OS: Windows XP	Ok, here's the maximized one... Logfile of random's system information tool 1.04 (written by random/random) Run by Robert at 2008-11-24 06:48:41 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 60 GB (63%) free of 95 GB Total RAM: 1919 MB (71% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 06:48:46 AM, on 11/24/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\PixArt\PAC7302\Monitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Documents and Settings\Robert\Application Data\gadcom\gadcom.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Apple Software Update\SoftwareUpdate.exe C:\WINDOWS\system32\DllHost.exe C:\Documents and Settings\Robert\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Robert.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {26718452-E867-4821-A306-C9B7B5A5511A} - C:\WINDOWS\system32\qoMccBqO.dll (file missing) O2 - BHO: (no name) - {73259091-9574-4ED8-A40F-7F65AFC28634} - C:\WINDOWS\system32\pmnmmLDt.dll (file missing) O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [DriverCD] D:\Run.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Robert\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.gaiaonline.com O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab O20 - Winlogon Notify: acpiz - acpiz.dll (file missing) O20 - Winlogon Notify: pmnmmLDt - pmnmmLDt.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -- End of file - 9584 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Norton Security Scan for Robert.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26718452-E867-4821-A306-C9B7B5A5511A}] C:\WINDOWS\system32\qoMccBqO.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73259091-9574-4ED8-A40F-7F65AFC28634}] C:\WINDOWS\system32\pmnmmLDt.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-30 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-22 652784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-30 34816] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-30 136600] "DriverCD"=D:\Run.exe [] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-10-29 16269312] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-15 2879488] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-02 69632] "HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664] "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952] "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392] "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088] "nwiz"=nwiz.exe /install [] "POINTER"=point32.exe [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016] "PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936] "ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler [] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-08-20 443968] "Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704] "Aim6"=C:\Program Files\AIM6\aim6.exe [2008-06-19 50528] "EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2008-06-13 2752512] "gadcom"=C:\Documents and Settings\Robert\Application Data\gadcom\gadcom.exe [2008-11-23 56320] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acpiz] acpiz.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnmmLDt] pmnmmLDt.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{73259091-9574-4ED8-A40F-7F65AFC28634}"=C:\WINDOWS\system32\pmnmmLDt.dll [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 C:\WINDOWS\system32\qoMccBqO [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\acup.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\acup.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\WiFiConnector\NintendoWFCReg.exe"="C:\Program Files\WiFiConnector\NintendoWFCReg.exe::Enabled:Nintendo Wi-Fi USB Connector" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe::Enabled:Yahoo! Messenger" "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe::Enabled:Yahoo! FT Server" "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe::Enabled:Veoh Client" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe::Enabled:AOL Loader" "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe::Enabled:AIM" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe::Enabled:Microsoft DirectPlay Voice Test" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe::Enabled:rundll32" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe::Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes" "C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe::Enabled:EA Download Manager" "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe::Enabled:Veoh Web Player " "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)" ======List of files/folders created in the last 1 months====== 2008-11-24 06:48:41 ----D---- C:\rsit 2008-11-24 06:40:47 ----A---- C:\lopR.txt 2008-11-24 06:40:28 ----D---- C:\Lop SD 2008-11-23 22:43:26 ----D---- C:\Program Files\Trend Micro 2008-11-23 19:47:29 ----D---- C:\Program Files\Spyware Doctor 2008-11-23 19:47:29 ----D---- C:\Documents and Settings\Robert\Application Data\PC Tools 2008-11-23 19:08:59 ----A---- C:\WINDOWS\system32\tmp.txt 2008-11-23 19:08:42 ----A---- C:\rapport.txt 2008-11-23 19:06:14 ----A---- C:\WINDOWS\ntbtlog.txt 2008-11-23 18:49:34 ----A---- C:\WINDOWS\wininit.ini 2008-11-23 18:30:35 ----D---- C:\Program Files\Spybot - Search & Destroy 2008-11-23 18:30:35 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-23 16:55:49 ----D---- C:\Program Files\Lavasoft 2008-11-23 16:55:48 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-11-23 16:55:12 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2008-11-23 16:22:34 ----A---- C:\WINDOWS\system32\jpwnw64p.exe 2008-11-23 15:05:41 ----D---- C:\Documents and Settings\Robert\Application Data\IUpd721 2008-11-23 15:02:37 ----A---- C:\WINDOWS\system32\crzevxooacz.dll-uninst.exe 2008-11-23 15:02:08 ----A---- C:\WINDOWS\system32\mcntqkdm.exe 2008-11-23 15:00:24 ----A---- C:\WINDOWS\system32\urqNFxUm.dll 2008-11-23 15:00:23 ----D---- C:\Documents and Settings\Robert\Application Data\NI.GSCNS 2008-11-23 14:57:29 ----A---- C:\WINDOWS\system32\27206e9d-.txt 2008-11-23 14:52:05 ----SHD---- C:\WINDOWS\Um9iZXJ0 2008-11-23 14:51:59 ----D---- C:\Documents and Settings\Robert\Application Data\gadcom 2008-11-23 14:51:52 ----D---- C:\WINDOWS\system32\x4 2008-11-23 14:51:52 ----D---- C:\WINDOWS\system32\mp 2008-11-23 14:51:52 ----D---- C:\WINDOWS\system32\ID2 2008-11-23 14:51:52 ----D---- C:\WINDOWS\system32\gp2 2008-11-23 14:51:52 ----D---- C:\WINDOWS\system32\dim 2008-11-14 19:15:29 ----D---- C:\Program Files\Paint.NET 2008-11-14 19:13:06 ----D---- C:\WINDOWS\system32\XPSViewer 2008-11-14 19:13:01 ----D---- C:\Program Files\MSBuild 2008-11-14 19:12:48 ----D---- C:\Program Files\Reference Assemblies 2008-11-14 19:11:47 ----A---- C:\WINDOWS\system32\prntvpt.dll 2008-11-14 19:11:46 ----D---- C:\b952852cf86c16943d45 2008-11-14 19:11:46 ----A---- C:\WINDOWS\system32\xpssvcs.dll 2008-11-14 19:11:46 ----A---- C:\WINDOWS\system32\xpsshhdr.dll 2008-11-14 19:11:03 ----RSD---- C:\WINDOWS\assembly 2008-11-14 19:10:42 ----D---- C:\WINDOWS\Microsoft.NET 2008-11-12 16:20:49 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2008-11-12 16:20:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2008-11-12 16:20:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2008-11-02 14:23:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2008-11-01 18:24:40 ----D---- C:\WINDOWS\Prefetch 2008-11-01 17:30:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2008-11-01 17:30:14 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2008-11-01 17:30:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2008-11-01 17:30:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2008-11-01 17:29:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2008-11-01 17:29:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2008-11-01 17:29:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2008-11-01 17:29:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2008-11-01 17:29:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2008-11-01 17:29:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2008-11-01 17:29:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$ 2008-11-01 17:29:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2008-11-01 17:29:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2008-11-01 17:29:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2008-11-01 17:29:06 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2008-11-01 17:29:03 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2008-11-01 17:26:15 ----D---- C:\WINDOWS\system32\scripting 2008-11-01 17:26:14 ----D---- C:\WINDOWS\system32\en 2008-11-01 17:26:14 ----D---- C:\WINDOWS\system32\bits 2008-11-01 17:26:14 ----D---- C:\WINDOWS\l2schemas 2008-11-01 17:24:41 ----D---- C:\WINDOWS\ServicePackFiles 2008-11-01 17:19:14 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2008-11-01 17:19:10 ----D---- C:\WINDOWS\EHome 2008-11-01 11:24:21 ----A---- C:\WINDOWS\system32\wmphoto.dll 2008-11-01 11:24:17 ----A---- C:\WINDOWS\system32\wlanapi.dll 2008-11-01 11:24:15 ----A---- C:\WINDOWS\system32\windowscodecsext.dll 2008-11-01 11:24:15 ----A---- C:\WINDOWS\system32\windowscodecs.dll 2008-11-01 11:24:05 ----A---- C:\WINDOWS\system32\tspkg.dll 2008-11-01 11:24:04 ----A---- C:\WINDOWS\system32\tsgqec.dll 2008-11-01 11:23:57 ----A---- C:\WINDOWS\system32\spupdwxp.exe 2008-11-01 11:23:55 ----A---- C:\WINDOWS\system32\spdwnwxp.exe 2008-11-01 11:23:54 ----N---- C:\WINDOWS\slrundll.exe 2008-11-01 11:23:54 ----A---- C:\WINDOWS\system32\slserv.exe 2008-11-01 11:23:54 ----A---- C:\WINDOWS\system32\slrundll.exe 2008-11-01 11:23:54 ----A---- C:\WINDOWS\system32\slgen.dll 2008-11-01 11:23:53 ----A---- C:\WINDOWS\system32\slextspk.dll 2008-11-01 11:23:53 ----A---- C:\WINDOWS\system32\slcoinst.dll 2008-11-01 11:23:49 ----A---- C:\WINDOWS\system32\setupn.exe 2008-11-01 11:23:46 ----A---- C:\WINDOWS\system32\s3gnb.dll 2008-11-01 11:23:45 ----A---- C:\WINDOWS\system32\rhttpaa.dll 2008-11-01 11:23:43 ----A---- C:\WINDOWS\system32\rasqec.dll 2008-11-01 11:23:42 ----A---- C:\WINDOWS\system32\qutil.dll 2008-11-01 11:23:41 ----A---- C:\WINDOWS\system32\qcliprov.dll 2008-11-01 11:23:41 ----A---- C:\WINDOWS\system32\qagentrt.dll 2008-11-01 11:23:41 ----A---- C:\WINDOWS\system32\qagent.dll 2008-11-01 11:23:39 ----A---- C:\WINDOWS\system32\photometadatahandler.dll 2008-11-01 11:23:35 ----A---- C:\WINDOWS\system32\onex.dll 2008-11-01 11:23:22 ----A---- C:\WINDOWS\system32\napstat.exe 2008-11-01 11:23:22 ----A---- C:\WINDOWS\system32\napmontr.dll 2008-11-01 11:23:22 ----A---- C:\WINDOWS\system32\napipsec.dll 2008-11-01 11:23:21 ----A---- C:\WINDOWS\system32\mtxparhd.dll 2008-11-01 11:23:20 ----A---- C:\WINDOWS\system32\msxml6r.dll 2008-11-01 11:23:20 ----A---- C:\WINDOWS\system32\msxml6.dll 2008-11-01 11:23:17 ----A---- C:\WINDOWS\system32\msshavmsg.dll 2008-11-01 11:23:17 ----A---- C:\WINDOWS\system32\mssha.dll 2008-11-01 11:22:57 ----A---- C:\WINDOWS\system32\mmcperf.exe 2008-11-01 11:22:56 ----A---- C:\WINDOWS\system32\mmcfxcommon.dll 2008-11-01 11:22:56 ----A---- C:\WINDOWS\system32\mmcex.dll 2008-11-01 11:22:56 ----A---- C:\WINDOWS\system32\microsoft.managementconsole.dll 2008-11-01 11:22:50 ----A---- C:\WINDOWS\system32\mdmxsdk.dll 2008-11-01 11:22:26 ----A---- C:\WINDOWS\system32\l2gpstore.dll 2008-11-01 11:22:24 ----A---- C:\WINDOWS\system32\kmsvc.dll 2008-11-01 11:22:22 ----A---- C:\WINDOWS\system32\kbdpash.dll 2008-11-01 11:22:22 ----A---- C:\WINDOWS\system32\kbdnepr.dll 2008-11-01 11:22:22 ----A---- C:\WINDOWS\system32\kbdiultn.dll 2008-11-01 11:22:21 ----A---- C:\WINDOWS\system32\kbdbhc.dll 2008-11-01 11:22:01 ----A---- C:\WINDOWS\system32\hsfcisp2.dll 2008-11-01 11:21:45 ----A---- C:\WINDOWS\system32\faxpatch.exe 2008-11-01 11:21:45 ----A---- C:\WINDOWS\002777_.tmp 2008-11-01 11:21:39 ----A---- C:\WINDOWS\system32\eapsvc.dll 2008-11-01 11:21:39 ----A---- C:\WINDOWS\system32\eapqec.dll 2008-11-01 11:21:39 ----A---- C:\WINDOWS\system32\eappprxy.dll 2008-11-01 11:21:39 ----A---- C:\WINDOWS\system32\eapphost.dll 2008-11-01 11:21:39 ----A---- C:\WINDOWS\system32\eappgnui.dll 2008-11-01 11:21:39 ----A---- C:\WINDOWS\system32\eappcfg.dll 2008-11-01 11:21:39 ----A---- C:\WINDOWS\system32\eapp3hst.dll 2008-11-01 11:21:39 ----A---- C:\WINDOWS\system32\eapolqec.dll 2008-11-01 11:21:31 ----A---- C:\WINDOWS\system32\dot3ui.dll 2008-11-01 11:21:31 ----A---- C:\WINDOWS\system32\dot3svc.dll 2008-11-01 11:21:31 ----A---- C:\WINDOWS\system32\dot3msm.dll 2008-11-01 11:21:31 ----A---- C:\WINDOWS\system32\dot3gpclnt.dll 2008-11-01 11:21:31 ----A---- C:\WINDOWS\system32\dot3dlg.dll 2008-11-01 11:21:31 ----A---- C:\WINDOWS\system32\dot3cfg.dll 2008-11-01 11:21:31 ----A---- C:\WINDOWS\system32\dot3api.dll 2008-11-01 11:21:29 ----A---- C:\WINDOWS\system32\dimsroam.dll 2008-11-01 11:21:29 ----A---- C:\WINDOWS\system32\dimsntfy.dll 2008-11-01 11:21:29 ----A---- C:\WINDOWS\system32\dhcpqec.dll 2008-11-01 11:21:22 ----A---- C:\WINDOWS\system32\credssp.dll 2008-11-01 11:21:13 ----A---- C:\WINDOWS\system32\bitsprx4.dll 2008-11-01 11:21:12 ----A---- C:\WINDOWS\system32\azroles.dll 2008-11-01 11:21:10 ----A---- C:\WINDOWS\system32\ativvaxx.dll 2008-11-01 11:21:10 ----A---- C:\WINDOWS\system32\ativtmxx.dll 2008-11-01 11:21:10 ----A---- C:\WINDOWS\system32\ati3duag.dll 2008-11-01 11:21:09 ----A---- C:\WINDOWS\system32\ati3d1ag.dll 2008-11-01 11:21:09 ----A---- C:\WINDOWS\system32\ati2dvag.dll 2008-11-01 11:21:09 ----A---- C:\WINDOWS\system32\ati2dvaa.dll 2008-11-01 11:21:09 ----A---- C:\WINDOWS\system32\ati2cqag.dll 2008-11-01 11:20:53 ----A---- C:\WINDOWS\system32\aaclient.dll 2008-10-30 18:11:51 ----A---- C:\WINDOWS\system32\javaws.exe 2008-10-30 18:11:51 ----A---- C:\WINDOWS\system32\javaw.exe 2008-10-30 18:11:51 ----A---- C:\WINDOWS\system32\java.exe 2008-10-30 18:11:51 ----A---- C:\WINDOWS\system32\deploytk.dll 2008-10-26 17:58:17 ----D---- C:\Program Files\TheSimsResource ======List of files/folders modified in the last 1 months====== 2008-11-24 06:39:58 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2008-11-24 06:37:08 ----D---- C:\WINDOWS 2008-11-24 06:34:28 ----D---- C:\WINDOWS\Temp 2008-11-24 06:33:45 ----D---- C:\WINDOWS\system32\drivers 2008-11-23 23:00:46 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-23 22:43:26 ----RD---- C:\Program Files 2008-11-23 22:41:50 ----D---- C:\Program Files\Hijackthis 2008-11-23 22:09:10 ----D---- C:\WINDOWS\system32 2008-11-23 21:13:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-11-23 21:08:28 ----D---- C:\Program Files\Common Files\Symantec Shared 2008-11-23 21:07:42 ----D---- C:\Program Files\Norton Security Scan 2008-11-23 19:52:03 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-11-23 19:48:25 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-11-23 18:49:36 ----D---- C:\TEMP 2008-11-23 18:14:00 ----SD---- C:\WINDOWS\Tasks 2008-11-23 16:56:33 ----SHD---- C:\WINDOWS\Installer 2008-11-23 16:55:12 ----D---- C:\Program Files\Common Files 2008-11-23 16:50:29 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-23 08:49:21 ----D---- C:\WINDOWS\system32\Macromed 2008-11-22 09:43:04 ----HD---- C:\WINDOWS\inf 2008-11-19 20:21:56 ----D---- C:\WINDOWS\.jagex_cache_32 2008-11-18 22:36:51 ----D---- C:\Program Files\Windows Live 2008-11-18 21:17:07 ----A---- C:\WINDOWS\win.ini 2008-11-18 18:20:35 ----D---- C:\Program Files\EA GAMES 2008-11-17 15:29:53 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-11-17 06:44:26 ----D---- C:\WINDOWS\Help 2008-11-14 19:15:47 ----D---- C:\WINDOWS\WinSxS 2008-11-14 19:13:03 ----D---- C:\WINDOWS\system32\en-US 2008-11-14 19:12:53 ----RSD---- C:\WINDOWS\Fonts 2008-11-14 19:12:12 ----D---- C:\WINDOWS\system32\spool 2008-11-14 19:10:46 ----D---- C:\WINDOWS\system32\mui 2008-11-14 19:10:46 ----D---- C:\Program Files\Internet Explorer 2008-11-12 16:20:49 ----HD---- C:\WINDOWS\$hf_mig$ 2008-11-12 16:20:29 ----A---- C:\WINDOWS\imsins.BAK 2008-11-03 14:10:25 ----A---- C:\WINDOWS\system32\MRT.exe 2008-11-01 18:25:47 ----A---- C:\WINDOWS\OEWABLog.txt 2008-11-01 18:24:44 ----A---- C:\WINDOWS\setuplog.txt 2008-11-01 18:24:09 ----D---- C:\WINDOWS\system32\wbem 2008-11-01 18:24:09 ----D---- C:\WINDOWS\system32\Setup 2008-11-01 18:24:09 ----D---- C:\WINDOWS\AppPatch 2008-11-01 18:23:31 ----D---- C:\WINDOWS\security 2008-11-01 17:30:20 ----D---- C:\WINDOWS\system32\CatRoot 2008-11-01 17:29:08 ----D---- C:\Program Files\Messenger 2008-11-01 17:26:25 ----D---- C:\WINDOWS\network diagnostic 2008-11-01 17:26:24 ----D---- C:\WINDOWS\ime 2008-11-01 17:26:15 ----D---- C:\WINDOWS\system32\usmt 2008-11-01 17:26:14 ----D---- C:\WINDOWS\PeerNet 2008-11-01 17:26:14 ----D---- C:\Program Files\Movie Maker 2008-11-01 17:24:36 ----D---- C:\WINDOWS\system32\Restore 2008-11-01 17:24:36 ----D---- C:\WINDOWS\system32\npp 2008-11-01 17:24:35 ----D---- C:\WINDOWS\msagent 2008-11-01 17:24:34 ----D---- C:\WINDOWS\srchasst 2008-11-01 17:24:32 ----D---- C:\Program Files\NetMeeting 2008-11-01 17:24:31 ----D---- C:\WINDOWS\system32\Com 2008-11-01 17:24:29 ----D---- C:\Program Files\Windows Media Player 2008-11-01 17:24:28 ----D---- C:\Program Files\Windows NT 2008-11-01 17:24:28 ----D---- C:\Program Files\Outlook Express 2008-11-01 17:24:26 ----D---- C:\Program Files\Common Files\System 2008-11-01 17:24:08 ----D---- C:\WINDOWS\system32\oobe 2008-11-01 17:24:07 ----D---- C:\WINDOWS\system 2008-10-30 18:11:32 ----D---- C:\Program Files\Java 2008-10-27 22:40:29 ----D---- C:\Documents and Settings\Robert\Application Data\Adobe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 36864] R1 intelppmm;intelppmm; C:\WINDOWS\System32\drivers\intelppmm.sys [2008-11-23 86272] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-07-09 20747] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464] R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS [] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-02-25 51056] R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-02-25 16496] R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-02-25 21488] R3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-11-23 40840] R3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-11-23 66952] R3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-11-23 81288] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-02 4394496] R3 IPFilter;Microsoft IntelliPoint Features driver; C:\WINDOWS\system32\DRIVERS\IPFilter.sys [2002-04-11 11136] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-10-17 245376] S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752] S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 PAC7302;PAC7302 VGA USB Camera; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856] S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2006-04-09 162816] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-22 168432] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-30 152984] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812] R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S2 WUSB54Gv42SVC;WUSB54Gv42SVC; C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [2005-07-04 53307] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920] S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-11-23 1079176] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- And here is the minimized one... info.txt logfile of random's system information tool 1.04 2008-11-24 06:49:18 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf AbiWord's Tools Plugins (remove only)-->"C:\Program Files\AbiSuite2\AbiWord\plugins\UninstallAbiWordToolsPlugins.exe" Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log Advertisement Service-->C:\WINDOWS\system32\prunnet.exe Uninstall AIM 6-->C:\Program Files\AIM6\uninst.exe Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAB2A3A6-6789-4260-9966-517498589AB5}\setup.exe" -l0x9 ArcSoft VideoImpression 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{244E21B9-164C-4EC1-AED8-9BD64161E66D}\setup.exe" -l0x9 Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} DriverAgent by TouchStone Software-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033 Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" Hijackthis 1.99.1-->"C:\Program Files\Hijackthis\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" HP PSC & OfficeJet 3.5-->"C:\Program Files\HP\Digital Imaging\{18E0918E-1060-48f3-925C-56C82E88551B}\setup\hpzscr01.exe" -datfile hposcr03.dat iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843} Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF} Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Linksys Wireless-G USB Network Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9 Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MySidesearch Search Assistant Bfinding-->C:\WINDOWS\system32\crzevxooacz.dll-uninst.exe Nintendo Wi-Fi USB Connector Registration Tool-->C:\Program Files\WiFiConnector\SoftAPUninst.exe NJStar Japanese WP-->C:\Program Files\NJStar Japanese WP\uninst.exe Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{795AF20A-51C5-4BAF-9EF5-AA38105C6141}_2_0_0\NSSSetup.exe" /X Norton Security Scan-->MsiExec.exe /X{795AF20A-51C5-4BAF-9EF5-AA38105C6141} NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F} Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe" QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB} Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG StoryWizard 1.4.0-->MsiExec.exe /I{1ABDFC16-15C7-4DEB-AF02-9F866C7259AB} The Sims 2 Nightlife-->C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe The Sims 2 Open For Business-->C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe The Sims 2 Pets-->C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe The Sims™ 2 Apartment Life-->C:\Program Files\EA GAMES\The Sims 2 Apartment Life\EAUninstall.exe The Sims™ 2 Bon Voyage-->C:\Program Files\EA GAMES\The Sims 2 Bon Voyage\EAUninstall.exe The Sims™ 2 FreeTime-->C:\Program Files\EA GAMES\The Sims 2 FreeTime\EAUninstall.exe The Sims™ 2 H&M® Fashion Stuff-->C:\Program Files\EA GAMES\The Sims 2 H&M® Fashion Stuff\

Rorschach112 View Member Profile	Nov 24 2008, 10:56 AM Post #6
GeekU Teacher Posts: 34,358 From: Dublin OS: XP	Hello Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present): Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} 1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present): O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {26718452-E867-4821-A306-C9B7B5A5511A} - C:\WINDOWS\system32\qoMccBqO.dll (file missing) O2 - BHO: (no name) - {73259091-9574-4ED8-A40F-7F65AFC28634} - C:\WINDOWS\system32\pmnmmLDt.dll (file missing) O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Robert\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 O20 - Winlogon Notify: acpiz - acpiz.dll (file missing) O20 - Winlogon Notify: pmnmmLDt - pmnmmLDt.dll (file missing) 2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis. Please download the OTMoveIt3 by OldTimer or from here. Save it to your desktop. Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): CODE :Processes explorer.exe :Services :Reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{73259091-9574-4ED8-A40F-7F65AFC28634}"=- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\acup.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\acup.sys] :files C:\WINDOWS\system32\jpwnw64p.exe C:\WINDOWS\system32\crzevxooacz.dll-uninst.exe C:\WINDOWS\system32\mcntqkdm.exe C:\WINDOWS\system32\urqNFxUm.dll C:\WINDOWS\system32\27206e9d-.txt C:\Documents and Settings\Robert\Application Data\IUpd721 C:\Documents and Settings\Robert\Application Data\NI.GSCNS C:\WINDOWS\Um9iZXJ0 C:\Documents and Settings\Robert\Application Data\gadcom C:\WINDOWS\system32\x4 C:\WINDOWS\system32\mp C:\WINDOWS\system32\ID2 C:\WINDOWS\system32\gp2 C:\WINDOWS\system32\dim :Commands [purity] [emptytemp] [start explorer] [Reboot] Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt3 Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. Also post a new RSit log

Sazerac View Member Profile	Nov 24 2008, 11:10 AM Post #7
New Member Posts: 8 OS: Windows XP	Ok, here's the MoveIt... ========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{73259091-9574-4ED8-A40F-7F65AFC28634} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73259091-9574-4ED8-A40F-7F65AFC28634}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"authentication packages"\|msv1_0 /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\acup.sys\\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\acup.sys\\ deleted successfully. ========== FILES ========== C:\WINDOWS\system32\jpwnw64p.exe moved successfully. C:\WINDOWS\system32\crzevxooacz.dll-uninst.exe moved successfully. C:\WINDOWS\system32\mcntqkdm.exe moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\urqNFxUm.dll C:\WINDOWS\system32\urqNFxUm.dll NOT unregistered. C:\WINDOWS\system32\urqNFxUm.dll moved successfully. C:\WINDOWS\system32\27206e9d-.txt moved successfully. C:\Documents and Settings\Robert\Application Data\IUpd721\Logs moved successfully. C:\Documents and Settings\Robert\Application Data\IUpd721 moved successfully. C:\Documents and Settings\Robert\Application Data\NI.GSCNS moved successfully. C:\WINDOWS\Um9iZXJ0 moved successfully. C:\Documents and Settings\Robert\Application Data\gadcom moved successfully. C:\WINDOWS\system32\x4 moved successfully. C:\WINDOWS\system32\mp moved successfully. C:\WINDOWS\system32\ID2 moved successfully. C:\WINDOWS\system32\gp2 moved successfully. C:\WINDOWS\system32\dim moved successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Robert\LOCALS~1\Temp\Perflib_Perfdata_52c.dat scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Robert\LOCALS~1\Temp\~DF217E.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Robert\LOCALS~1\Temp\~DF2189.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Robert\LOCALS~1\Temp\~DF21F4.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Robert\LOCALS~1\Temp\~DF21FF.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_180.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11242008_070327 Files moved on Reboot... File C:\DOCUME~1\Robert\LOCALS~1\Temp\Perflib_Perfdata_52c.dat not found! File C:\DOCUME~1\Robert\LOCALS~1\Temp\~DF217E.tmp not found! File C:\DOCUME~1\Robert\LOCALS~1\Temp\~DF2189.tmp not found! File C:\DOCUME~1\Robert\LOCALS~1\Temp\~DF21F4.tmp not found! File C:\DOCUME~1\Robert\LOCALS~1\Temp\~DF21FF.tmp not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot. File C:\WINDOWS\temp\Perflib_Perfdata_180.dat not found! And here's the new log for RSIT... Logfile of random's system information tool 1.04 (written by random/random) Run by Robert at 2008-11-24 07:09:11 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 60 GB (63%) free of 95 GB Total RAM: 1919 MB (72% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:09:18 AM, on 11/24/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\PixArt\PAC7302\Monitor.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\Robert\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Robert.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [DriverCD] D:\Run.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.gaiaonline.com O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -- End of file - 8925 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Norton Security Scan for Robert.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-30 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-22 652784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-30 34816] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "DriverCD"=D:\Run.exe [] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-10-29 16269312] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-15 2879488] "HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664] "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952] "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392] "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088] "nwiz"=nwiz.exe /install [] "POINTER"=point32.exe [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016] "PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936] "ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler [] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-30 136600] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-08-20 443968] "Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704] "Aim6"=C:\Program Files\AIM6\aim6.exe [2008-06-19 50528] "EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2008-06-13 2752512] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\WiFiConnector\NintendoWFCReg.exe"="C:\Program Files\WiFiConnector\NintendoWFCReg.exe::Enabled:Nintendo Wi-Fi USB Connector" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe::Enabled:Yahoo! Messenger" "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe::Enabled:Yahoo! FT Server" "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe::Enabled:Veoh Client" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe::Enabled:AOL Loader" "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe::Enabled:AIM" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe::Enabled:Microsoft DirectPlay Voice Test" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe::Enabled:rundll32" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe::Enabled:Bonjour" "C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe::Enabled:EA Download Manager" "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe::Enabled:Veoh Web Player " "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)" ======List of files/folders created in the last 1 months====== 2008-11-24 07:03:27 ----D---- C:\_OTMoveIt 2008-11-24 06:57:38 ----D---- C:\Program Files\iPod 2008-11-24 06:57:34 ----D---- C:\Program Files\iTunes 2008-11-24 06:57:34 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-24 06:55:53 ----D---- C:\Program Files\QuickTime 2008-11-24 06:55:23 ----SHD---- C:\Config.Msi 2008-11-24 06:48:41 ----D---- C:\rsit 2008-11-24 06:40:47 ----A---- C:\lopR.txt 2008-11-24 06:40:28 ----D---- C:\Lop SD 2008-11-23 22:43:26 ----D---- C:\Program Files\Trend Micro 2008-11-23 19:47:29 ----D---- C:\Program Files\Spyware Doctor 2008-11-23 19:47:29 ----D---- C:\Documents and Settings\Robert\Application Data\PC Tools 2008-11-23 19:08:59 ----A---- C:\WINDOWS\system32\tmp.txt 2008-11-23 19:08:42 ----A---- C:\rapport.txt 2008-11-23 19:06:14 ----A---- C:\WINDOWS\ntbtlog.txt 2008-11-23 18:49:34 ----A---- C:\WINDOWS\wininit.ini 2008-11-23 18:30:35 ----D---- C:\Program Files\Spybot - Search & Destroy 2008-11-23 18:30:35 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-23 16:55:49 ----D---- C:\Program Files\Lavasoft 2008-11-23 16:55:48 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-11-23 16:55:12 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2008-11-14 19:15:29 ----D---- C:\Program Files\Paint.NET 2008-11-14 19:13:06 ----D---- C:\WINDOWS\system32\XPSViewer 2008-11-14 19:13:01 ----D---- C:\Program Files\MSBuild 2008-11-14 19:12:48 ----D---- C:\Program Files\Reference Assemblies 2008-11-14 19:11:47 ----A---- C:\WINDOWS\system32\prntvpt.dll 2008-11-14 19:11:46 ----D---- C:\b952852cf86c16943d45 2008-11-14 19:11:46 ----A---- C:\WINDOWS\system32\xpssvcs.dll 2008-11-14 19:11:46 ----A---- C:\WINDOWS\system32\xpsshhdr.dll 2008-11-14 19:11:03 ----RSD---- C:\WINDOWS\assembly 2008-11-14 19:10:42 ----D---- C:\WINDOWS\Microsoft.NET 2008-11-12 16:20:49 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2008-11-12 16:20:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2008-11-12 16:20:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2008-11-02 14:23:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2008-11-01 18:24:40 ----D---- C:\WINDOWS\Prefetch 2008-11-01 17:30:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2008-11-01 17:30:14 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2008-11-01 17:30:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2008-11-01 17:30:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2008-11-01 17:29:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2008-11-01 17:29:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2008-11-01 17:29:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2008-11-01 17:29:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2008-11-01 17:29:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2008-11-01 17:29:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2008-11-01 17:29:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$ 2008-11-01 17:29:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2008-11-01 17:29:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2008-11-01 17:29:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2008-11-01 17:29:06 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2008-11-01 17:29:03 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2008-11-01 17:26:15 ----D---- C:\WINDOWS\system32\scripting 2008-11-01 17:26:14 ----D---- C:\WINDOWS\system32\en 2008-11-01 17:26:14 ----D---- C:\WINDOWS\system32\bits 2008-11-01 17:26:14 ----D---- C:\WINDOWS\l2schemas 2008-11-01 17:24:41 ----D---- C:\WINDOWS\ServicePackFiles 2008-11-01 17:19:14 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2008-11-01 17:19:10 ----D---- C:\WINDOWS\EHome 2008-11-01 11:24:21 ----A---- C:\WINDOWS\system32\wmphoto.dll 2008-11-01 11:24:17 ----A---- C:\WINDOWS\system32\wlanapi.dll 2008-11-01 11:24:15 ----A---- C:\WINDOWS\system32\windowscodecsext.dll 2008-11-01 11:24:15 ----A---- C:\WINDOWS\system32\windowscodecs.dll 2008-11-01 11:24:05 ----A---- C:\WINDOWS\system32\tspkg.dll 2008-11-01 11:24:04 ----A---- C:\WINDOWS\system32\tsgqec.dll 2008-11-01 11:23:57 ----A---- C:\WINDOWS\system32\spupdwxp.exe 2008-11-01 11:23:55 ----A---- C:\WINDOWS\system32\spdwnwxp.exe 2008-11-01 11:23:54 ----N---- C:\WINDOWS\slrundll.exe 2008-11-01 11:23:54 ----A---- C:\WINDOWS\system32\slserv.exe 2008-11-01 11:23:54 ----A---- C:\WINDOWS\system32\slrundll.exe 2008-11-01 11:23:54 ----A---- C:\WINDOWS\system32\slgen.dll 2008-11-01 11:23:53 ----A---- C:\WINDOWS\system32\slextspk.dll 2008-11-01 11:23:53 ----A---- C:\WINDOWS\system32\slcoinst.dll 2008-11-01 11:23:49 ----A---- C:\WINDOWS\system32\setupn.exe 2008-11-01 11:23:46 ----A---- C:\WINDOWS\system32\s3gnb.dll 2008-11-01 11:23:45 ----A---- C:\WINDOWS\system32\rhttpaa.dll 2008-11-01 11:23:43 ----A---- C:\WINDOWS\system32\rasqec.dll 2008-11-01 11:23:42 ----A---- C:\WINDOWS\system32\qutil.dll 2008-11-01 11:23:41 ----A---- C:\WINDOWS\system32\qcliprov.dll 2008-11-01 11:23:41 ----A---- C:\WINDOWS\system32\qagentrt.dll 2008-11-01 11:23:41 ----A---- C:\WINDOWS\system32\qagent.dll 2008-11-01 11:23:39 ----A---- C:\WINDOWS\system32\photometadatahandler.dll 2008-11-01 11:23:35 ----A---- C:\WINDOWS\system32\onex.dll 2008-11-01 11:23:22 ----A---- C:\WINDOWS\system32\napstat.exe 2008-11-01 11:23:22 ----A---- C:\WINDOWS\system32\napmontr.dll 2008-11-01 11:23:22 ----A---- C:\WINDOWS\system32\napipsec.dll 2008-11-01 11:23:21 ----A---- C:\WINDOWS\system32\mtxparhd.dll 2008-11-01 11:23:20 ----A---- C:\WINDOWS\system32\msxml6r.dll 2008-11-01 11:23:20 ----A---- C:\WINDOWS\system32\msxml6.dll 2008-11-01 11:23:17 ----A---- C:\WINDOWS\system32\msshavmsg.dll 2008-11-01 11:23:17 ----A---- C:\WINDOWS\system32\mssha.dll 2008-11-01 11:22:57 ----A---- C:\WINDOWS\system32\mmcperf.exe 2008-11-01 11:22:56 ----A---- C:\WINDOWS\system32\mmcfxcommon.dll 2008-11-01 11:22:56 ----A---- C:\WINDOWS\system32\mmcex.dll 2008-11-01 11:22:56 ----A---- C:\WINDOWS\system32\microsoft.managementconsole.dll 2008-11-01 11:22:50 ----A---- C:\WINDOWS\system32\mdmxsdk.dll 2008-11-01 11:22:26 ----A---- C:\WINDOWS\system32\l2gpstore.dll 2008-11-01 11:22:24 ----A---- C:\WINDOWS\system32\kmsvc.dll 2008-11-01 11:22:22 ----A---- C:\WINDOWS\system32\kbdpash.dll 2008-11-01 11:22:22 ----A---- C:\WINDOWS\system32\kbdnepr.dll 2008-11-01 11:22:22 ----A---- C:\WINDOWS\system32\kbdiultn.dll 2008-11-01 11:22:21 ----A---- C:\WINDOWS\system32\kbdbhc.dll 2008-11-01 11:22:01 ----A---- C:\WINDOWS\system32\hsfcisp2.dll 2008-11-01 11:21:45 ----A---- C:\WINDOWS\system32\faxpatch.exe 2008-11-01 11:21:45 ----A---- C:\WINDOWS\002777_.tmp 2008-11-01 11:21:39 ----A---- C:\WINDOWS\system32\eapsvc.dll 2008-11-01 11:21:39 ----A---- C:\WINDOWS\system32\eapqec.dll 2008-11-01 11:21:39 ----A---- C:\WINDOWS\system32\eappprxy.dll 2008-11-01 11:21:39 ----A---- C:\WINDOWS\system32\eapphost.dll 2008-11-01 11:21:39 ----A---- C:\WINDOWS\system32\eappgnui.dll 2008-11-01 11:21:39 ----A---- C:\WINDOWS\system32\eappcfg.dll 2008-11-01 11:21:39 ----A---- C:\WINDOWS\system32\eapp3hst.dll 2008-11-01 11:21:39 ----A---- C:\WINDOWS\system32\eapolqec.dll 2008-11-01 11:21:31 ----A---- C:\WINDOWS\system32\dot3ui.dll 2008-11-01 11:21:31 ----A---- C:\WINDOWS\system32\dot3svc.dll 2008-11-01 11:21:31 ----A---- C:\WINDOWS\system32\dot3msm.dll 2008-11-01 11:21:31 ----A---- C:\WINDOWS\system32\dot3gpclnt.dll 2008-11-01 11:21:31 ----A---- C:\WINDOWS\system32\dot3dlg.dll 2008-11-01 11:21:31 ----A---- C:\WINDOWS\system32\dot3cfg.dll 2008-11-01 11:21:31 ----A---- C:\WINDOWS\system32\dot3api.dll 2008-11-01 11:21:29 ----A---- C:\WINDOWS\system32\dimsroam.dll 2008-11-01 11:21:29 ----A---- C:\WINDOWS\system32\dimsntfy.dll 2008-11-01 11:21:29 ----A---- C:\WINDOWS\system32\dhcpqec.dll 2008-11-01 11:21:22 ----A---- C:\WINDOWS\system32\credssp.dll 2008-11-01 11:21:13 ----A---- C:\WINDOWS\system32\bitsprx4.dll 2008-11-01 11:21:12 ----A---- C:\WINDOWS\system32\azroles.dll 2008-11-01 11:21:10 ----A---- C:\WINDOWS\system32\ativvaxx.dll 2008-11-01 11:21:10 ----A---- C:\WINDOWS\system32\ativtmxx.dll 2008-11-01 11:21:10 ----A---- C:\WINDOWS\system32\ati3duag.dll 2008-11-01 11:21:09 ----A---- C:\WINDOWS\system32\ati3d1ag.dll 2008-11-01 11:21:09 ----A---- C:\WINDOWS\system32\ati2dvag.dll 2008-11-01 11:21:09 ----A---- C:\WINDOWS\system32\ati2dvaa.dll 2008-11-01 11:21:09 ----A---- C:\WINDOWS\system32\ati2cqag.dll 2008-11-01 11:20:53 ----A---- C:\WINDOWS\system32\aaclient.dll 2008-10-30 18:11:51 ----A---- C:\WINDOWS\system32\javaws.exe 2008-10-30 18:11:51 ----A---- C:\WINDOWS\system32\javaw.exe 2008-10-30 18:11:51 ----A---- C:\WINDOWS\system32\java.exe 2008-10-30 18:11:51 ----A---- C:\WINDOWS\system32\deploytk.dll 2008-10-26 17:58:17 ----D---- C:\Program Files\TheSimsResource ======List of files/folders modified in the last 1 months====== 2008-11-24 07:06:48 ----D---- C:\WINDOWS\Temp 2008-11-24 07:04:43 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-24 07:03:28 ----D---- C:\WINDOWS\system32 2008-11-24 07:03:27 ----D---- C:\WINDOWS 2008-11-24 07:00:45 ----SHD---- C:\WINDOWS\Installer 2008-11-24 07:00:41 ----D---- C:\Program Files\Java 2008-11-24 07:00:40 ----D---- C:\Program Files\Common Files 2008-11-24 06:57:38 ----RD---- C:\Program Files 2008-11-24 06:57:38 ----D---- C:\Program Files\Common Files\Apple 2008-11-24 06:39:58 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2008-11-24 06:33:45 ----D---- C:\WINDOWS\system32\drivers 2008-11-23 22:41:50 ----D---- C:\Program Files\Hijackthis 2008-11-23 21:13:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-11-23 21:08:28 ----D---- C:\Program Files\Common Files\Symantec Shared 2008-11-23 21:07:42 ----D---- C:\Program Files\Norton Security Scan 2008-11-23 19:52:03 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-11-23 19:48:25 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-11-23 18:49:36 ----D---- C:\TEMP 2008-11-23 18:14:00 ----SD---- C:\WINDOWS\Tasks 2008-11-23 16:50:29 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-23 08:49:21 ----D---- C:\WINDOWS\system32\Macromed 2008-11-22 09:43:04 ----HD---- C:\WINDOWS\inf 2008-11-19 20:21:56 ----D---- C:\WINDOWS\.jagex_cache_32 2008-11-18 22:36:51 ----D---- C:\Program Files\Windows Live 2008-11-18 21:17:07 ----A---- C:\WINDOWS\win.ini 2008-11-18 18:20:35 ----D---- C:\Program Files\EA GAMES 2008-11-17 15:29:53 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-11-17 06:44:26 ----D---- C:\WINDOWS\Help 2008-11-14 19:15:47 ----D---- C:\WINDOWS\WinSxS 2008-11-14 19:13:03 ----D---- C:\WINDOWS\system32\en-US 2008-11-14 19:12:53 ----RSD---- C:\WINDOWS\Fonts 2008-11-14 19:12:12 ----D---- C:\WINDOWS\system32\spool 2008-11-14 19:10:46 ----D---- C:\WINDOWS\system32\mui 2008-11-14 19:10:46 ----D---- C:\Program Files\Internet Explorer 2008-11-12 16:20:49 ----HD---- C:\WINDOWS\$hf_mig$ 2008-11-12 16:20:29 ----A---- C:\WINDOWS\imsins.BAK 2008-11-03 14:10:25 ----A---- C:\WINDOWS\system32\MRT.exe 2008-11-01 18:25:47 ----A---- C:\WINDOWS\OEWABLog.txt 2008-11-01 18:24:44 ----A---- C:\WINDOWS\setuplog.txt 2008-11-01 18:24:09 ----D---- C:\WINDOWS\system32\wbem 2008-11-01 18:24:09 ----D---- C:\WINDOWS\system32\Setup 2008-11-01 18:24:09 ----D---- C:\WINDOWS\AppPatch 2008-11-01 18:23:31 ----D---- C:\WINDOWS\security 2008-11-01 17:30:20 ----D---- C:\WINDOWS\system32\CatRoot 2008-11-01 17:29:08 ----D---- C:\Program Files\Messenger 2008-11-01 17:26:25 ----D---- C:\WINDOWS\network diagnostic 2008-11-01 17:26:24 ----D---- C:\WINDOWS\ime 2008-11-01 17:26:15 ----D---- C:\WINDOWS\system32\usmt 2008-11-01 17:26:14 ----D---- C:\WINDOWS\PeerNet 2008-11-01 17:26:14 ----D---- C:\Program Files\Movie Maker 2008-11-01 17:24:36 ----D---- C:\WINDOWS\system32\Restore 2008-11-01 17:24:36 ----D---- C:\WINDOWS\system32\npp 2008-11-01 17:24:35 ----D---- C:\WINDOWS\msagent 2008-11-01 17:24:34 ----D---- C:\WINDOWS\srchasst 2008-11-01 17:24:32 ----D---- C:\Program Files\NetMeeting 2008-11-01 17:24:31 ----D---- C:\WINDOWS\system32\Com 2008-11-01 17:24:29 ----D---- C:\Program Files\Windows Media Player 2008-11-01 17:24:28 ----D---- C:\Program Files\Windows NT 2008-11-01 17:24:28 ----D---- C:\Program Files\Outlook Express 2008-11-01 17:24:26 ----D---- C:\Program Files\Common Files\System 2008-11-01 17:24:08 ----D---- C:\WINDOWS\system32\oobe 2008-11-01 17:24:07 ----D---- C:\WINDOWS\system 2008-10-27 22:40:29 ----D---- C:\Documents and Settings\Robert\Application Data\Adobe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 36864] R1 intelppmm;intelppmm; C:\WINDOWS\System32\drivers\intelppmm.sys [2008-11-23 86272] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-07-09 20747] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464] R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS [] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-02-25 51056] R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-02-25 16496] R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-02-25 21488] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-02 4394496] R3 IPFilter;Microsoft IntelliPoint Features driver; C:\WINDOWS\system32\DRIVERS\IPFilter.sys [2002-04-11 11136] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-10-17 245376] S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752] S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys [] S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-11-23 40840] S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-11-23 66952] S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-11-23 81288] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 PAC7302;PAC7302 VGA USB Camera; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856] S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2006-04-09 162816] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-22 168432] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-30 152984] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812] R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S2 WUSB54Gv42SVC;WUSB54Gv42SVC; C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [2005-07-04 53307] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920] S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-11-23 1079176] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------

Rorschach112 View Member Profile	Nov 24 2008, 11:13 AM Post #8
GeekU Teacher Posts: 34,358 From: Dublin OS: XP	Hello Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases Click on My Computer under Scan. Once the scan is complete, it will display the results. Click on View Scan Report. You will see a list of infected items there. Click on Save Report As.... Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Sazerac View Member Profile	Nov 24 2008, 09:27 PM Post #9
New Member Posts: 8 OS: Windows XP	Ah, sorry for the late reply I had to go to work. From Malware... Malwarebytes' Anti-Malware 1.30 Database version: 1419 Windows 5.1.2600 Service Pack 3 11/24/2008 03:43:31 PM mbam-log-2008-11-24 (15-43-31).txt Scan type: Quick Scan Objects scanned: 47677 Time elapsed: 3 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 6 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{73259091-9574-4ed8-a40f-7f65afc28634} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelppmm (Rootkit.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\intelppmm (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intelppmm (Rootkit.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\drivers\intelppmm.sys (Rootkit.Agent.H) -> Delete on reboot. C:\WINDOWS\system32\k86.bin (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> Delete on reboot. And from Kaspersky... -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Monday, November 24, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, November 24, 2008 19:40:58 Records in database: 1409941 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ Scan statistics: Files scanned: 92476 Threat name: 7 Infected objects: 9 Suspicious objects: 0 Duration of the scan: 01:03:03 File name / Threat name / Threats count C:\Documents and Settings\Robert\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1 C:\_OTMoveIt\MovedFiles\11242008_070327\Documents and Settings\Robert\Application Data\gadcom\gadcom.exe Infected: Trojan.Win32.Agent.aorq 1 C:\_OTMoveIt\MovedFiles\11242008_070327\Documents and Settings\Robert\Application Data\gadcom\gadcom.exe34c Infected: Trojan.Win32.Agent.aorq 1 C:\_OTMoveIt\MovedFiles\11242008_070327\WINDOWS\system32\gp2\LP2CG24.exe Infected: Trojan-Downloader.Win32.Agent.afzg 1 C:\_OTMoveIt\MovedFiles\11242008_070327\WINDOWS\system32\ID2\CRAFE913.exe Infected: not-a-virus:AdWare.Win32.WebHancer.f 1 C:\_OTMoveIt\MovedFiles\11242008_070327\WINDOWS\system32\ID2\CRAFE913.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 1 C:\_OTMoveIt\MovedFiles\11242008_070327\WINDOWS\system32\jpwnw64p.exe Infected: Trojan-Downloader.Win32.Agent.afzg 1 C:\_OTMoveIt\MovedFiles\11242008_070327\WINDOWS\system32\mcntqkdm.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bv 1 C:\_OTMoveIt\MovedFiles\11242008_070327\WINDOWS\system32\urqNFxUm.dll Infected: Trojan.Win32.Agent.anyk 1 The selected area was scanned.

Rorschach112 View Member Profile	Nov 26 2008, 06:35 AM Post #10
GeekU Teacher Posts: 34,358 From: Dublin OS: XP	One thing left Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt** in your next reply.

Sazerac View Member Profile	Nov 26 2008, 11:00 AM Post #11
New Member Posts: 8 OS: Windows XP	ComboFix 08-11-26.03 - Robert 2008-11-26 6:49:03.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1574 [GMT -10:00] * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\LocalService\Application Data\twain_32 c:\documents and settings\LocalService\Application Data\twain_32\user.ds c:\documents and settings\Robert\Local Settings\Temporary Internet Files\fbk.sts c:\temp\tn3 c:\windows\Downloaded Program Files\setup.inf c:\windows\system32\twain_32 c:\windows\system32\twain_32\local.ds c:\windows\system32\twain_32\user.ds c:\windows\system32\twain_32\user.ds.cla c:\windows\system32\twext.exe . ((((((((((((((((((((((((( Files Created from 2008-10-26 to 2008-11-26 ))))))))))))))))))))))))))))))) . 2008-11-24 15:39 . 2008-11-24 15:39 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-24 15:39 . 2008-11-24 15:39 <DIR> d-------- c:\documents and settings\Robert\Application Data\Malwarebytes 2008-11-24 15:39 . 2008-11-24 15:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-24 15:39 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-24 15:39 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-24 07:03 . 2008-11-24 07:03 <DIR> d-------- C:\_OTMoveIt 2008-11-24 06:57 . 2008-11-24 06:58 <DIR> d-------- c:\program files\iTunes 2008-11-24 06:57 . 2008-11-24 06:57 <DIR> d-------- c:\program files\iPod 2008-11-24 06:57 . 2008-11-24 06:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-24 06:55 . 2008-11-24 06:56 <DIR> d-------- c:\program files\QuickTime 2008-11-24 06:48 . 2008-11-24 06:49 <DIR> d-------- C:\rsit 2008-11-24 06:40 . 2008-11-24 06:43 <DIR> d-------- C:\Lop SD 2008-11-23 22:43 . 2008-11-23 22:43 <DIR> d-------- c:\program files\Trend Micro 2008-11-23 19:47 . 2008-11-23 21:05 <DIR> d-------- c:\program files\Spyware Doctor 2008-11-23 19:47 . 2008-11-23 19:47 <DIR> d-------- c:\documents and settings\Robert\Application Data\PC Tools 2008-11-23 19:47 . 2008-11-23 20:07 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys 2008-11-23 19:47 . 2008-11-23 20:07 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys 2008-11-23 19:47 . 2008-11-23 20:07 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys 2008-11-23 19:47 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys 2008-11-23 19:08 . 2008-11-23 22:07 3,848 --a------ c:\windows\system32\tmp.reg 2008-11-23 18:49 . 2008-11-23 21:51 698 --a------ c:\windows\wininit.ini 2008-11-23 18:30 . 2008-11-23 19:05 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-11-23 18:30 . 2008-11-23 18:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-23 16:55 . 2008-11-23 16:55 <DIR> d-------- c:\program files\Lavasoft 2008-11-23 16:55 . 2008-11-23 16:55 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-11-23 16:55 . 2008-11-23 16:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2008-11-23 14:51 . 2008-11-23 14:51 <DIR> d-------- c:\temp\FT62 2008-11-23 14:51 . 2008-11-23 14:51 115,016 --a------ c:\windows\system32\MSINET.OCX 2008-11-23 14:51 . 2008-11-23 14:51 29,184 --a------ c:\windows\system32\MSINET.oca 2008-11-23 14:51 . 2008-11-23 14:51 2,407 --a------ c:\windows\system32\MSINET.DEP 2008-11-14 19:15 . 2008-11-14 19:15 <DIR> d-------- c:\program files\Paint.NET 2008-11-14 19:13 . 2008-11-14 19:13 <DIR> d-------- c:\windows\system32\XPSViewer 2008-11-14 19:13 . 2008-11-14 19:13 <DIR> d-------- c:\program files\MSBuild 2008-11-14 19:12 . 2008-11-14 19:12 <DIR> d-------- c:\program files\Reference Assemblies 2008-11-14 19:11 . 2008-11-14 19:12 <DIR> d-------- C:\b952852cf86c16943d45 2008-11-14 19:11 . 2008-07-06 02:06 1,676,288 --a------ c:\windows\system32\xpssvcs.dll 2008-11-14 19:11 . 2008-07-06 02:06 1,676,288 --a--c--- c:\windows\system32\dllcache\xpssvcs.dll 2008-11-14 19:11 . 2008-07-06 00:50 597,504 --a--c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2008-11-14 19:11 . 2008-07-06 02:06 575,488 --a------ c:\windows\system32\xpsshhdr.dll 2008-11-14 19:11 . 2008-07-06 02:06 575,488 --a--c--- c:\windows\system32\dllcache\xpsshhdr.dll 2008-11-14 19:11 . 2008-07-06 02:06 117,760 --a------ c:\windows\system32\prntvpt.dll 2008-11-14 19:11 . 2008-07-06 02:06 89,088 --a--c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2008-11-12 14:53 . 2008-10-24 01:21 455,296 --a--c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-12 14:52 . 2008-09-04 07:15 1,106,944 --a--c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx 2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\system32\QuickTime.qts 2008-11-01 17:26 . 2008-11-01 17:26 <DIR> d-------- c:\windows\system32\scripting 2008-11-01 17:26 . 2008-11-01 17:26 <DIR> d-------- c:\windows\system32\en 2008-11-01 17:26 . 2008-11-01 17:26 <DIR> d-------- c:\windows\system32\bits 2008-11-01 17:26 . 2008-11-01 17:26 <DIR> d-------- c:\windows\l2schemas 2008-11-01 17:24 . 2008-11-01 17:24 <DIR> d-------- c:\windows\ServicePackFiles 2008-11-01 17:19 . 2008-11-01 17:19 <DIR> d-------- c:\windows\EHome 2008-11-01 11:23 . 2008-04-13 14:12 1,737,856 --a------ c:\windows\system32\mtxparhd.dll 2008-11-01 11:22 . 2004-08-03 22:41 1,041,536 --a------ c:\windows\system32\drivers\hsfdpsp2.sys 2008-11-01 11:21 . 2008-04-13 14:11 1,888,992 --a------ c:\windows\system32\ati3duag.dll 2008-11-01 11:20 . 2008-04-13 14:11 136,192 --a------ c:\windows\system32\aaclient.dll 2008-11-01 11:20 . 2008-04-13 14:11 4,255 --a------ c:\windows\system32\drivers\adv01nt5.dll 2008-11-01 11:20 . 2008-04-13 14:11 3,967 --a------ c:\windows\system32\drivers\adv02nt5.dll 2008-11-01 11:20 . 2008-04-13 14:11 3,775 --a------ c:\windows\system32\drivers\adv11nt5.dll 2008-11-01 11:20 . 2008-04-13 14:11 3,711 --a------ c:\windows\system32\drivers\adv09nt5.dll 2008-11-01 11:20 . 2008-04-13 14:11 3,647 --a------ c:\windows\system32\drivers\adv07nt5.dll 2008-11-01 11:20 . 2008-04-13 14:11 3,615 --a------ c:\windows\system32\drivers\adv05nt5.dll 2008-11-01 11:20 . 2008-04-13 14:11 3,135 --a------ c:\windows\system32\drivers\adv08nt5.dll 2008-10-30 18:11 . 2008-10-30 18:11 410,976 --a------ c:\windows\system32\deploytk.dll 2008-10-26 17:58 . 2008-10-26 17:58 <DIR> d-------- c:\program files\TheSimsResource . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-24 17:00 --------- d-----w c:\program files\Java 2008-11-24 16:57 --------- d-----w c:\program files\Common Files\Apple 2008-11-24 16:39 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-24 07:08 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-11-24 07:07 --------- d-----w c:\program files\Norton Security Scan 2008-11-24 05:48 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2008-11-19 08:36 --------- d-----w c:\program files\Windows Live 2008-11-19 04:20 --------- d-----w c:\program files\EA GAMES 2008-11-18 08:42 921,632 ----a-w C:\PA7302.DAT 2008-10-24 16:56 --------- d-----w c:\program files\Common Files\Adobe 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-24 02:56 --------- d-----w c:\program files\Walmart MP3 Music Downloads 2008-10-24 02:56 --------- d-----w c:\documents and settings\Robert\Application Data\InstallShield 2008-10-23 07:42 --------- d-----w c:\program files\Picasa2 2008-10-23 06:40 --------- d-----w c:\program files\Google 2008-10-23 06:16 23,600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS 2008-10-23 05:38 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-10-18 05:44 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-10-18 05:44 --------- d--h--r c:\documents and settings\Robert\Application Data\SecuROM 2008-10-18 03:33 4,586 ----a-w c:\windows\system32\ealregsnapshot1.reg 2008-10-18 03:33 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-18 03:33 --------- d-----w c:\program files\Electronic Arts 2008-10-18 03:32 --------- d-----w c:\program files\Common Files\InstallShield 2008-10-17 06:02 --------- d-----w c:\documents and settings\Robert\Application Data\AdobeUM 2008-10-17 00:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-17 00:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-17 00:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-17 00:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-17 00:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-17 00:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-17 00:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-17 00:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-17 00:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-17 00:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-16 01:25 30 ----a-w c:\documents and settings\Robert\jagex_runescape_preferences.dat 2008-10-14 04:00 --------- d-----w c:\program files\HooTech 2008-10-14 03:13 --------- d-----w c:\documents and settings\Robert\Application Data\Apple Computer 2008-10-06 08:43 --------- d-----w c:\documents and settings\All Users\Application Data\PopCap 2008-10-01 02:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll 2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-08-29 20:18 87,336 ----a-w c:\windows\system32\dns-sd.exe 2008-08-29 19:53 61,440 ----a-w c:\windows\system32\dnssd.dll 2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-20 443968] "Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-19 50528] "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-06-13 2752512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-30 136600] "RTHDCPL"="RTHDCPL.EXE" [2006-10-29 c:\windows\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-15 c:\windows\SkyTel.exe] "nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2008-01-17 1073152] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-06-03 24652] R2 WUSB54Gv42SVC;WUSB54Gv42SVC;"c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv42.exe" [2008-07-09 53307] S3 PAC7302;PAC7302 VGA USB Camera;c:\windows\system32\DRIVERS\PAC7302.SYS [2008-08-30 457856] . Contents of the 'Scheduled Tasks' folder 2008-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2008-11-01 c:\windows\Tasks\Norton Security Scan for Robert.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18] . - - - - ORPHANS REMOVED - - - - HKLM-Run-DriverCD - D:\Run.exe HKLM-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe HKLM-Run-POINTER - point32.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = .local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 c:\windows\Downloaded Program Files\IDMFlash.dll - O16 -: {4A116A80-85B6-4299-A018-A717FD7AC66A} hxxp://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab c:\windows\Downloaded Program Files\IDMFlash.inf . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-26 06:53:53 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Microsoft Hardware\Mouse\point32.exe c:\windows\system32\rundll32.exe c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe c:\program files\AIM6\aolsoftware.exe c:\windows\system32\wscntfy.exe c:\program files\HP\hpcoretech\comp\hptskmgr.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************ . Completion time: 2008-11-26 6:57:58 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-26 16:57:52 Pre-Run: 62,731,804,672 bytes free Post-Run: 62,969,659,392 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer 243 --- E O F --- 2008-11-13 02:22:00

Rorschach112 View Member Profile	Nov 26 2008, 07:28 PM Post #12
GeekU Teacher Posts: 34,358 From: Dublin OS: XP	Hello Please download the OTMoveIt3 by OldTimer or from here. Save it to your desktop. Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): CODE :Processes explorer.exe :Services :Reg :Files c:\temp\FT62 :Commands [purity] [emptytemp] [start explorer] [Reboot] Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt3 Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. Update and run a quick scan with MBAM and post that log here, also post a new HJT log

Sazerac View Member Profile	Nov 29 2008, 06:13 PM Post #13
New Member Posts: 8 OS: Windows XP	MoveIt log... ========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== c:\temp\FT62 moved successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Robert\LOCALS~1\Temp\~DF7767.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Robert\LOCALS~1\Temp\~DF7772.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Robert\LOCALS~1\Temp\~DF77DB.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Robert\LOCALS~1\Temp\~DF77E6.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Robert\LOCALS~1\Temp\~DFA7B1.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Robert\LOCALS~1\Temp\~DFA7C2.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_78.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11292008_093602 Files moved on Reboot... File C:\DOCUME~1\Robert\LOCALS~1\Temp\~DF7767.tmp not found! File C:\DOCUME~1\Robert\LOCALS~1\Temp\~DF7772.tmp not found! File C:\DOCUME~1\Robert\LOCALS~1\Temp\~DF77DB.tmp not found! File C:\DOCUME~1\Robert\LOCALS~1\Temp\~DF77E6.tmp not found! File C:\DOCUME~1\Robert\LOCALS~1\Temp\~DFA7B1.tmp not found! File C:\DOCUME~1\Robert\LOCALS~1\Temp\~DFA7C2.tmp not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot. File C:\WINDOWS\temp\Perflib_Perfdata_78.dat not found! HJT log... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:08:06 PM, on 11/29/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\notepad.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\PixArt\PAC7302\Monitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.gaiaonline.com O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -- End of file - 8996 bytes MBAM log... Malwarebytes' Anti-Malware 1.30 Database version: 1419 Windows 5.1.2600 Service Pack 3 11/29/2008 2:11:15 PM mbam-log-2008-11-29 (14-11-15).txt Scan type: Quick Scan Objects scanned: 48473 Time elapsed: 1 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Rorschach112 View Member Profile	Nov 29 2008, 06:24 PM Post #14
GeekU Teacher Posts: 34,358 From: Dublin OS: XP	Your logs are clean Follow these steps to uninstall Combofix and tools used in the removal of malware Click START then RUN Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there. Make sure you have an Internet Connection. Download OTCleanIt to your desktop and run it A list of tool components used in the Cleanup of malware will be downloaded. If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so. Click Yes to beging the Cleanup process and remove these components, including this application. You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes. Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here : http://www.adobe.com/products/acrobat/readstep2.html Below I have included a number of recommendations for how to protect your computer against malware infections. * Keep Windows updated by regularly checking their website at : http://windowsupdate.microsoft.com/ This will ensure your computer has always the latest security updates available installed on your computer. * To reduce re-infection for malware in the future, I strongly recommend installing these free programs: SpywareBlaster protects against bad ActiveX * SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict. Make Internet Explorer more secure Click Start > Run Type Inetcpl.cpl & click OK Click on the Security tab Click Reset all zones to default level Make sure the Internet Zone is selected & Click Custom level In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable". Next Click OK, then Apply button and then OK to exit the Internet Properties page. ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points. Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions. MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future. * Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here * Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place' Here Thank you for your patience, and performing all of the procedures requested.

Rorschach112 View Member Profile	Dec 3 2008, 03:33 PM Post #15
GeekU Teacher Posts: 34,358 From: Dublin OS: XP	Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Please help me removing smitfraud.c-coreservice [CLOSED]	8 / 696	6th February 2008 - 06:21 PM RWall22 started - last by OwNt
Virus, Spyware and Trojan Removal Need help removing Smitfraud.core [RESOLVED]	13 / 751	14th February 2008 - 07:18 AM jakers102 started - last by Rorschach112
Virus, Spyware and Trojan Removal need help removing smitfraud-c.coreservice [RESOLVED]	7 / 523	21st August 2008 - 01:30 PM splaph started - last by Essexboy
Virus, Spyware and Trojan Removal Help with Smitfraud-C.CoreService and popups [Closed]	5 / 260	6th January 2009 - 02:33 PM theone555 started - last by greyknight17