When I run CA's virus scan it typically gives me something that looks like this
Filename Infection
C:\Documents and Settings\jordan herrick\Local Settings\Temporary Internet Files\Content.IE5\5E595VBT\kb713501[1] Win32/SecDrop.QX
C:\Program Files\backups\backup-20080513-185542-177.dll Win32/Vundo.ZE
C:\Program Files\backups\backup-20080513-185542-707.dll Win32/Vundo.YU
C:\Program Files\backups\backup-20080513-191806-802.dll Win32/Vundo.YU
C:\Program Files\backups\backup-20080513-192437-548.dll Win32/Vundo.YU
C:\Program Files\backups\backup-20080513-193858-852.dll Win32/Vundo.YU
C:\Program Files\backups\backup-20080513-193935-795.dll Win32/Vundo.YU
C:\Program Files\backups\backup-20080513-194354-710.dll Win32/Vundo.YU
C:\Program Files\backups\backup-20080513-194511-648.dll Win32/Vundo.YU
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP126\A0094148.EXE Win32/Muotrso.A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP136\A0096468.EXE Win32/Matcash.DO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP136\A0096501.EXE Win32/Matcash.DR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP136\A0096502.EXE Win32/Matcash.DR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP137\A0096504.EXE Win32/Matcash.D
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP137\A0096548.DLL Win32/Vundo.ZF
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP137\A0096550.DLL Win32/Vundo.ZF
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP139\A0097653.DLL Win32/Vundo.ZE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP147\A0108057.EXE Win32/Matcash.DN
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP152\A0108203.DLL Win32/Vundo.ZE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP152\A0108204.DLL Win32/Vundo.YU
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP152\A0108205.DLL Win32/Vundo.YU
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP152\A0108206.DLL Win32/Vundo.YU
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP152\A0108207.DLL Win32/Vundo.YU
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP152\A0108208.DLL Win32/Vundo.YU
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP152\A0108209.DLL Win32/Vundo.YU
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP152\A0108210.DLL Win32/Vundo.YU
CA Anti-Virus then tells me that all files were successfully deleted, and if I scan again immediatly afterward(even after a reboot) the scan will come up clean. It takes a few hours or some surfing on the net to get infected again.
When I run CA Anti-Spyware it tells me that I have a downloader called Darksma. The only option is to quarantine it and reboot so I do so. It has failed to remove it every time, my uneducated guess is that this is what is causing all the other files to appear.
I have gone through the "You Must Read This Before Posting a Hijackthis Log" thread and all of the resources I was instructed to utilize also failed to remove the infection. So I've got a series of logs that will hopefully let somebody figure out how to get rid of it. I also scanned my computer with Atribune's VundoFix and it said it did not find any infected files.
<<<<<<<<<<< First up is Malwarebytes' log.>>>>>>>>>>>>>>
Malwarebytes' Anti-Malware 1.14
Database version: 807
11:52:03 PM 5/30/2008
mbam-log-5-30-2008 (23-52-03).txt
Scan type: Quick Scan
Objects scanned: 37579
Time elapsed: 4 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spcron (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2 (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
<<<<<<<<<<< Now SUPERAntiSpyware's log >>>>>>>>>>>>>>
SUPERAntiSpyware Scan Log
Generated 05/31/2008 at 01:29 AM
Application Version : 3.6.1000
Core Rules Database Version : 3472
Trace Rules Database Version: 1463
Scan type : Complete Scan
Total Scan Time : 01:30:36
Memory items scanned : 546
Memory threats detected : 0
Registry items scanned : 5274
Registry threats detected : 0
File items scanned : 60231
File threats detected : 64
Adware.Tracking Cookie
C:\Documents and Settings\jordan herrick\Cookies\[email protected][2].txt
C:\Documents and Settings\jordan herrick\Cookies\[email protected][1].txt
C:\Documents and Settings\jordan herrick\Cookies\jordan_herrick@doubleclick[1].txt
C:\Documents and Settings\jordan herrick\Cookies\jordan_herrick@media6degrees[3].txt
C:\Documents and Settings\jordan herrick\Cookies\[email protected][2].txt
C:\Documents and Settings\jordan herrick\Cookies\[email protected][1].txt
C:\Documents and Settings\jordan herrick\Cookies\[email protected][2].txt
C:\Documents and Settings\jordan herrick\Cookies\jordan_herrick@clickaider[1].txt
C:\Documents and Settings\jordan herrick\Cookies\jordan_herrick@chitika[2].txt
C:\Documents and Settings\jordan herrick\Cookies\jordan_herrick@adbrite[1].txt
C:\Documents and Settings\jordan herrick\Cookies\[email protected][1].txt
C:\Documents and Settings\jordan herrick\Cookies\jordan_herrick@precisionclick[3].txt
C:\Documents and Settings\jordan herrick\Cookies\jordan_herrick@trafficmp[1].txt
C:\Documents and Settings\jordan herrick\Cookies\[email protected][1].txt
C:\Documents and Settings\jordan herrick\Cookies\[email protected][2].txt
C:\Documents and Settings\jordan herrick\Cookies\jordan_herrick@adlegend[1].txt
C:\Documents and Settings\jordan herrick\Cookies\jordan_herrick@specificclick[2].txt
C:\Documents and Settings\jordan herrick\Cookies\jordan_herrick@revsci[2].txt
C:\Documents and Settings\jordan herrick\Cookies\[email protected][1].txt
C:\Documents and Settings\jordan herrick\Cookies\[email protected][1].txt
C:\Documents and Settings\jordan herrick\Cookies\[email protected][2].txt
C:\Documents and Settings\jordan herrick\Cookies\jordan_herrick@crackle[1].txt
C:\Documents and Settings\jordan herrick\Cookies\jordan_herrick@atwola[1].txt
C:\Documents and Settings\jordan herrick\Cookies\[email protected][2].txt
C:\Documents and Settings\jordan herrick\Cookies\jordan_herrick@consumergain[1].txt
C:\Documents and Settings\jordan herrick\Cookies\[email protected][2].txt
C:\Documents and Settings\jordan herrick\Cookies\jordan_herrick@bluestreak[1].txt
C:\Documents and Settings\jordan herrick\Cookies\[email protected][1].txt
C:\Documents and Settings\jordan herrick\Cookies\[email protected][1].txt
C:\Documents and Settings\jordan herrick\Cookies\jordan_herrick@findwhat[1].txt
C:\Documents and Settings\jordan herrick\Cookies\[email protected][1].txt
C:\Documents and Settings\jordan herrick\Cookies\[email protected][1].txt
C:\Documents and Settings\jordan herrick\Cookies\[email protected][2].txt
C:\Documents and Settings\jordan herrick\Cookies\[email protected][1].txt
C:\Documents and Settings\jordan herrick\Cookies\[email protected][1].txt
C:\Documents and Settings\jordan herrick\Cookies\[email protected][2].txt
C:\Documents and Settings\jordan herrick\Cookies\jordan_herrick@toseeka[1].txt
C:\Documents and Settings\jordan herrick\Cookies\jordan_herrick@imrworldwide[1].txt
C:\Documents and Settings\jordan herrick\Cookies\jordan_herrick@realmedia[2].txt
C:\Documents and Settings\jordan herrick\Cookies\[email protected][2].txt
C:\Documents and Settings\jordan herrick\Cookies\jordan_herrick@casalemedia[2].txt
C:\Documents and Settings\jordan herrick\Cookies\jordan_herrick@dealtime[2].txt
C:\Documents and Settings\jordan herrick\Cookies\jordan_herrick@atdmt[2].txt
C:\Documents and Settings\jordan herrick\Cookies\jordan_herrick@serving-sys[2].txt
C:\Documents and Settings\jordan herrick\Cookies\jordan_herrick@shopica[1].txt
C:\Documents and Settings\jordan herrick\Cookies\jordan_herrick@advertising[2].txt
C:\Documents and Settings\jordan herrick\Cookies\[email protected][1].txt
C:\Documents and Settings\jordan herrick\Cookies\[email protected][2].txt
Adware.webHancer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP122\A0092027.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP122\A0092028.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP122\A0092042.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP122\A0092044.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP135\A0095453.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP135\A0095463.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP136\A0096462.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP136\A0096465.EXE
Trojan.Unclassified/BrowserDriver
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP122\A0092062.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP126\A0094120.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP126\A0094132.EXE
Adware.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP122\A0092063.CFG
Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP126\A0094125.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP136\A0096505.EXE
Adware.DeeWoo/ThinkAdz
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP126\A0094130.EXE
Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\MCRH.TMP
<<<<<<<<<<<< next is Panda Activescan's log >>>>>>>>>>>>>
Edit: Panda Activescan's log doesn't look right because they insisted on making a table out of asterisks and crap so i'm attaching the .txt file. It is readable in notepad.
;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-05-31 02:59:57
PROTECTIONS: 1
MALWARE: 30
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
CA Anti-Virus 9.0.0.170 Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\jordan herrick\Cookies\jordan_herrick@doubleclick[1].txt
01343387 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\Installer\58479.msi[unk_0029]
02164907 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP137\A0096541.exe
02634745 Application/Playmp3z HackTools No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP64\A0028796.exe
02891362 Adware/Yazzle Adware No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP126\A0094123.exe
02891362 Adware/Yazzle Adware No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP147\A0108062.exe
02913339 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP136\A0096470.exe
02913341 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP136\A0096489.exe
02936016 Adware/Insider Adware No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP122\A0092061.exe
02936016 Adware/Insider Adware No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP126\A0094128.exe
02936016 Adware/Insider Adware No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP126\A0094126.exe
02936956 Adware/SideSearch Adware No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP136\A0096471.dll
02938171 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP126\A0094129.dll
02938171 Spyware/Virtumonde Spyware No 1 No No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP126\A0094131.exe[■%%\²¬Ç]
02938552 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP136\A0096472.exe
02938563 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP126\A0094124.exe
02938823 Spyware/AdClicker Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP136\A0096500.exe
02938979 Adware/JavaCore Adware No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP136\A0096503.exe
02939362 Adware/AccesMembre Adware No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP126\A0094134.exe
02941829 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP126\A0094195.dll
02942191 Adware/WebSearch Adware No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP136\A0096506.exe
02942192 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP147\A0108056.exe
02952450 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\nmcvvmfk.dll
02952450 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\endicuqn.dll
02952450 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\elmmcoqr.dll
02952450 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\uhfmrdfe.dll
02952971 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP147\A0108058.dll
02952971 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP147\A0108059.dll
02952971 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP147\A0108060.dll
02952971 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP147\A0108061.dll
02952973 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP137\A0096547.dll
02952973 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP137\A0096549.dll
02952973 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP138\A0096566.dll
02952973 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP137\A0096551.dll
02960420 Adware/GoodSearchNow Adware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP126\A0094145.sys
02992298 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\bpqvahme.dll
02992299 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\kgvqiqya.dll
02992299 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\mriijagk.dll
02992299 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\esxpqpum.dll
02992300 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\ufibgppm.dll
02992301 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP138\A0096588.dll
02992301 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP138\A0096586.dll
02992302 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\tncavnyt.dll
02992302 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\aecgyxik.dll
02992302 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\iuemnjng.dll
02992716 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\uexjdtks.dll
02992716 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\gggcvcxw.dll
02995628 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\dggpsdjj.dll.bad
02995628 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{C0264762-F0B9-4098-BD50-1ED171FC9AB3}\RP147\A0108021.dll
02995630 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\tnjfaafb.dll
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
================================================================================
=
===================
108742 MEDIUM MS06-006
;===============================================================================
================================================================================
=
===================
<<<<<<<<<<<<< And finally a HijackThis log >>>>>>>>>>>>>>
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:39:08 AM, on 5/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {66eca6dc-482a-be58-eb84-ccc5362772ce} - {ec277263-5ccc-48be-85eb-a284cd6ace66} - C:\WINDOWS\system32\shxtyivo.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 7893 bytes
<<<<<<<<<<<<< also an uninstall list >>>>>>>>>>>
Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
AIM 6
Broadcom 440x 10/100 Integrated Controller
CA Anti-Spyware
CA Anti-Virus
CA Internet Security Suite
CA Pest Patrol Realtime Protection
CDBurnerXP
Conexant HDA D110 MDC V.92 Modem
DAEMON Tools
Dell Resource CD
GemMaster Mystic
GoToAssist 8.0.0.480
Hellgate: London
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Intel® PROSet/Wireless Software
iPod for Windows 2005-09-23
iTunes
Java 6 Update 2
Java 6 Update 3
Java 6 Update 5
Malwarebytes' Anti-Malware
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
mIWA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
mSCfg
MSN
mSSO
MSXML 6.0 Parser (KB933579)
mWlsSafe
mWMI
mZConfig
Neverwinter Nights
Neverwinter Nights 2
NVIDIA Drivers
Otto
Panda ActiveScan 2.0
PeerGuardian 2.0
Pharaoh
QuickTime
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Sierra Utilities
SigmaTel Audio
Sins of a Solar Empire
Sins of a Solar Empire
Sonic Encoders
StarSonata (remove only)
SUPERAntiSpyware Free Edition
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb950378)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Ventrilo Client
VeohTV BETA
VideoLAN VLC media player 0.8.6d
Viewpoint Media Player
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
World of Warcraft
Well thats it. I imagine it would be tough to go through all that stuff. Thanks in advance to whoever is willing to take this one.
Attached Files
Edited by Ball Tripper, 31 May 2008 - 03:03 PM.