Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

WINDOWS XP NOTHING BUT WAL-PAPER [Solved]


  • This topic is locked This topic is locked

#1
kenbarber

kenbarber

    Member

  • Member
  • PipPipPip
  • 116 posts
My son’s computer notebook is nearly dead. Nothing left showing but wallpaper. We can run a few processes with task manager brought up by “cntl alt delete”
It is an hp pavilion zd 8000 with windows xp home edition and sp2. to make matters worse when we were going to reload original software, he somehow broke the cd drive. I have been working for days with the windows xp group at the following link:
http://www.geekstogo...view=getnewpost

they today told me to do the following:


KenBarber,

Your machine is badly infected, please refer to the following section.

http://www.geekstogo...emoval-f37.html

Create a new topic, and someone will assist you ASAP.


Here are some tips to help speed the process along.

1) Download the following programs to your flash drive...

Mcafee Removal Tool - http://download.mcaf...atches/MCPR.exe

AVG Removal Tool - http://www.avg.com/f.../avgremover.exe

ERUNT - http://www.geekstogo...h...load&id=113

Malwarebytes - http://dw.com.com/re...bb18fef6614f0b5


Once you have all the programs downloaded, run each program 1 by 1 using the task manager.

1) Open Task Manager
2) Click File >> New Task (RUN)
3) Click Browse...
4) Click My Computer in the left plane >> Choose your flash drive
5) Execute each program in order.
6) After completing the MalwareBytes Scan, save the log to your Flash drive and post in the Malware Section.

This post has been edited by Ectech: Today, 03:07 PM

Malwarebytes scan log post follows: NOTE :I did let it remove what it could remove.
Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 5.1.2600 Service Pack 2

6/4/2009 11:56:01 PM
mbam-log-2009-06-04 (23-55-36).txt

Scan type: Full Scan (C:\|)
Objects scanned: 170543
Time elapsed: 37 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 171
Registry Values Infected: 13
Registry Data Items Infected: 3
Folders Infected: 31
Files Infected: 164

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\mshale2.dll (Trojan.Agent.V) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31f71ec6-2de6-409b-b03e-473347f03b55} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yfofzxnv (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{31f71ec6-2de6-409b-b03e-473347f03b55} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{abd42510-9b22-41cd-9dcd-8182a2d07c63} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{abd42510-9b22-41cd-9dcd-8182a2d07c63} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{0985c112-2562-46f2-8da6-92648ba4630f} (Adware.ISTBar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7c559105-9ecf-42b8-b3f7-832e75edd959} (Adware.ISTBar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429} (Adware.ISTBar) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{abd42510-9b22-41cd-9dcd-8182a2d07c63} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7c559105-9ecf-42b8-b3f7-832e75edd959} (Adware.ISTBar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\CrucialSoft Ltd (Rogue.MSantispyware2009) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ms antispyware 2009 5.7 (Rogue.MSAntiSpyware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> No action taken.
HKEY_CLASSES_ROOT\mediagatewayx.installer (Adware.180Solutions) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWeb) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWeb) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system tool (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWeb) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ms antispyware 2009 (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dll (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\svcho (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pvaqudegemid (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: mshale2.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\4.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHESS (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\SrchAstt (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\SrchAstt\3.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\SrchAstt\4.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache (Adware.MyWebSearch) -> No action taken.
c:\documents and settings\Kenneth\Application Data\FunWebProducts (Adware.MyWay) -> No action taken.
c:\documents and settings\Kenneth\application data\funwebproducts\Data (Adware.MyWay) -> No action taken.
c:\documents and settings\Kenneth\application data\funwebproducts\Data\Kenneth (Adware.MyWay) -> No action taken.
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> No action taken.
c:\documents and settings\all users\application data\crucialsoft ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> No action taken.
c:\documents and settings\all users\application data\crucialsoft ltd\ms antispyware 2009\BASE (Rogue.Multiple) -> No action taken.
c:\documents and settings\all users\application data\crucialsoft ltd\ms antispyware 2009\DELETED (Rogue.Multiple) -> No action taken.
c:\documents and settings\all users\application data\crucialsoft ltd\ms antispyware 2009\LOG (Rogue.Multiple) -> No action taken.
c:\documents and settings\all users\application data\crucialsoft ltd\ms antispyware 2009\SAVED (Rogue.Multiple) -> No action taken.
C:\Program Files\Microsoft Common (Trojan.Agent) -> No action taken.

Files Infected:
c:\windows\system32\zojlgej.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\mshale2.dll (Trojan.Vundo.H) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE (Adware.MyWeb) -> No action taken.
C:\WINDOWS\sysguard.exe (Trojan.Dropper) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3SRCHMN.EXE (Adware.MyWeb) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3BROVLY.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3MSG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3HTML.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3SKIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken.
c:\documents and settings\Kenneth\local settings\temporary internet files\Content.IE5\S6UQ3JSK\install[1].exe (Trojan.Dropper) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\M3OUTLCN.DLL (Adware.MyWeb) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\MWSOEMON.EXE (Adware.MyWeb) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\MWSOESTB.DLL (Adware.MyWeb) -> No action taken.
c:\program files\mywebsearch\bar\4.bin\F3RESTUB.DLL (Adware.MyWeb.FunWeb) -> No action taken.
c:\program files\mywebsearch\bar\4.bin\F3SCHMON.EXE (Adware.MyWeb.FunWeb) -> No action taken.
c:\program files\mywebsearch\bar\4.bin\M3IDLE.DLL (Adware.MyWeb) -> No action taken.
c:\program files\mywebsearch\bar\4.bin\M3IMPIPE.EXE (Adware.MyWeb) -> No action taken.
c:\program files\mywebsearch\bar\4.bin\M3PLUGIN.DLL (Adware.MyWeb) -> No action taken.
c:\program files\mywebsearch\bar\4.bin\M3SKPLAY.EXE (Adware.MyWeb) -> No action taken.
c:\program files\mywebsearch\bar\4.bin\M3SLSRCH.EXE (Adware.MyWeb) -> No action taken.
c:\program files\mywebsearch\bar\4.bin\MWSOESTB.DLL (Adware.MyWeb) -> No action taken.
c:\program files\mywebsearch\bar\4.bin\NPMYWEBS.DLL (Adware.MyWeb) -> No action taken.
c:\program files\mywebsearch\SrchAstt\3.bin\MWSSRCAS.DLL (Adware.MyWeb) -> No action taken.
c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP2\A0000009.exe (Trojan.Dropper) -> No action taken.
c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP3\A0000022.dll (Trojan.BHO) -> No action taken.
c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP3\A0000023.DLL (Adware.MyWeb) -> No action taken.
c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP3\A0000024.exe (Dialer) -> No action taken.
c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP4\A0000061.exe (Worm.Koobface) -> No action taken.
c:\WINDOWS\system32\ide21201.vxd (Adware.WinButler) -> No action taken.
c:\WINDOWS\system32\config\systemprofile\local settings\temporary internet files\Content.IE5\T7ZD0TIT\install[1].exe (Trojan.Agent.V) -> No action taken.
c:\WINDOWS\Temp\rdl2E.tmp (Trojan.Agent.V) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\4.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\4.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\4.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\4.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\4.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\4.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\4.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\4.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\4.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\4.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\4.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\avatar.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\bgfadel.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\bgfader.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\close.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\common-x.css (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\common.css (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\cornerbl.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\cornerbr.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\htmlctrl.js (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\include.js (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\index.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\loading.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\login.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\logo.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\max.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\min.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\noflash.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\spacer.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\spacer.swf (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\unmax.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\wardrobe.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\window.ico (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\006B8C49.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\009515C5 (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\00A7F7C1.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\00A7FDDC.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\00A7FE68.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\0313B3CB.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\0313B458.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\0313B4D5.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\0313B552.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\0341A8FE.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\0341A9B9.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\0341AA36.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\04C060A3 (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\0DD73298 (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\1F717AFE (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\37B33DC8.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\383C1055 (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\41F9605B.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\41F96359 (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHESS\bishop-b.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHESS\bishop-w.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHESS\board.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHESS\btn-flat.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHESS\btn-push.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHESS\chess.js (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHESS\index.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHESS\king-b.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHESS\king-w.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHESS\knight-b.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHESS\knight-w.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHESS\pawn-b.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHESS\pawn-w.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHESS\queen-b.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHESS\queen-w.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHESS\rook-b.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHESS\rook-w.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\History\search (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\History\search2 (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings\setting2.htm.bak (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings\settings.dat.bak (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings\settings.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\screensaver\Images\02047E1B.urr (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\1832185A.dat (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache\AvatarSmallBtn.html (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache\CheckersAIMBtn.html (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache\ChessAIMBtn.html (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache\EnableDisableAIMBtn.html (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache\FunBuddyIconBtn.html (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache\NoSettingAIMBtn.html (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache\ReversiAIMBtn.html (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> No action taken.
c:\documents and settings\Kenneth\application data\funwebproducts\Data\Kenneth\avatar.dat (Adware.MyWay) -> No action taken.
c:\documents and settings\all users\application data\crucialsoft ltd\ms antispyware 2009\msas2009.exe (Rogue.Multiple) -> No action taken.
c:\documents and settings\all users\application data\crucialsoft ltd\ms antispyware 2009\LOG\20090404010255111.log (Rogue.Multiple) -> No action taken.
c:\documents and settings\all users\application data\crucialsoft ltd\ms antispyware 2009\log\20090404013044906.log (Rogue.Multiple) -> No action taken.
c:\WINDOWS\t55ft2784f44.dat (Worm.KoobFace) -> No action taken.
c:\WINDOWS\t55ft2810f44.dat (Worm.KoobFace) -> No action taken.
C:\WINDOWS\system32\f3PSSavr.scr (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dll32.dll (Backdoor.Bot.Q) -> No action taken.
c:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> No action taken.
C:\WINDOWS\f23567.dat (Worm.KoobFace) -> No action taken.

Edited by kenbarber, 04 June 2009 - 10:44 PM.

  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
kenbarber

kenbarber

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
just so you'll know this machine has no internet connection that is working. so i could not load a recovery partition if it is not there. i will have to down load combo fix to my flash drive and then run it on the infected machine. the stick is a 8 gig stick.

is this do able? will combo fix load on a flash drive?
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
yes thats do-able

you need to save it onto your main drive and run it from there though
  • 0

#5
kenbarber

kenbarber

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
combo fix run and it rebooted the machine with taskbar and desktop icons. the machine stated doing updates from hp on it's on accord.
combofixlog.txt:

ComboFix 09-06-06.03 - Kenneth 06/07/2009 23:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.267 [GMT -4:00]
Running from: C:\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\msimg32.dll
c:\windows\syssvc.exe
c:\windows\system32\nfr.assembly
c:\windows\system32\nfr.gpref

.
((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
.

2009-06-08 03:12 . 2009-06-07 00:39 3018864 ----a-r- C:\ComboFix.exe
2009-06-05 03:13 . 2009-06-05 03:13 -------- d-----w- c:\documents and settings\Kenneth\Application Data\Malwarebytes
2009-06-05 03:13 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-05 03:13 . 2009-06-05 03:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-05 03:13 . 2009-06-05 03:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-05 03:13 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-05 03:11 . 2009-06-05 03:11 -------- d-----w- c:\program files\ERUNT
2009-05-19 03:21 . 2009-05-19 03:21 -------- d-----w- c:\windows\system32\wbem\Repository
2009-05-16 17:20 . 2009-05-19 03:07 -------- d-----w- c:\documents and settings\Administrator.BJ-LAPTOP\Local Settings\Application Data\Microsoft
2009-05-16 17:20 . 2005-05-07 10:03 -------- d-----w- c:\documents and settings\Administrator.BJ-LAPTOP\Local Settings\Application Data\LightScribe
2009-05-16 17:20 . 2009-05-19 03:07 -------- d-s---w- c:\documents and settings\Administrator.BJ-LAPTOP
2009-05-11 17:22 . 2009-05-19 03:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2009-05-11 17:22 . 2005-05-07 10:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\LightScribe
2009-05-11 17:22 . 2009-05-19 03:17 -------- d-s---w- c:\documents and settings\Administrator
2009-05-11 00:26 . 2009-05-19 03:20 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Microsoft
2009-05-11 00:26 . 2005-05-07 10:03 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\LightScribe
2009-05-11 00:26 . 2009-05-19 03:20 -------- d-s---w- c:\documents and settings\Guest

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 04:04 . 2009-04-04 06:12 -------- d-----w- c:\program files\DNA
2009-06-08 04:04 . 2009-04-04 06:12 -------- d-----w- c:\documents and settings\Kenneth\Application Data\DNA
2009-06-05 20:39 . 2009-04-04 07:40 -------- d-----w- c:\documents and settings\Kenneth\Application Data\BitTorrent
2009-06-05 03:06 . 2009-04-04 05:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-28 16:22 . 2004-08-04 08:00 1033728 ----a-w- c:\windows\explorer.exe
2009-04-04 05:06 . 2005-11-16 19:03 65544 ----a-w- c:\documents and settings\Kenneth\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

[-] 2009-05-28 16:22 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-12 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"AIM"="c:\progra~1\AIM\aim.exe" [2005-08-05 67160]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-04 321344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-09 339968]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"\\KEN-TOWER\EPSON Stylus Photo RX500"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE" [2003-06-01 99840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-23 185784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-16 29744]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

c:\documents and settings\Kenneth\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Common Files\\Mozilla Shared\\firefox.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 11:51 AM 24652]
S2 ghsmeehi;Remote Access NDIS TAPI Support;c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 4:00 AM 14336]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/5/2006 6:45 PM 29744]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ghsmeehi
.
Contents of the 'Scheduled Tasks' folder

2008-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2006-01-12 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-03 18:04]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
Notify-avgrsstarter - avgrsstx.dll
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: &Search
IE: &Viewpoint Search - c:\program files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 00:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????4?5?3?6??????? ???B?????????????H<C? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1969252453-679945367-741176259-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1456)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\HPQ\Shared\hpqwmi.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Hp\HP Software Update\HPWUCli.exe
.
**************************************************************************
.
Completion time: 2009-06-08 0:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-08 04:07

Pre-Run: 60,341,497,856 bytes free
Post-Run: 61,952,790,528 bytes free

172 --- E O F --- 2009-04-04 07:42



anything else need to be done?
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • c:\windows\explorer.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::
NetSvc::
ghsmeehi

DDS::
IE: &Viewpoint Search - c:\program files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

Registry::

Driver::
ghsmeehi
KillAll::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#7
kenbarber

kenbarber

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Just so you know. last night when i turned off the laptop microsoft automatic download had sent about 11 security updates that it loaded before it turned off. hp had auto loaded some kind of update.

today when combofix ran it kept saying avg antivirus was running. i have used the avg removal tool and it is supposed to be gone. i have no icon or any way to do anything to avg and it did not show in task manager as a process running. after a time combo fic ran anyway.

when it re-booted the machine that aol instant messanger crap he has on his machine came up by itself. i do not know if that interfered with the log files.

virscan log:
VirSCAN.org Scanned Report :
Scanned time : 2009/06/08 15:37:24 (CDT)
Scanner results: All Scanners reported not find malware!
File Name : explorer.exe
File Size : 1033728 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 12896823fb95bfb3dc9b46bcaedc9923
SHA1 : 9d2bf84874abc5b6e9a2744b7865c193c08d362f
Online report : http://virscan.org/r...589650963c.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.1 20090607195527 2009-06-07 2.01 -
AhnLab V3 2009.06.09.00 2009.06.09 2009-06-09 0.74 -
AntiVir 8.2.0.180 7.1.4.71 2009-06-08 0.06 -
Antiy 2.0.18 20090608.2506223 2009-06-08 0.12 -
Arcavir 2009 200906081555 2009-06-08 0.08 -
Authentium 5.1.1 200906081740 2009-06-08 2.22 -
AVAST! 4.7.4 090607-0 2009-06-07 0.05 -
AVG 8.5.286 270.12.57/2163 2009-06-08 3.34 -
BitDefender 7.81008.3346909 7.25875 2009-06-09 3.02 -
CA (VET) 9.0.0.143 31.6.6542 2009-06-08 5.38 -
ClamAV 0.95.1 9437 2009-06-08 2.31 -
Comodo 3.9 1286 2009-06-08 0.74 -
CP Secure 1.1.0.715 2009.06.03 2009-06-03 10.06 -
Dr.Web 4.44.0.9170 2009.06.08 2009-06-08 4.91 -
F-Prot 4.4.4.56 20090608 2009-06-08 2.07 -
F-Secure 5.51.6100 2009.06.08.10 2009-06-08 0.09 -
Fortinet 2.81-3.117 10.479 2009-06-08 0.25 -
GData 19.5703/19.357 20090608 2009-06-08 4.42 -
ViRobot 20090605 2009.06.05 2009-06-05 0.41 -
Ikarus T3.1.01.57 2009.06.03.72814 2009-06-03 3.15 -
JiangMin 11.0.706 2009.06.08 2009-06-08 1.97 -
Kaspersky 5.5.10 2009.06.08 2009-06-08 0.06 -
KingSoft 2009.2.5.15 2009.6.8.21 2009-06-08 0.55 -
McAfee 5.3.00 5640 2009-06-08 3.06 -
Microsoft 1.4701 2009.06.08 2009-06-08 4.28 -
mks_vir 2.01 2009.06.07 2009-06-07 3.23 -
Norman 6.01.05 6.01.00 2009-06-02 4.01 -
Panda 9.05.01 2009.06.06 2009-06-06 1.73 -
Trend Micro 8.700-1004 6.180.02 2009-06-08 0.03 -
Quick Heal 10.00 2009.06.08 2009-06-08 1.52 -
Rising 20.0 21.33.03.00 2009-06-08 0.91 -
Sophos 2.87.1 4.42 2009-06-09 2.38 -
Sunbelt 5174 5174 2009-06-07 0.80 -
Symantec 1.3.0.24 20090608.007 2009-06-08 0.06 -
nProtect 20090608.02 4212508 2009-06-08 5.39 -
The Hacker 6.3.4.3 v00342 2009-06-08 0.63 -
VBA32 3.12.10.6 20090607.1500 2009-06-07 2.05 -
VirusBuster 4.5.11.10 10.107.6/1591776 2009-06-08 2.17 -



combofix.txt :

ComboFix 09-06-06.03 - Kenneth 06/08/2009 17:15.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.211 [GMT -4:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GHSMEEHI
-------\Service_ghsmeehi


((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
.

2009-06-08 04:21 . 2009-03-06 14:44 283648 ------w- c:\windows\system32\dllcache\pdh.dll
2009-06-08 04:20 . 2009-02-09 10:20 399360 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-06-08 04:20 . 2009-02-09 10:20 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-06-08 04:20 . 2009-02-06 17:14 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-06-08 04:20 . 2009-02-06 16:54 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-06-08 04:20 . 2005-07-26 04:39 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2009-06-08 04:20 . 2009-02-09 10:20 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-08 04:20 . 2009-02-06 16:39 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-08 04:20 . 2009-02-09 10:20 616960 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-06-08 04:20 . 2009-02-09 10:20 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-06-08 04:19 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-06-08 03:12 . 2009-06-07 00:39 3018864 ----a-r- C:\ComboFix.exe
2009-06-05 03:13 . 2009-06-05 03:13 -------- d-----w- c:\documents and settings\Kenneth\Application Data\Malwarebytes
2009-06-05 03:13 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-05 03:13 . 2009-06-05 03:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-05 03:13 . 2009-06-05 03:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-05 03:13 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-05 03:11 . 2009-06-05 03:11 -------- d-----w- c:\program files\ERUNT
2009-05-19 03:21 . 2009-05-19 03:21 -------- d-----w- c:\windows\system32\wbem\Repository
2009-05-16 17:20 . 2009-05-19 03:07 -------- d-----w- c:\documents and settings\Administrator.BJ-LAPTOP\Local Settings\Application Data\Microsoft
2009-05-16 17:20 . 2005-05-07 10:03 -------- d-----w- c:\documents and settings\Administrator.BJ-LAPTOP\Local Settings\Application Data\LightScribe
2009-05-16 17:20 . 2009-05-19 03:07 -------- d-s---w- c:\documents and settings\Administrator.BJ-LAPTOP
2009-05-11 17:22 . 2009-05-19 03:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2009-05-11 17:22 . 2005-05-07 10:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\LightScribe
2009-05-11 17:22 . 2009-05-19 03:17 -------- d-s---w- c:\documents and settings\Administrator
2009-05-11 00:26 . 2009-05-19 03:20 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Microsoft
2009-05-11 00:26 . 2005-05-07 10:03 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\LightScribe
2009-05-11 00:26 . 2009-05-19 03:20 -------- d-s---w- c:\documents and settings\Guest

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 21:20 . 2009-04-04 06:12 -------- d-----w- c:\program files\DNA
2009-06-08 21:20 . 2009-04-04 06:12 -------- d-----w- c:\documents and settings\Kenneth\Application Data\DNA
2009-06-08 21:11 . 2009-04-04 05:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-08 04:19 . 2005-05-07 09:37 -------- d-----w- c:\program files\Hp
2009-06-05 20:39 . 2009-04-04 07:40 -------- d-----w- c:\documents and settings\Kenneth\Application Data\BitTorrent
2009-05-28 16:22 . 2004-08-04 08:00 1033728 ----a-w- c:\windows\explorer.exe
2009-04-04 05:06 . 2005-11-16 19:03 65544 ----a-w- c:\documents and settings\Kenneth\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( [email protected]_04.02.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-07-29 10:52 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
- 2005-07-29 10:52 . 2007-07-27 13:41 26488 c:\windows\system32\spupdsvc.exe
+ 2007-04-14 07:34 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
- 2007-04-14 07:34 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
+ 2004-08-04 08:00 . 2009-02-03 20:08 55808 c:\windows\system32\secur32.dll
- 2004-08-04 08:00 . 2004-08-04 08:00 55808 c:\windows\system32\secur32.dll
+ 2004-08-04 08:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
+ 2004-08-04 08:00 . 2009-02-20 18:09 44544 c:\windows\system32\pngfilt.dll
- 2004-08-04 08:00 . 2008-12-20 23:15 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-07 13:10 . 2009-06-08 05:58 53806 c:\windows\system32\perfc009.dat
+ 2004-08-04 08:00 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
- 2004-08-04 08:00 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-04 08:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
- 2006-11-08 02:03 . 2008-12-20 23:15 52224 c:\windows\system32\msfeedsbs.dll
+ 2006-11-08 02:03 . 2009-02-20 18:09 52224 c:\windows\system32\msfeedsbs.dll
- 2004-08-04 08:00 . 2004-08-04 08:00 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-04 08:00 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
- 2004-08-04 08:00 . 2008-12-20 23:15 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-04 08:00 . 2009-02-20 18:09 27648 c:\windows\system32\jsproxy.dll
+ 2006-11-07 08:26 . 2009-02-20 10:20 13824 c:\windows\system32\ieudinit.exe
- 2006-11-07 08:26 . 2008-12-19 09:10 13824 c:\windows\system32\ieudinit.exe
- 2004-08-04 08:00 . 2008-12-20 23:15 44544 c:\windows\system32\iernonce.dll
+ 2004-08-04 08:00 . 2009-02-20 18:09 44544 c:\windows\system32\iernonce.dll
+ 2004-08-04 08:00 . 2009-02-20 18:09 78336 c:\windows\system32\ieencode.dll
- 2004-08-04 08:00 . 2006-10-17 17:06 78336 c:\windows\system32\ieencode.dll
+ 2004-08-04 08:00 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-04 08:00 . 2008-12-19 09:10 70656 c:\windows\system32\ie4uinit.exe
+ 2006-10-17 16:58 . 2009-02-20 18:09 63488 c:\windows\system32\icardie.dll
- 2006-10-17 16:58 . 2008-12-20 23:15 63488 c:\windows\system32\icardie.dll
+ 2009-02-03 20:08 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll
- 2006-05-10 05:23 . 2008-12-20 23:15 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-05-10 05:23 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2007-05-08 20:00 . 2008-12-20 23:15 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-08 20:00 . 2009-02-20 18:09 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2006-05-10 05:22 . 2008-12-20 23:15 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-05-10 05:22 . 2009-02-20 18:09 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-05-08 20:00 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2007-05-08 20:00 . 2008-12-19 09:10 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2006-11-07 08:26 . 2008-12-20 23:15 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2006-11-07 08:26 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\iernonce.dll
- 2006-10-17 17:06 . 2006-10-17 17:06 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2006-10-17 17:06 . 2009-02-20 18:09 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2006-11-07 08:26 . 2009-02-20 10:20 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2006-11-07 08:26 . 2008-12-19 09:10 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-12-12 16:57 . 2008-12-20 23:15 63488 c:\windows\system32\dllcache\icardie.dll
+ 2008-12-12 16:57 . 2009-02-20 18:09 63488 c:\windows\system32\dllcache\icardie.dll
- 2005-07-29 10:51 . 2009-04-04 07:39 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2005-07-29 10:51 . 2009-06-08 05:50 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2005-07-29 10:51 . 2009-06-08 05:50 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-07-29 10:51 . 2009-04-04 07:39 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-07-29 10:51 . 2009-04-04 07:39 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2005-07-29 10:51 . 2009-06-08 05:50 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2005-07-29 10:51 . 2009-04-04 07:39 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2005-07-29 10:51 . 2009-06-08 05:50 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-03-23 00:05 . 2007-03-23 00:05 97632 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2009-06-08 05:49 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\pngfilt.dll
+ 2009-06-08 05:49 . 2008-12-20 23:15 52224 c:\windows\ie7updates\KB963027-IE7\msfeedsbs.dll
+ 2009-06-08 05:49 . 2008-12-20 23:15 27648 c:\windows\ie7updates\KB963027-IE7\jsproxy.dll
+ 2009-06-08 05:49 . 2008-12-19 09:10 13824 c:\windows\ie7updates\KB963027-IE7\ieudinit.exe
+ 2009-06-08 05:49 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\iernonce.dll
+ 2009-06-08 05:49 . 2006-10-17 17:06 78336 c:\windows\ie7updates\KB963027-IE7\ieencode.dll
+ 2009-06-08 05:49 . 2008-12-19 09:10 70656 c:\windows\ie7updates\KB963027-IE7\ie4uinit.exe
+ 2009-06-08 05:49 . 2008-12-20 23:15 63488 c:\windows\ie7updates\KB963027-IE7\icardie.dll
+ 2005-07-29 10:51 . 2009-06-08 05:50 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2005-07-29 10:51 . 2009-04-04 07:39 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2005-05-17 00:25 . 2008-02-15 09:06 351744 c:\windows\system32\xpsp3res.dll
- 2004-08-04 08:00 . 2008-12-20 23:15 826368 c:\windows\system32\wininet.dll
+ 2004-08-04 08:00 . 2009-03-03 00:18 826368 c:\windows\system32\wininet.dll
+ 2004-08-04 08:00 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
- 2004-08-04 08:00 . 2004-08-04 08:00 351232 c:\windows\system32\winhttp.dll
- 2004-08-04 08:00 . 2008-12-20 23:15 233472 c:\windows\system32\webcheck.dll
+ 2004-08-04 08:00 . 2009-02-20 18:09 233472 c:\windows\system32\webcheck.dll
+ 2004-08-04 08:00 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-08-04 08:00 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-08-04 08:00 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
- 2004-08-04 08:00 . 2008-12-20 23:15 105984 c:\windows\system32\url.dll
+ 2004-08-04 08:00 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll
+ 2004-08-04 08:00 . 2009-02-06 17:14 110592 c:\windows\system32\services.exe
+ 2004-08-04 08:00 . 2009-02-09 10:20 399360 c:\windows\system32\rpcss.dll
+ 2004-08-07 13:10 . 2009-06-08 05:58 383492 c:\windows\system32\perfh009.dat
+ 2004-08-04 08:00 . 2009-03-06 14:44 283648 c:\windows\system32\pdh.dll
- 2004-08-04 08:00 . 2004-08-04 08:00 283648 c:\windows\system32\pdh.dll
+ 2004-08-04 08:00 . 2009-02-20 18:09 102912 c:\windows\system32\occache.dll
- 2004-08-04 08:00 . 2008-12-20 23:15 102912 c:\windows\system32\occache.dll
+ 2004-08-04 08:00 . 2009-02-09 10:20 714752 c:\windows\system32\ntdll.dll
+ 2004-08-04 08:00 . 2009-02-20 18:09 671232 c:\windows\system32\mstime.dll
- 2004-08-04 08:00 . 2008-12-20 23:15 671232 c:\windows\system32\mstime.dll
- 2004-08-04 08:00 . 2008-12-20 23:15 193024 c:\windows\system32\msrating.dll
+ 2004-08-04 08:00 . 2009-02-20 18:09 193024 c:\windows\system32\msrating.dll
- 2004-08-04 08:00 . 2008-12-20 23:15 477696 c:\windows\system32\mshtmled.dll
+ 2004-08-04 08:00 . 2009-02-20 18:09 477696 c:\windows\system32\mshtmled.dll
- 2006-11-08 02:03 . 2008-12-20 23:15 459264 c:\windows\system32\msfeeds.dll
+ 2006-11-08 02:03 . 2009-02-20 18:09 459264 c:\windows\system32\msfeeds.dll
+ 2004-08-04 08:00 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-04 08:00 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-04 08:00 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2004-08-04 08:00 . 2009-02-09 10:20 723456 c:\windows\system32\lsasrv.dll
+ 2004-08-04 08:00 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
+ 2006-10-17 16:57 . 2009-02-20 18:09 268288 c:\windows\system32\iertutil.dll
+ 2004-08-04 08:00 . 2009-02-20 18:09 385024 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 16:27 . 2009-02-20 18:09 383488 c:\windows\system32\ieapfltr.dll
- 2006-10-17 16:27 . 2008-12-20 23:15 383488 c:\windows\system32\ieapfltr.dll
+ 2004-08-04 08:00 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll
- 2004-08-04 08:00 . 2008-12-19 05:23 161792 c:\windows\system32\ieakui.dll
- 2004-08-04 08:00 . 2008-12-20 23:15 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-04 08:00 . 2009-02-20 18:09 230400 c:\windows\system32\ieaksie.dll
- 2004-08-04 08:00 . 2008-12-20 23:15 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-04 08:00 . 2009-02-20 18:09 153088 c:\windows\system32\ieakeng.dll
- 2004-08-04 08:00 . 2008-12-20 23:15 133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 08:00 . 2009-02-20 18:09 133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 08:00 . 2009-02-20 18:09 214528 c:\windows\system32\dxtrans.dll
- 2004-08-04 08:00 . 2008-12-20 23:15 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-04 08:00 . 2009-02-20 18:09 347136 c:\windows\system32\dxtmsft.dll
- 2004-08-04 08:00 . 2008-12-20 23:15 347136 c:\windows\system32\dxtmsft.dll
+ 2006-05-10 05:23 . 2009-03-03 00:18 826368 c:\windows\system32\dllcache\wininet.dll
- 2006-05-10 05:23 . 2008-12-20 23:15 826368 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:47 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2006-11-08 02:03 . 2009-02-20 18:09 233472 c:\windows\system32\dllcache\webcheck.dll
- 2006-11-08 02:03 . 2008-12-20 23:15 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2006-10-17 17:05 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll
- 2006-10-17 17:05 . 2008-12-20 23:15 105984 c:\windows\system32\dllcache\url.dll
- 2006-10-17 17:04 . 2008-12-20 23:15 102912 c:\windows\system32\dllcache\occache.dll
+ 2006-10-17 17:04 . 2009-02-20 18:09 102912 c:\windows\system32\dllcache\occache.dll
- 2006-05-10 05:23 . 2008-12-20 23:15 671232 c:\windows\system32\dllcache\mstime.dll
+ 2006-05-10 05:23 . 2009-02-20 18:09 671232 c:\windows\system32\dllcache\mstime.dll
+ 2006-05-10 05:23 . 2009-02-20 18:09 193024 c:\windows\system32\dllcache\msrating.dll
- 2006-05-10 05:23 . 2008-12-20 23:15 193024 c:\windows\system32\dllcache\msrating.dll
- 2006-05-10 05:23 . 2008-12-20 23:15 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-05-10 05:23 . 2009-02-20 18:09 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-05-08 20:00 . 2009-02-20 18:09 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2007-05-08 20:00 . 2008-12-20 23:15 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2006-08-17 12:28 . 2009-02-09 10:20 723456 c:\windows\system32\dllcache\lsasrv.dll
+ 2006-07-05 10:55 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2006-10-17 17:04 . 2009-02-28 04:54 636072 c:\windows\system32\dllcache\iexplore.exe
+ 2007-05-08 20:00 . 2009-02-20 18:09 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2006-11-07 08:27 . 2009-02-20 18:09 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-05-08 20:00 . 2008-12-20 23:15 383488 c:\windows\system32\dllcache\ieapfltr.dll
+ 2007-05-08 20:00 . 2009-02-20 18:09 383488 c:\windows\system32\dllcache\ieapfltr.dll
- 2006-11-07 08:25 . 2008-12-19 05:23 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2006-11-07 08:25 . 2009-02-20 05:14 161792 c:\windows\system32\dllcache\ieakui.dll
- 2006-11-07 08:27 . 2008-12-20 23:15 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2006-11-07 08:27 . 2009-02-20 18:09 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2006-11-07 08:26 . 2009-02-20 18:09 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2006-11-07 08:26 . 2008-12-20 23:15 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-05-10 05:22 . 2009-02-20 18:09 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-05-10 05:22 . 2008-12-20 23:15 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-05-10 05:22 . 2008-12-20 23:15 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-05-10 05:22 . 2009-02-20 18:09 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2006-05-10 05:22 . 2008-12-20 23:15 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-05-10 05:22 . 2009-02-20 18:09 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2006-11-07 08:26 . 2008-12-20 23:15 124928 c:\windows\system32\dllcache\advpack.dll
+ 2006-11-07 08:26 . 2009-02-20 18:09 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 08:00 . 2009-02-20 18:09 124928 c:\windows\system32\advpack.dll
- 2004-08-04 08:00 . 2008-12-20 23:15 124928 c:\windows\system32\advpack.dll
- 2004-08-04 08:00 . 2004-08-04 08:00 616960 c:\windows\system32\advapi32.dll
+ 2004-08-04 08:00 . 2009-02-09 10:20 616960 c:\windows\system32\advapi32.dll
+ 2009-06-08 04:20 . 2009-06-08 04:20 689456 c:\windows\Installer\{FE57DE70-95DE-4B64-9266-84DA811053DB}\HPSUShortcut_BB85ED9CAFC943BDB8DC258C3C7DF72E.exe
- 2005-07-29 10:51 . 2009-04-04 07:39 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2005-07-29 10:51 . 2009-06-08 05:50 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2005-07-29 10:51 . 2009-06-08 05:50 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2005-07-29 10:51 . 2009-04-04 07:39 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2005-07-29 10:51 . 2009-06-08 05:50 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2005-07-29 10:51 . 2009-04-04 07:39 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2005-07-29 10:51 . 2009-06-08 05:50 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2005-07-29 10:51 . 2009-04-04 07:39 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2005-07-29 10:51 . 2009-06-08 05:50 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2005-07-29 10:51 . 2009-04-04 07:39 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-06-08 05:49 . 2008-12-20 23:15 826368 c:\windows\ie7updates\KB963027-IE7\wininet.dll
+ 2009-06-08 05:49 . 2008-12-20 23:15 233472 c:\windows\ie7updates\KB963027-IE7\webcheck.dll
+ 2009-06-08 05:49 . 2008-12-20 23:15 105984 c:\windows\ie7updates\KB963027-IE7\url.dll
+ 2009-06-08 05:49 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB963027-IE7\spuninst\updspapi.dll
+ 2009-06-08 05:49 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB963027-IE7\spuninst\spuninst.exe
+ 2009-06-08 05:49 . 2008-12-20 23:15 102912 c:\windows\ie7updates\KB963027-IE7\occache.dll
+ 2009-06-08 05:49 . 2008-12-20 23:15 671232 c:\windows\ie7updates\KB963027-IE7\mstime.dll
+ 2009-06-08 05:49 . 2008-12-20 23:15 193024 c:\windows\ie7updates\KB963027-IE7\msrating.dll
+ 2009-06-08 05:49 . 2008-12-20 23:15 477696 c:\windows\ie7updates\KB963027-IE7\mshtmled.dll
+ 2009-06-08 05:49 . 2008-12-20 23:15 459264 c:\windows\ie7updates\KB963027-IE7\msfeeds.dll
+ 2009-06-08 05:49 . 2008-12-19 05:25 634024 c:\windows\ie7updates\KB963027-IE7\iexplore.exe
+ 2009-06-08 05:49 . 2008-12-20 23:15 267776 c:\windows\ie7updates\KB963027-IE7\iertutil.dll
+ 2009-06-08 05:49 . 2008-12-20 23:15 384512 c:\windows\ie7updates\KB963027-IE7\iedkcs32.dll
+ 2009-06-08 05:49 . 2008-12-20 23:15 383488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dll
+ 2009-06-08 05:49 . 2008-12-19 05:23 161792 c:\windows\ie7updates\KB963027-IE7\ieakui.dll
+ 2009-06-08 05:49 . 2008-12-20 23:15 230400 c:\windows\ie7updates\KB963027-IE7\ieaksie.dll
+ 2009-06-08 05:49 . 2008-12-20 23:15 153088 c:\windows\ie7updates\KB963027-IE7\ieakeng.dll
+ 2009-06-08 05:49 . 2008-12-20 23:15 133120 c:\windows\ie7updates\KB963027-IE7\extmgr.dll
+ 2009-06-08 05:49 . 2008-12-20 23:15 214528 c:\windows\ie7updates\KB963027-IE7\dxtrans.dll
+ 2009-06-08 05:49 . 2008-12-20 23:15 347136 c:\windows\ie7updates\KB963027-IE7\dxtmsft.dll
+ 2009-06-08 05:49 . 2008-12-20 23:15 124928 c:\windows\ie7updates\KB963027-IE7\advpack.dll
+ 2009-06-08 04:05 . 2009-06-08 04:05 110592 c:\windows\ERDNT\AutoBackup\6-8-2009\Users\00000002\UsrClass.dat
+ 2009-06-08 04:05 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\6-8-2009\ERDNT.EXE
+ 2004-08-04 08:00 . 2009-02-20 18:09 1160192 c:\windows\system32\urlmon.dll
- 2004-08-04 08:00 . 2008-12-20 23:15 1160192 c:\windows\system32\urlmon.dll
+ 2004-08-04 08:00 . 2008-12-20 22:43 1287680 c:\windows\system32\quartz.dll
- 2004-08-04 08:00 . 2008-05-07 05:18 1287680 c:\windows\system32\quartz.dll
- 2004-08-04 08:00 . 2008-08-14 09:58 2136064 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 08:00 . 2009-02-06 17:22 2136064 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 08:00 . 2009-02-06 16:49 2015744 c:\windows\system32\ntkrnlpa.exe
- 2004-08-04 08:00 . 2008-08-14 09:22 2015744 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-04 08:00 . 2009-02-20 18:09 3595264 c:\windows\system32\mshtml.dll
+ 2006-11-08 02:03 . 2009-02-20 18:09 6066176 c:\windows\system32\ieframe.dll
+ 2006-05-10 05:23 . 2009-02-20 18:09 1160192 c:\windows\system32\dllcache\urlmon.dll
- 2006-05-10 05:23 . 2008-12-20 23:15 1160192 c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-07 05:18 . 2008-12-20 22:43 1287680 c:\windows\system32\dllcache\quartz.dll
- 2008-05-07 05:18 . 2008-05-07 05:18 1287680 c:\windows\system32\dllcache\quartz.dll
+ 2006-12-19 14:17 . 2009-02-06 17:24 2180480 c:\windows\system32\dllcache\ntoskrnl.exe
- 2006-12-19 12:55 . 2008-08-14 09:22 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2006-12-19 12:55 . 2009-02-06 16:49 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
- 2006-12-19 12:55 . 2008-08-14 09:22 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2006-12-19 12:55 . 2009-02-06 16:49 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2006-12-19 14:15 . 2008-08-14 09:58 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-12-19 14:15 . 2009-02-06 17:22 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-05-19 15:08 . 2009-02-20 18:09 3595264 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-08 20:00 . 2009-02-20 18:09 6066176 c:\windows\system32\dllcache\ieframe.dll
+ 2009-06-08 05:49 . 2008-12-20 23:15 1160192 c:\windows\ie7updates\KB963027-IE7\urlmon.dll
+ 2009-06-08 05:49 . 2009-01-17 02:35 3594752 c:\windows\ie7updates\KB963027-IE7\mshtml.dll
+ 2009-06-08 05:49 . 2008-12-20 23:15 6066688 c:\windows\ie7updates\KB963027-IE7\ieframe.dll
+ 2009-05-11 17:02 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dat
- 2009-05-11 17:02 . 2007-04-17 09:28 2455488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dat
+ 2009-06-08 04:05 . 2009-06-08 04:05 5066752 c:\windows\ERDNT\AutoBackup\6-8-2009\Users\00000001\ntuser.dat
+ 2005-03-02 00:59 . 2009-02-06 17:24 2180480 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2005-03-02 00:34 . 2008-08-14 09:22 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2005-03-02 00:34 . 2008-08-14 09:22 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2005-03-02 00:57 . 2008-08-14 09:58 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2005-03-02 00:57 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2009-05-11 00:23 . 2007-04-17 09:28 2455488 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\ieapfltr.dat
+ 2005-07-29 11:38 . 2009-05-07 04:16 24699336 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-12 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"AIM"="c:\progra~1\AIM\aim.exe" [2005-08-05 67160]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-04 321344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-09 339968]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"\\KEN-TOWER\EPSON Stylus Photo RX500"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE" [2003-06-01 99840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-23 185784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-16 29744]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

c:\documents and settings\Kenneth\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Common Files\\Mozilla Shared\\firefox.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 11:51 AM 24652]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/5/2006 6:45 PM 29744]
.
Contents of the 'Scheduled Tasks' folder

2008-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2006-01-12 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-03 18:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\Kenneth\Application Data\Mozilla\Firefox\Profiles\iow4gxal.default\
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query=
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\documents and settings\Kenneth\Application Data\Mozilla\Firefox\Profiles\iow4gxal.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 17:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????4?5?3?6??????? ???B?????????????H<C? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1969252453-679945367-741176259-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2184)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\AIM\aim.exe
c:\program files\HPQ\Shared\hpqwmi.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-06-08 17:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-08 21:25
ComboFix2.txt 2009-06-08 04:08

Pre-Run: 61,425,614,848 bytes free
Post-Run: 61,424,656,384 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

437 --- E O F --- 2009-06-08 05:51

hope this is okay.
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#9
kenbarber

kenbarber

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
mbam log:
Malwarebytes' Anti-Malware 1.37
Database version: 2255
Windows 5.1.2600 Service Pack 2

6/9/2009 5:52:03 PM
mbam-log-2009-06-09 (17-52-03).txt

Scan type: Quick Scan
Objects scanned: 99613
Time elapsed: 3 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


kaspersky log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 9, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, June 10, 2009 00:03:46
Records in database: 2332722
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 62670
Threat name: 7
Infected objects: 9
Suspicious objects: 0
Duration of the scan: 02:20:03


File name / Threat name / Threats count
C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP16\A0007735.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP3\A0000013.exe Infected: Trojan.Win32.Inject.zzx 1
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP3\A0000014.exe Infected: Trojan-Downloader.Win32.FraudLoad.vnla 1
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP3\A0000015.exe Infected: Trojan-Clicker.Win32.Small.adw 1
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP4\A0000043.exe Infected: Net-Worm.Win32.Koobface.fy 1
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP4\A0000062.exe Infected: Trojan-Downloader.Win32.FraudLoad.vnla 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZT68CW4I\187[1].exe Infected: Packed.Win32.Katusha.a 1

The selected area was scanned.
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
    explorer.exe
    
    :Services
    
    :Reg
    
    :Files
    C:\Program Files\Online Services\AOL90US\comps\toolbar
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZT68CW4I\187[1].exe 
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



CLICK HERE to download the HijackThis Installer:
  • Save HJTInstall.exe to your desktop.
  • Double-click on HJTInstall.exe to run the program.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis.
  • Accept the license agreement by clicking the "I Accept" button.
  • Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  • Click "Save log" to save the log file and then the log will open in Notepad.
  • Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste the log in your next reply.
  • Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

  • 0

Advertisements


#11
kenbarber

kenbarber

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
OTM LOG::

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder C:\Program Files\Online Services\AOL90US\comps\toolbar not found.
File/Folder C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZT68CW4I\187[1].exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Kenneth\LOCALS~1\Temp\~DFCFB0.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\04_27_2009_180_150_placement[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\ads[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\cfug[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\click[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\iframe3[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\i[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\st[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\st[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\st[3] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\01[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\click[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\iframe3[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\i[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\md[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\md[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\st[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\LLLR79MY\getInPage[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\LLLR79MY\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\LLLR79MY\st[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\afe_specificclick_net[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\de[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\iframe3[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\iframe3[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\welcome[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\WINDOWS-XP-NOTHING-BUT-WAL-PAPER-t241384[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTM by OldTimer - Version 2.1.0.1 log created on 06102009_174323

Files moved on Reboot...
C:\DOCUME~1\Kenneth\LOCALS~1\Temp\~DFCFB0.tmp moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\04_27_2009_180_150_placement[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\ads[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\cfug[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\click[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\iframe3[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\i[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\st[1] moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\st[2] moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\st[3] moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\01[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\click[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\iframe3[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\i[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\md[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\md[2].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\st[1] moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\LLLR79MY\getInPage[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\LLLR79MY\iframe[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\LLLR79MY\st[1] moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\afe_specificclick_net[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\de[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\iframe3[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\iframe3[2].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\iframe[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\welcome[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\WINDOWS-XP-NOTHING-BUT-WAL-PAPER-t241384[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.

Registry entries deleted on Reboot...


HIJACKHIS LOG:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder C:\Program Files\Online Services\AOL90US\comps\toolbar not found.
File/Folder C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZT68CW4I\187[1].exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Kenneth\LOCALS~1\Temp\~DFCFB0.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\04_27_2009_180_150_placement[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\ads[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\cfug[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\click[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\iframe3[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\i[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\st[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\st[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\st[3] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\01[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\click[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\iframe3[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\i[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\md[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\md[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\st[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\LLLR79MY\getInPage[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\LLLR79MY\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\LLLR79MY\st[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\afe_specificclick_net[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\de[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\iframe3[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\iframe3[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\welcome[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\WINDOWS-XP-NOTHING-BUT-WAL-PAPER-t241384[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTM by OldTimer - Version 2.1.0.1 log created on 06102009_174323

Files moved on Reboot...
C:\DOCUME~1\Kenneth\LOCALS~1\Temp\~DFCFB0.tmp moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\04_27_2009_180_150_placement[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\ads[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\cfug[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\click[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\iframe3[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\i[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\st[1] moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\st[2] moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\YBGENC5N\st[3] moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\01[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\click[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\iframe3[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\i[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\md[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\md[2].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\UN20MGUN\st[1] moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\LLLR79MY\getInPage[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\LLLR79MY\iframe[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\LLLR79MY\st[1] moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\afe_specificclick_net[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\de[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\iframe3[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\iframe3[2].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\iframe[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\welcome[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\Content.IE5\JCMS7NVV\WINDOWS-XP-NOTHING-BUT-WAL-PAPER-t241384[1].htm moved successfully.
C:\Documents and Settings\Kenneth\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.

Registry entries deleted on Reboot...
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
can you post the HJT Log
  • 0

#13
kenbarber

kenbarber

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
i am out of town until monday, but is the hjt log something i have run? or something i need to create?
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
its this

CLICK HERE to download the HijackThis Installer:
  • Save HJTInstall.exe to your desktop.
  • Double-click on HJTInstall.exe to run the program.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis.
  • Accept the license agreement by clicking the "I Accept" button.
  • Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  • Click "Save log" to save the log file and then the log will open in Notepad.
  • Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste the log in your next reply.
  • Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

  • 0

#15
kenbarber

kenbarber

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:52:11 PM, on 6/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AIM6\aim6.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\program files\aim toolbar\aimtbServer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [\\KEN-TOWER\EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P36 "\\KEN-TOWER\EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10994 bytes
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP