|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
10-28-2008, 08:03 PM
|
#1 (permalink) |
|
Registered User
Join Date: Oct 2008
Posts: 8
OS: service pack 2 windows xp
|
pop ups and viruses?
Hello, I'm running XP Pro SP2 with IE I get these pop up ads (dvdforone) . I've switched to Firefox for the most part but still want to make sure my PC is clean. I also have that "common" folder open on start up sometimes. which was the myspace im folder but i just uninstalled that couple hours ago. Just let me know what I need to do, Thanks. Here is the log from the prgrams.
GMER LOG; GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-10-28 22:53:44 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT 82065578 ZwConnectPort ---- Devices - GMER 1.0.14 ---- AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device \FileSystem\Fastfat \Fat A88BAC8A AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) ---- Registry - GMER 1.0.14 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{0789FD72-8CDF-9146-5753-71D29736F06C}\InprocServer32@ C:\WINDOWS\system32\CLBCatQ.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{0789FD72-8CDF-9146-5753-71D29736F06C}\InprocServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{174907B3-9EB4-E880-A074-153DBA55BD9D}\InprocServer32@ C:\WINDOWS\system32\scrrun.dll Reg HKLM\SOFTWARE\Classes\CLSID\{174907B3-9EB4-E880-A074-153DBA55BD9D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{174907B3-9EB4-E880-A074-153DBA55BD9D}\ProgID@ HTML.HostEncode Reg HKLM\SOFTWARE\Classes\CLSID\{1B9E63C7-6BF7-9612-5604-A89EE981A6DC}\InprocServer32@ C:\WINDOWS\system32\THREED32.OCX Reg HKLM\SOFTWARE\Classes\CLSID\{1B9E63C7-6BF7-9612-5604-A89EE981A6DC}\InprocServer32@InprocServer32 9~EowM9KA?EODmlI}'28Components_WINSYSDIR>`}1*n6d]T9]Ts8?N7]I`? Reg HKLM\SOFTWARE\Classes\CLSID\{253224CD-7D02-1398-7DA3-9958418896C2}\InprocServer32@ C:\Program Files\Real\RealPlayer\CDDBRealControl.dll Reg HKLM\SOFTWARE\Classes\CLSID\{253224CD-7D02-1398-7DA3-9958418896C2}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{253224CD-7D02-1398-7DA3-9958418896C2}\ProgID@ CDDBRealControl.CddbDisc.1 Reg HKLM\SOFTWARE\Classes\CLSID\{253224CD-7D02-1398-7DA3-9958418896C2}\TypeLib@ {832c39c2-d932-43ae-8b3b-3a5208132fdd} Reg HKLM\SOFTWARE\Classes\CLSID\{253224CD-7D02-1398-7DA3-9958418896C2}\VersionIndependentProgID@ CDDBRealControl.CddbDisc Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\AuxUserType\2 Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\AuxUserType\2@ Video Clip Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\DataFormats\DefaultSet Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\DataFormats\DefaultSet@ AVIFile Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\DataFormats\GetSet Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\DataFormats\GetSet\0 Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\DataFormats\GetSet\0@ Embed Source,1,8,1 Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\DataFormats\GetSet\1 Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\DataFormats\GetSet\1@ 3,1,32,1 Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\DataFormats\GetSet\2 Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\DataFormats\GetSet\2@ 8,1,1,1 Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\DefaultIcon@ mplay32.exe,3 Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}@ Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}@ Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\InprocHandler32@ ole32.dll Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\Insertable@ Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\LocalServer@ mplay32.exe /avi Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\LocalServer32@ mplay32.exe /avi Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\MiscStatus@ 0 Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb} Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\ProgID@ AVIFile Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\verb\0 Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\verb\0@ &Play,0,3 Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\verb\1 Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\verb\1@ &Edit,0,2 Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\verb\2 Reg HKLM\SOFTWARE\Classes\CLSID\{29B0D0CA-6BA1-73E0-CED4-43EEBD54A16E}\verb\2@ &Open,0,2 Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ C:\WINDOWS\system32\scrobj.dll Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\ProgID@ Scriptlet.Context Reg HKLM\SOFTWARE\Classes\CLSID\{49E8230E-4EB9-6FE8-8557-4A1934FC0E2E}\InprocServer32@ C:\WINDOWS\system32\ipsmsnap.dll Reg HKLM\SOFTWARE\Classes\CLSID\{49E8230E-4EB9-6FE8-8557-4A1934FC0E2E}\InprocServer32@ThreadingModel both Reg HKLM\SOFTWARE\Classes\CLSID\{49E8230E-4EB9-6FE8-8557-4A1934FC0E2E}\ProgID@ IpsecMonSnapin.About.1 Reg HKLM\SOFTWARE\Classes\CLSID\{49E8230E-4EB9-6FE8-8557-4A1934FC0E2E}\VersionIndependentProgID@ IpsecMonSnapin.About Reg HKLM\SOFTWARE\Classes\CLSID\{4AE4086C-3790-3FEC-573D-1AA59889EAEE}\InprocServer@ avifile.dll Reg HKLM\SOFTWARE\Classes\CLSID\{4AE4086C-3790-3FEC-573D-1AA59889EAEE}\InprocServer32@ avifil32.dll Reg HKLM\SOFTWARE\Classes\CLSID\{4AE4086C-3790-3FEC-573D-1AA59889EAEE}\InprocServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{6EE6A094-C439-4966-1C32-C8994BF44965}\Implemented Categories\{50E00C8F-91FB-A7C5-F936-23254145E7A4} Reg HKLM\SOFTWARE\Classes\CLSID\{6EE6A094-C439-4966-1C32-C8994BF44965}\Implemented Categories\{514A3A72-B449-4FA4-44A4-1A02F8A80991} Reg HKLM\SOFTWARE\Classes\CLSID\{6EE6A094-C439-4966-1C32-C8994BF44965}\Implemented Categories\{522E582E-A44B-42B4-8741-A4A8A8B17328} Reg HKLM\SOFTWARE\Classes\CLSID\{6EE6A094-C439-4966-1C32-C8994BF44965}\Implemented Categories\{53514A83-6C07-70F6-912B-BA77E789CF42} Reg HKLM\SOFTWARE\Classes\CLSID\{6EE6A094-C439-4966-1C32-C8994BF44965}\Implemented Categories\{55A4321B-0A97-7150-CEAB-7D68F637B33D} Reg HKLM\SOFTWARE\Classes\CLSID\{6EE6A094-C439-4966-1C32-C8994BF44965}\Implemented Categories\{56277F35-F593-DAB3-BF4E-9D64EEB2A507} Reg HKLM\SOFTWARE\Classes\CLSID\{6EE6A094-C439-4966-1C32-C8994BF44965}\Implemented Categories\{57111BF8-C8E7-3147-F26C-5FA7B5DCB047} Reg HKLM\SOFTWARE\Classes\CLSID\{6EE6A094-C439-4966-1C32-C8994BF44965}\InprocServer32@ C:\WINDOWS\Downloaded Program Files\FacebookPhotoUploader.ocx Reg HKLM\SOFTWARE\Classes\CLSID\{6EE6A094-C439-4966-1C32-C8994BF44965}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{6EE6A094-C439-4966-1C32-C8994BF44965}\MiscStatus@ 0 Reg HKLM\SOFTWARE\Classes\CLSID\{6EE6A094-C439-4966-1C32-C8994BF44965}\MiscStatus\1 Reg HKLM\SOFTWARE\Classes\CLSID\{6EE6A094-C439-4966-1C32-C8994BF44965}\MiscStatus\1@ 131457 Reg HKLM\SOFTWARE\Classes\CLSID\{6EE6A094-C439-4966-1C32-C8994BF44965}\ProgID@ TheFacebook.FacebookPhotoUploaderThumbnail.1 Reg HKLM\SOFTWARE\Classes\CLSID\{6EE6A094-C439-4966-1C32-C8994BF44965}\ToolboxBitmap32@ C:\WINDOWS\Downloaded Program Files\FacebookPhotoUploader.ocx, 109 Reg HKLM\SOFTWARE\Classes\CLSID\{6EE6A094-C439-4966-1C32-C8994BF44965}\TypeLib@ {IDL_TYPELIB_ID_LSTR} Reg HKLM\SOFTWARE\Classes\CLSID\{6EE6A094-C439-4966-1C32-C8994BF44965}\Version@ 1.0 Reg HKLM\SOFTWARE\Classes\CLSID\{6EE6A094-C439-4966-1C32-C8994BF44965}\VersionIndependentProgID@ TheFacebook.FacebookPhotoUploaderThumbnail Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@ C:\Program Files\Common Files\Microsoft Shared\DAO\dao360.dll Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\ProgID@ DAO.Group.36 Reg HKLM\SOFTWARE\Classes\CLSID\{961E2139-9A58-90A1-0365-C7FA3C64FE29}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} Reg HKLM\SOFTWARE\Classes\CLSID\{961E2139-9A58-90A1-0365-C7FA3C64FE29}\ProgID@ QBCtrOpenPObyCust10.CDataSourceHelper Reg HKLM\SOFTWARE\Classes\CLSID\{961E2139-9A58-90A1-0365-C7FA3C64FE29}\TypeLib@ {048305D1-8219-11D5-A59D-0050DABD6B8C} Reg HKLM\SOFTWARE\Classes\CLSID\{961E2139-9A58-90A1-0365-C7FA3C64FE29}\VERSION@ 1.0 Reg HKLM\SOFTWARE\Classes\CLSID\{AEF8734C-37F9-A64F-D799-844B8A070031}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29} Reg HKLM\SOFTWARE\Classes\CLSID\{AEF8734C-37F9-A64F-D799-844B8A070031}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}@ Reg HKLM\SOFTWARE\Classes\CLSID\{AEF8734C-37F9-A64F-D799-844B8A070031}\InprocServer32@ mscoree.dll Reg HKLM\SOFTWARE\Classes\CLSID\{AEF8734C-37F9-A64F-D799-844B8A070031}\InprocServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{AEF8734C-37F9-A64F-D799-844B8A070031}\InprocServer32@Class System.ObsoleteAttribute Reg HKLM\SOFTWARE\Classes\CLSID\{AEF8734C-37F9-A64F-D799-844B8A070031}\InprocServer32@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 Reg HKLM\SOFTWARE\Classes\CLSID\{AEF8734C-37F9-A64F-D799-844B8A070031}\InprocServer32@RuntimeVersion v1.1.4322 Reg HKLM\SOFTWARE\Classes\CLSID\{AEF8734C-37F9-A64F-D799-844B8A070031}\InprocServer32\1.0.5000.0 Reg HKLM\SOFTWARE\Classes\CLSID\{AEF8734C-37F9-A64F-D799-844B8A070031}\InprocServer32\1.0.5000.0@Class System.ObsoleteAttribute Reg HKLM\SOFTWARE\Classes\CLSID\{AEF8734C-37F9-A64F-D799-844B8A070031}\InprocServer32\1.0.5000.0@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 Reg HKLM\SOFTWARE\Classes\CLSID\{AEF8734C-37F9-A64F-D799-844B8A070031}\InprocServer32\1.0.5000.0@RuntimeVersion v1.1.4322 Reg HKLM\SOFTWARE\Classes\CLSID\{AEF8734C-37F9-A64F-D799-844B8A070031}\ProgId@ System.ObsoleteAttribute Reg HKLM\SOFTWARE\Classes\CLSID\{C931DCE9-7B7D-E193-73DF-8EA817BAF133}\InprocServer32@ C:\Program Files\Common Files\Microsoft Shared\Speech\SAPI.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{C931DCE9-7B7D-E193-73DF-8EA817BAF133}\InprocServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{C931DCE9-7B7D-E193-73DF-8EA817BAF133}\ProgID@ SAPI.SpTextSelectionInformation.1 Reg HKLM\SOFTWARE\Classes\CLSID\{C931DCE9-7B7D-E193-73DF-8EA817BAF133}\TypeLib@ {C866CA3A-32F7-11D2-9602-00C04F8EE628} Reg HKLM\SOFTWARE\Classes\CLSID\{C931DCE9-7B7D-E193-73DF-8EA817BAF133}\VersionIndependentProgID@ SAPI.SpTextSelectionInformation Reg HKLM\SOFTWARE\Classes\CLSID\{EE8C2D59-40B4-EFFC-B8E4-8A5EFF9C1C52}\InprocServer32@ C:\Program Files\Common Files\Sonic Shared\Sonic Central\Audio\AudioPlugin.dll Reg HKLM\SOFTWARE\Classes\CLSID\{EE8C2D59-40B4-EFFC-B8E4-8A5EFF9C1C52}\InprocServer32@InprocServer32 m%V+`GM,&@r`['wg?6{Q>PT-9%K%=G?}v!.9zp=es? Reg HKLM\SOFTWARE\Classes\CLSID\{EE8C2D59-40B4-EFFC-B8E4-8A5EFF9C1C52}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EE8C2D59-40B4-EFFC-B8E4-8A5EFF9C1C52}\LocalServer32@ "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" Reg HKLM\SOFTWARE\Classes\CLSID\{EE8C2D59-40B4-EFFC-B8E4-8A5EFF9C1C52}\ProgID@ Symantec.stLog.1 Reg HKLM\SOFTWARE\Classes\CLSID\{EE8C2D59-40B4-EFFC-B8E4-8A5EFF9C1C52}\TypeLib@ {51B9BCA6-4A06-11D3-B538-00902771A435} Reg HKLM\SOFTWARE\Classes\CLSID\{EE8C2D59-40B4-EFFC-B8E4-8A5EFF9C1C52}\VersionIndependentProgID@ Symantec.stLog Reg HKLM\SOFTWARE\Classes\CLSID\{FD41D149-A388-0587-6F3A-AB80C8365A87}\InprocServer32@ C:\WINDOWS\system32\rmoc3260.dll Reg HKLM\SOFTWARE\Classes\CLSID\{FD41D149-A388-0587-6F3A-AB80C8365A87}\InprocServer32@ThreadingModel ? Reg HKLM\SOFTWARE\Classes\CLSID\{FD41D149-A388-0587-6F3A-AB80C8365A87}\ProgID@ rmocx.RealPlayer Download Handler.1 Reg HKLM\SOFTWARE\Classes\CLSID\{FD41D149-A388-0587-6F3A-AB80C8365A87}\VersionIndependentProgID@ rmocx.RealPlayer Download Handler ---- EOF - GMER 1.0.14 ---- OTHER LOG; Logfile of random's system information tool 1.04 (written by random/random) Run by Briana at 2008-10-28 22:54:29 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 103 GB (69%) free of 149 GB Total RAM: 502 MB (58% free) HijackThis download failed ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}] Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 118844] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 434279] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}] AOL Toolbar Launcher - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2007-03-23 1025584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}] CNisExtBho Class - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [2005-03-15 104064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - Norton Internet Security - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [2005-03-15 104064] {DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2007-03-23 1025584] {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe [2006-10-12 49263] "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2006-09-11 218032] "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960] "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-04-12 53408] "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688] "IPHSend"=C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [2006-02-17 124520] "dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2005-05-31 122941] "Microsoft"=C:\WINDOWS\wuauclt.exe [2006-08-31 230518] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "Aim6"=C:\Program Files\AIM6\aim6.exe [2008-06-19 50528] "DellTransferAgent"=C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe [2007-11-13 135168] "ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-11 218032] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] C:\PROGRA~1\WinZip\WZQKPICK.EXE [2008-09-09 525664] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=189 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "hx-1"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader" "C:\Program Files\Common Files\AOL\1144043344\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1144043344\ee\AOLServiceHost.exe:*:Enabled:AOL Services" "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0" "C:\Program Files\Common Files\AOL\1144043344\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1144043344\ee\aolsoftware.exe:*:Enabled:AOL Services" "C:\Program Files\Common Files\AOL\1144043344\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1144043344\ee\aim6.exe:*:Enabled:AIM" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\WINDOWS\system32\dlcfcoms.exe"="C:\WINDOWS\system32\dlcfcoms.exe:*:Enabled:Dell 725 Server" "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare" "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader" "C:\Program Files\Common Files\AOL\1144043344\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1144043344\ee\AOLServiceHost.exe:*:Enabled:AOL Services" "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0df81ff4-fe9b-11db-ae1c-00132045f6c7}] shell\Auto\command - F:\sxs.exe shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a129d85-08ce-11dd-b042-00132045f6c7}] shell\Auto\command - F:\sxs.exe shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1c3e856-b3d0-11dc-af9f-00132045f6c7}] shell\Auto\command - F:\sxs.exe shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9044982-24f1-11db-ac14-00132045f6c7}] shell\Auto\command - G:\sxs.exe shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e66ed9fc-fc9f-11da-abc3-00132045f6c7}] shell\Auto\command - F:\sxs.exe shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe ======List of files/folders created in the last 3 months====== 2008-10-28 22:54:30 ----D---- C:\Program Files\trend micro 2008-10-28 22:54:29 ----D---- C:\rsit 2008-10-28 22:53:01 ----A---- C:\WINDOWS\GMER.txt 2008-10-28 22:29:08 ----A---- C:\WINDOWS\gmer.ini 2008-10-28 22:29:01 ----A---- C:\WINDOWS\gmer_uninstall.cmd 2008-10-28 22:29:01 ----A---- C:\WINDOWS\gmer.dll 2008-10-28 22:29:00 ----A---- C:\WINDOWS\gmer.exe 2008-10-28 21:50:15 ----A---- C:\WINDOWS\dqhx.txt 2008-10-28 21:49:00 ----D---- C:\WINDOWS\pss 2008-10-28 21:41:15 ----D---- C:\Program Files\WinZip 2008-10-28 21:25:35 ----D---- C:\Program Files\CCleaner 2008-10-28 20:45:44 ----D---- C:\Documents and Settings\Briana\Application Data\MSNInstaller 2008-10-28 20:28:27 ----D---- C:\Program Files\Mozilla Firefox 2008-10-24 03:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2008-10-15 20:49:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2008-10-15 20:49:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$ 2008-10-15 20:49:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2008-10-15 20:49:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2008-10-15 20:48:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2008-09-09 20:23:38 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2008-08-22 19:38:57 ----D---- C:\WINDOWS\system32\CatRoot_bak 2008-08-12 18:15:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2008-08-12 18:15:23 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2008-08-12 18:15:18 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$ 2008-08-12 18:15:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2008-08-12 18:13:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$ 2008-08-12 18:13:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2008-08-12 18:13:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2008-08-02 01:49:51 ----D---- C:\Documents and Settings\Briana\Application Data\Uniblue 2008-08-01 02:52:04 ----D---- C:\Program Files\Uniblue 2008-08-01 02:47:12 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip ======List of files/folders modified in the last 3 months====== 2008-10-28 22:54:30 ----RD---- C:\Program Files 2008-10-28 22:53:01 ----D---- C:\WINDOWS 2008-10-28 22:39:35 ----D---- C:\WINDOWS\system32\CatRoot2 2008-10-28 22:39:35 ----D---- C:\WINDOWS\system32\CatRoot 2008-10-28 22:39:26 ----HD---- C:\WINDOWS\inf 2008-10-28 22:29:01 ----D---- C:\WINDOWS\system32\drivers 2008-10-28 22:25:11 ----D---- C:\WINDOWS\Temp 2008-10-28 21:53:12 ----D---- C:\Program Files\Common Files\Symantec Shared 2008-10-28 21:49:58 ----D---- C:\WINDOWS\system32 2008-10-28 21:49:58 ----D---- C:\Program Files\Common Files\Real 2008-10-28 21:49:57 ----D---- C:\Documents and Settings\Briana\Application Data\Real 2008-10-28 21:49:52 ----D---- C:\Program Files\Common Files 2008-10-28 21:42:00 ----SHD---- C:\WINDOWS\Installer 2008-10-28 21:34:30 ----D---- C:\WINDOWS\Debug 2008-10-28 21:34:28 ----D---- C:\WINDOWS\Minidump 2008-10-28 21:18:52 ----N---- C:\WINDOWS\SchedLgU.Txt 2008-10-28 21:17:56 ----D---- C:\Documents and Settings\All Users\Application Data\AOL 2008-10-28 21:15:10 ----D---- C:\Program Files\MSN 2008-10-28 21:14:18 ----D---- C:\Program Files\QuickTime 2008-10-28 20:43:07 ----D---- C:\Program Files\FilmLoop Player 2008-10-28 20:42:28 ----D---- C:\Program Files\Kaneva 2008-10-28 20:41:44 ----D---- C:\Program Files\MySpace 2008-10-28 20:41:11 ----SD---- C:\Documents and Settings\Briana\Application Data\Microsoft 2008-10-28 20:41:04 ----D---- C:\Program Files\Microsoft ActiveSync 2008-10-28 20:41:03 ----D---- C:\WINDOWS\Help 2008-10-28 20:37:29 ----D---- C:\WINDOWS\WinSxS 2008-10-28 20:37:19 ----D---- C:\Program Files\Common Files\Sonic Shared 2008-10-28 20:37:16 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio 2008-10-28 20:37:15 ----D---- C:\Program Files\Common Files\Roxio Shared 2008-10-28 20:36:55 ----RSD---- C:\WINDOWS\Fonts 2008-10-28 20:24:06 ----D---- C:\Documents and Settings\All Users\Application Data\Kodak 2008-10-28 20:23:38 ----D---- C:\Program Files\Kodak 2008-10-28 20:23:36 ----DC---- C:\WINDOWS\system32\DRVSTORE 2008-10-28 20:23:10 ----D---- C:\WINDOWS\Prefetch 2008-10-28 20:16:40 ----D---- C:\Documents and Settings\Briana\Application Data\Yahoo! 2008-10-28 20:16:40 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-10-28 20:14:57 ----A---- C:\YServer.txt 2008-10-28 19:54:04 ----D---- C:\Program Files\AIMTunes 2008-10-28 09:50:34 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt 2008-10-24 03:01:02 ----RSHD---- C:\WINDOWS\system32\dllcache 2008-10-24 03:00:30 ----HD---- C:\WINDOWS\$hf_mig$ 2008-10-15 20:49:23 ----D---- C:\Program Files\Internet Explorer 2008-10-15 12:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll 2008-10-10 20:48:47 ----D---- C:\Documents and Settings\Briana\Application Data\LimeWire 2008-10-07 15:19:40 ----A---- C:\WINDOWS\system32\MRT.exe 2008-10-03 13:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll 2008-09-21 17:18:36 ----A---- C:\WINDOWS\bbybs.exe 2008-09-21 17:18:36 ----A---- C:\WINDOWS\bbyb.exe 2008-08-27 04:24:32 ----A---- C:\WINDOWS\system32\mshtml.dll 2008-08-26 03:24:31 ----A---- C:\WINDOWS\system32\wininet.dll 2008-08-26 03:24:31 ----A---- C:\WINDOWS\system32\webcheck.dll 2008-08-26 03:24:31 ----A---- C:\WINDOWS\system32\urlmon.dll 2008-08-26 03:24:30 ----A---- C:\WINDOWS\system32\url.dll 2008-08-26 03:24:30 ----A---- C:\WINDOWS\system32\pngfilt.dll 2008-08-26 03:24:30 ----A---- C:\WINDOWS\system32\occache.dll 2008-08-26 03:24:30 ----A---- C:\WINDOWS\system32\mstime.dll 2008-08-26 03:24:30 ----A---- C:\WINDOWS\system32\msrating.dll 2008-08-26 03:24:30 ----A---- C:\WINDOWS\system32\mshtmled.dll 2008-08-26 03:24:30 ----A---- C:\WINDOWS\system32\msfeedsbs.dll 2008-08-26 03:24:30 ----A---- C:\WINDOWS\system32\msfeeds.dll 2008-08-26 03:24:30 ----A---- C:\WINDOWS\system32\jsproxy.dll 2008-08-26 03:24:29 ----A---- C:\WINDOWS\system32\iertutil.dll 2008-08-26 03:24:29 ----A---- C:\WINDOWS\system32\iernonce.dll 2008-08-26 03:24:29 ----A---- C:\WINDOWS\system32\iedkcs32.dll 2008-08-26 03:24:28 ----A---- C:\WINDOWS\system32\ieapfltr.dll 2008-08-26 03:24:28 ----A---- C:\WINDOWS\system32\ieaksie.dll 2008-08-26 03:24:28 ----A---- C:\WINDOWS\system32\ieakeng.dll 2008-08-26 03:24:28 ----A---- C:\WINDOWS\system32\icardie.dll 2008-08-26 03:24:28 ----A---- C:\WINDOWS\system32\extmgr.dll 2008-08-26 03:24:28 ----A---- C:\WINDOWS\system32\dxtrans.dll 2008-08-26 03:24:28 ----A---- C:\WINDOWS\system32\dxtmsft.dll 2008-08-26 03:24:28 ----A---- C:\WINDOWS\system32\advpack.dll 2008-08-25 04:38:00 ----A---- C:\WINDOWS\system32\ieudinit.exe 2008-08-25 04:37:59 ----A---- C:\WINDOWS\system32\ie4uinit.exe 2008-08-23 01:54:51 ----A---- C:\WINDOWS\system32\ieakui.dll 2008-08-14 05:58:27 ----A---- C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 05:22:14 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe 2008-08-12 18:15:24 ----D---- C:\Program Files\Messenger 2008-08-12 16:55:17 ----D---- C:\Program Files\LimeWire 2008-08-03 04:36:10 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-07-30 13:28:35 ----D---- C:\Program Files\Adobe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096] R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217] R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2005-05-13 5627] R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2005-05-13 23545] R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776] R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2005-04-21 40544] R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376] R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-05-31 25725] R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-05-31 34845] R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-05-31 4125] R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-05-31 2241] R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-05-31 86876] R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-05-31 15069] R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-05-31 6365] R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-05-31 98716] R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-05-31 100605] R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [] R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812] R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352] R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2006-08-07 12992] R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [] R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2006-08-07 110784] R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2006-08-07 31936] R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20081028.001\symidsco.sys [] R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2006-08-07 28352] R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-10-28 85969] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 JL2005C;Dual Mode Camera; C:\WINDOWS\System32\Drivers\jl2005c.sys [2007-01-26 68954] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [] S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496] S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-04-10 104576] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368] S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928] S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752] S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088] S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040] R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-05-15 100032] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-04-12 192160] R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2006-06-13 239264] R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-04-12 169632] R2 dlcf_device;dlcf_device; C:\WINDOWS\system32\dlcfcoms.exe [2006-12-08 537480] R2 ISSVC;ISSvc; C:\Program Files\Norton Internet Security\ISSVC.exe [2005-03-15 83584] R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656] R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-08-07 214720] R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776] S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-10-05 83568] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-05-15 2086592] S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360] S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-05-11 1160848] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] -----------------EOF----------------- info log------------------------------- info.txt logfile of random's system information tool 1.04 2008-10-28 22:54:39 ======Uninstall list====== -->"C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe" -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} -->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095} -->MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log AIM 6-->C:\Program Files\AIM6\uninst.exe Aim Plugin for QQ Games-->C:\Program Files\Tencent\QQ Games\Plugin\Uninstall.EXE AIMTunes-->C:\Program Files\AIMTunes\Uninstall.exe AOL Toolbar 5.0-->"C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe" AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1} Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} Barbie Girls-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{16B18999-56D7-4E8F-A40C-385E68A6D0CD} Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} CC_ccProxyExt-->MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919} ccCommon-->MsiExec.exe /I{D8F6834B-D5E7-4451-8681-B051ABD8561D} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" ccPxyCore-->MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917} dBpoweramp Windows Media Audio 10 Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76} Dell Picture Studio v3.0-->MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37} DellConnect-->MsiExec.exe /X{52D56C42-8C69-4882-A661-39695537C9CF} DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D} Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText ebgcInfra-->MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24} ebgcRes-->MsiExec.exe /X{91746221-0B6A-4572-BEE3-A4D587FF98EA} ebgcSDK-->MsiExec.exe /X{13AD768A-9E04-499D-AE80-967A65DCCBA5} Faeries Screen Saver-->sstunst2.exe Faeries Form Fill (Windows Live Toolbar)-->MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF} Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows XP (KB906569)-->"C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe" Hotfix for Windows XP (KB909394)-->"C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe" Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe" Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" IM-me-->MsiExec.exe /I{92F7A7A1-9576-4CD2-8D11-13CDDD5B9491} Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582 Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe Intel(R) PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7} Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395} iTunes-->MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A} J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030} Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe Lexmark Toolbar-->regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll" LimeWire 4.16.6-->"C:\Program Files\LimeWire\uninstall.exe" LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c} Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7} Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Norton AntiSpam-->MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519} Norton AntiSpam-->MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F} Norton Internet Security 2005 (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X Norton Internet Security-->MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125} Norton Internet Security-->MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935} Norton Internet Security-->MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B} Norton Internet Security-->MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F} Norton Internet Security-->MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20} Norton Internet Security-->MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF} Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555} Norton Internet Security-->MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22} Norton WMI Update-->MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0} OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7} OTOY-->RunDll32 C:\WINDOWS\DOWNLO~1\OTOYAX.dll,_RemoveGroove@16 Popup Blocker (Windows Live Toolbar)-->MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8} PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA} QuickBooks Simple Start Special Edition-->msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1 Rhapsody Player Engine-->MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe" Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe" Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe" Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe" Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe" Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe" Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe" Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe" Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe" Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe" Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe" Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe" Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe" Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe" Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe" Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe" Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe" Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe" Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe" Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe" Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe" Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe" Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe" Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D} Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29} Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56} Uniblue RegistryBooster 2-->"C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe" Uninstall Dual Mode Camera-->"C:\Program Files\JL2005C\unins000.exe" Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe" Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe" Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe" Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe" Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Video Journal Version 1.4-->"C:\Program Files\GirlTech\Video Journal\unins000.exe" Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Virtools 3D Life Player-->C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66} Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7} Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0} Windows Live Outlook Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE} Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C} Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D} Windows Live Toolbar Feed Detector (Windows Live Toolbar)-->MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26} Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750} Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750} Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe" Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89} Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe" WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7} WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48} ======Security center information====== FW: Norton Internet Security ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=C:\WINDOWS\system32;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel "PROCESSOR_REVISION"=0401 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\ -----------------EOF----------------- |
|
     |
| Sponsored Links |
|
11-04-2008, 09:19 AM
|
#3 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 4,453
OS: XP
|
Re: pop ups and viruses?
Hello and welcome to TSF
Apologises for the delay getting to your log. The helpers here are all volunteers and we have been very busy lately. If you are still having malware problems, follow instructions below. Please run RSIT again and post the log.txt in your reply. If there is no response to this post within 72hrs, this thread will be closed.
__________________
Member of ASAP since 2007 Member of UNITE since 2008 **Notice to BT customers** BT-Phorm spyware to go live before the end of 2009- for more information please visit No DPI website for more information.  Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit. If we have helped you in anyway,please consider Donating |
|
|
|
|
11-04-2008, 03:39 PM
|
#4 (permalink) |
|
Registered User
Join Date: Oct 2008
Posts: 8
OS: service pack 2 windows xp
|
Re: pop ups and viruses?
Logfile of random's system information tool 1.04 (written by random/random)
Run by Briana at 2008-11-04 18:26:46 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 103 GB (69%) free of 149 GB Total RAM: 502 MB (19% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:34:47 PM, on 11/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\dlcfcoms.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Briana\Desktop\RSIT.exe C:\WINDOWS\explorer.exe C:\Program Files\trend micro\Briana.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file) O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk O4 - Global Startup: QuickBooks Update Agent.lnk O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Armani\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O13 - DefaultPrefix: O13 - WWW Prefix: O13 - Home Prefix: O13 - Mosaic Prefix: O13 - FTP Prefix: O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Sally's%20Salon/Images/stg_drm.ocx O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.0.cab O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/...nlineGames.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46.../bejeweled.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/tr...2.1.0.0.48.cab O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v41...l/freecell.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/down.../OTOYAX29b.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41...an/hangman.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/fr...amesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Sally's%20Salon/Images/armhelper.ocx O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47...familyfeud.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/pla.../installer.exe O16 - DPF: {EF6E7E56-9229-4C73-AAD0-15316405DB95} (Easy Photo Uploader) - http://preview.bh662.photosite.com/~...adBox_live.cab O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 13250 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}] Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-03-13 62728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 118844] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 434279] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {DE9C389F-3316-41A7-809B-AA305ED9D922} {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe [2006-10-12 49263] "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2006-09-11 218032] "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960] "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688] "IPHSend"=C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [2006-02-17 124520] "dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2005-05-31 122941] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-03-13 197896] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-21 50472] "DellTransferAgent"=C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe [2007-11-13 135168] "ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-11 218032] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] C:\PROGRA~1\WinZip\WZQKPICK.EXE [2007-08-03 394856] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2008-03-13 206088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=189 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "hx-1"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader" "C:\Program Files\Common Files\AOL\1144043344\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1144043344\ee\AOLServiceHost.exe:*:Enabled:AOL Services" "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0" "C:\Program Files\Common Files\AOL\1144043344\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1144043344\ee\aolsoftware.exe:*:Enabled:AOL Services" "C:\Program Files\Common Files\AOL\1144043344\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1144043344\ee\aim6.exe:*:Enabled:AIM" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\WINDOWS\system32\dlcfcoms.exe"="C:\WINDOWS\system32\dlcfcoms.exe:*:Enabled:Dell 725 Server" "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare" "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader" "C:\Program Files\Common Files\AOL\1144043344\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1144043344\ee\AOLServiceHost.exe:*:Enabled:AOL Services" "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0df81ff4-fe9b-11db-ae1c-00132045f6c7}] shell\Auto\command - F:\sxs.exe shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a129d85-08ce-11dd-b042-00132045f6c7}] shell\Auto\command - F:\sxs.exe shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1c3e856-b3d0-11dc-af9f-00132045f6c7}] shell\Auto\command - F:\sxs.exe shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9044982-24f1-11db-ac14-00132045f6c7}] shell\Auto\command - G:\sxs.exe shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e66ed9fc-fc9f-11da-abc3-00132045f6c7}] shell\Auto\command - F:\sxs.exe shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe ======List of files/folders created in the last 3 months====== 2008-10-30 15:05:31 ----D---- C:\Program Files\QuickTime 2008-10-29 15:23:02 ----D---- C:\Program Files\WinZip 2008-10-29 14:58:45 ----D---- C:\Program Files\WinRAR 2008-10-29 14:30:07 ----D---- C:\Program Files\Trillian 2008-10-29 00:00:48 ----D---- C:\Program Files\Kaspersky Lab 2008-10-29 00:00:48 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-10-28 22:09:31 ----D---- C:\Program Files\Notepad++ 2008-10-28 22:09:31 ----D---- C:\Documents and Settings\Briana\Application Data\Notepad++ 2008-10-28 21:54:30 ----D---- C:\Program Files\trend micro 2008-10-28 21:54:29 ----D---- C:\rsit 2008-10-28 21:53:01 ----A---- C:\WINDOWS\GMER.txt 2008-10-28 21:29:08 ----A---- C:\WINDOWS\gmer.ini 2008-10-28 21:29:01 ----A---- C:\WINDOWS\gmer_uninstall.cmd 2008-10-28 21:29:01 ----A---- C:\WINDOWS\gmer.dll 2008-10-28 21:29:00 ----A---- C:\WINDOWS\gmer.exe 2008-10-28 20:49:00 ----D---- C:\WINDOWS\pss 2008-10-28 20:25:35 ----D---- C:\Program Files\CCleaner 2008-10-28 19:45:44 ----D---- C:\Documents and Settings\Briana\Application Data\MSNInstaller 2008-10-28 19:28:27 ----D---- C:\Program Files\Mozilla Firefox 2008-10-24 02:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2008-10-15 19:49:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2008-10-15 19:49:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$ 2008-10-15 19:49:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2008-10-15 19:49:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2008-10-15 19:48:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2008-09-09 19:23:38 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2008-08-22 18:38:57 ----D---- C:\WINDOWS\system32\CatRoot_bak 2008-08-12 17:15:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2008-08-12 17:15:23 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2008-08-12 17:15:18 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$ 2008-08-12 17:15:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2008-08-12 17:13:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$ 2008-08-12 17:13:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2008-08-12 17:13:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ ======List of files/folders modified in the last 3 months====== 2008-11-04 18:34:31 ----D---- C:\WINDOWS\Temp 2008-11-04 18:27:12 ----D---- C:\WINDOWS\Prefetch 2008-11-04 17:44:39 ----D---- C:\WINDOWS 2008-11-03 21:00:50 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-03 15:42:44 ----D---- C:\WINDOWS\system32 2008-11-03 15:42:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-10-30 15  40 ----SHD---- C:\WINDOWS\Installer2008-10-30 15:05:36 ----D---- C:\Program Files\Common Files\Apple 2008-10-30 15:05:31 ----RD---- C:\Program Files 2008-10-30 15:04:52 ----SD---- C:\WINDOWS\Tasks 2008-10-30 15:04:48 ----D---- C:\Program Files\Apple Software Update 2008-10-29 18:36:40 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip 2008-10-29 18:29:29 ----D---- C:\WINDOWS\system32\CatRoot2 2008-10-29 18:28:46 ----D---- C:\Program Files\Jasc Software Inc 2008-10-29 15:40:19 ----D---- C:\Program Files\Windows Media Player 2008-10-29 15:40:18 ----D---- C:\Program Files\Windows Live Toolbar 2008-10-29 15:40:14 ----D---- C:\Program Files\Nick Arcade 2008-10-29 15:36:38 ----D---- C:\WINDOWS\.jagex_cache_32 2008-10-29 14:52:17 ----D---- C:\Program Files\AIM6 2008-10-29 14:51:37 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-10-29 14:12:15 ----D---- C:\WINDOWS\system32\drivers 2008-10-29 00:02:43 ----D---- C:\WINDOWS\system32\CatRoot 2008-10-29 00:01:15 ----HD---- C:\WINDOWS\inf 2008-10-28 23:58:27 ----D---- C:\Program Files\Yahoo! 2008-10-28 23:58:27 ----D---- C:\Program Files\Common Files\Symantec Shared 2008-10-28 23:58:27 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec 2008-10-28 23:42:41 ----D---- C:\Program Files\Symantec 2008-10-28 23:42:14 ----D---- C:\Program Files\Common Files 2008-10-28 20:49:58 ----D---- C:\Program Files\Common Files\Real 2008-10-28 20:49:57 ----D---- C:\Documents and Settings\Briana\Application Data\Real 2008-10-28 20:34:30 ----D---- C:\WINDOWS\Debug 2008-10-28 20:34:28 ----D---- C:\WINDOWS\Minidump 2008-10-28 20:17:56 ----D---- C:\Documents and Settings\All Users\Application Data\AOL 2008-10-28 20:15:10 ----D---- C:\Program Files\MSN 2008-10-28 19:41:44 ----D---- C:\Program Files\MySpace 2008-10-28 19:41:11 ----SD---- C:\Documents and Settings\Briana\Application Data\Microsoft 2008-10-28 19:41:04 ----D---- C:\Program Files\Microsoft ActiveSync 2008-10-28 19:41:03 ----D---- C:\WINDOWS\Help 2008-10-28 19:37:29 ----D---- C:\WINDOWS\WinSxS 2008-10-28 19:37:19 ----D---- C:\Program Files\Common Files\Sonic Shared 2008-10-28 19:37:16 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio 2008-10-28 19:37:15 ----D---- C:\Program Files\Common Files\Roxio Shared 2008-10-28 19:36:55 ----RSD---- C:\WINDOWS\Fonts 2008-10-28 19:24:06 ----D---- C:\Documents and Settings\All Users\Application Data\Kodak 2008-10-28 19:23:38 ----D---- C:\Program Files\Kodak 2008-10-28 19:23:36 ----DC---- C:\WINDOWS\system32\DRVSTORE 2008-10-28 19:16:40 ----D---- C:\Documents and Settings\Briana\Application Data\Yahoo! 2008-10-28 19:16:40 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-10-28 19:14:57 ----A---- C:\YServer.txt 2008-10-28 08:50:34 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt 2008-10-24 02:01:02 ----RSHD---- C:\WINDOWS\system32\dllcache 2008-10-24 02:00:30 ----HD---- C:\WINDOWS\$hf_mig$ 2008-10-15 19:49:23 ----D---- C:\Program Files\Internet Explorer 2008-10-15 11:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll 2008-10-10 19:48:47 ----D---- C:\Documents and Settings\Briana\Application Data\LimeWire 2008-10-07 14:19:40 ----A---- C:\WINDOWS\system32\MRT.exe 2008-10-03 12:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll 2008-09-21 16:18:36 ----A---- C:\WINDOWS\bbybs.exe 2008-09-21 16:18:36 ----A---- C:\WINDOWS\bbyb.exe 2008-08-27 03:24:32 ----A---- C:\WINDOWS\system32\mshtml.dll 2008-08-26 02:24:31 ----A---- C:\WINDOWS\system32\wininet.dll 2008-08-26 02:24:31 ----A---- C:\WINDOWS\system32\webcheck.dll 2008-08-26 02:24:31 ----A---- C:\WINDOWS\system32\urlmon.dll 2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\url.dll 2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\pngfilt.dll 2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\occache.dll 2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\mstime.dll 2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\msrating.dll 2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\mshtmled.dll 2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\msfeedsbs.dll 2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\msfeeds.dll 2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\jsproxy.dll 2008-08-26 02:24:29 ----A---- C:\WINDOWS\system32\iertutil.dll 2008-08-26 02:24:29 ----A---- C:\WINDOWS\system32\iernonce.dll 2008-08-26 02:24:29 ----A---- C:\WINDOWS\system32\iedkcs32.dll 2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\ieapfltr.dll 2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\ieaksie.dll 2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\ieakeng.dll 2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\icardie.dll 2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\extmgr.dll 2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\dxtrans.dll 2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\dxtmsft.dll 2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\advpack.dll 2008-08-25 03:38:00 ----A---- C:\WINDOWS\system32\ieudinit.exe 2008-08-25 03:37:59 ----A---- C:\WINDOWS\system32\ie4uinit.exe 2008-08-23 00:54:51 ----A---- C:\WINDOWS\system32\ieakui.dll 2008-08-14 04:58:27 ----A---- C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 04:22:14 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe 2008-08-12 17:15:24 ----D---- C:\Program Files\Messenger 2008-08-12 15:55:17 ----D---- C:\Program Files\LimeWire ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096] R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-10-29 175632] R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217] R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2005-05-13 5627] R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2005-05-13 23545] R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2005-04-21 40544] R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376] R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-05-31 25725] R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-05-31 34845] R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-05-31 4125] R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-05-31 2241] R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-05-31 86876] R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-05-31 15069] R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-05-31 6365] R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-05-31 98716] R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-05-31 100605] R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [] R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812] R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-02-05 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 24592] R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-10-28 85969] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 JL2005C;Dual Mode Camera; C:\WINDOWS\System32\Drivers\jl2005c.sys [2007-01-26 68954] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [] S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496] S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-04-10 104576] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368] S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928] S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752] S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088] S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040] R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-05-15 100032] R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-03-13 197896] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] R2 dlcf_device;dlcf_device; C:\WINDOWS\system32\dlcfcoms.exe [2006-12-07 537480] R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656] R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776] S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-05-15 2086592] S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] -----------------EOF----------------- |
|
|
|
|
11-05-2008, 02:34 AM
|
#5 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 4,453
OS: XP
|
Re: pop ups and viruses?
Hello again
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. ======== Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present. Please DO NOT Attach logs to your posts unless you are advised to do so. ========== Have you recently uninstalled Norton and installed Kaspersky, if so, please download and run the Norton Removal Tool ========== Your logs suggest the possibility that your computer was attacked by a backdoor trojan. This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? =========== P2P P2P - I see you have P2P software LimeWire 4.16.6 installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections. References for the risk of these programs are Here, Here and Here. =========== Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs: Viewpoint Media Player<---Viewpoint is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546 Additional Information Here and Here ============ Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Place combofix.exe on your Desktop [*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix. [*]Double click on combofix.exe & follow the prompts. [*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.  The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement. ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says: The Recovery Console was successfully installed.  Click on Yes, to continue scanning for malware. [*]Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. [*] When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. ========== Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. ========== Logs Required C:\Combofix.txt Hijackthis Log
__________________
Member of ASAP since 2007 Member of UNITE since 2008 **Notice to BT customers** BT-Phorm spyware to go live before the end of 2009- for more information please visit No DPI website for more information. Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit. If we have helped you in anyway,please consider Donating |
|
|
|
|
11-05-2008, 02:21 PM
|
#6 (permalink) | |
|
Registered User
Join Date: Oct 2008
Posts: 8
OS: service pack 2 windows xp
|
Re: pop ups and viruses?
doing all of that now but..
Quote:
as i have saved credit card information. btw thank you so much for your helping me. Last edited by omen991; 11-05-2008 at 02:23 PM. |
|
|
|
|
|
11-05-2008, 02:51 PM
|
#7 (permalink) | |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 4,453
OS: XP
|
Re: pop ups and viruses?
Quote:
__________________
Member of ASAP since 2007 Member of UNITE since 2008 **Notice to BT customers** BT-Phorm spyware to go live before the end of 2009- for more information please visit No DPI website for more information. Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit. If we have helped you in anyway,please consider Donating |
|
|
|
|
|
11-05-2008, 03:54 PM
|
#8 (permalink) |
|
Registered User
Join Date: Oct 2008
Posts: 8
OS: service pack 2 windows xp
|
Re: pop ups and viruses?
ComboFix 08-11-04.02 - Briana 2008-11-05 18:39:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.212 [GMT -5:00] Running from: c:\documents and settings\Briana\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Armani\Application Data\FunWebProducts c:\documents and settings\Armani\Application Data\FunWebProducts\Data\Armani\avatar.dat c:\documents and settings\Armani\Application Data\FunWebProducts\Data\Armani\register.dat c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48 c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\dirty_dishes.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\foodtray.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart1.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart2.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\heart3.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\menu_down.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\menu_up.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\mop_prop.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\accessories\ticket.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a1.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a2.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a3.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a4.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\music\mainmenumusic.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\baby_cry.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\chef_cook1.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\closing_time.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\customer_ditch.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\dialog_down.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\dialog_up.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\drink_table.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\expert.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\highchair_deliver.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\highchair_pickup.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\keystroke2.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\level_lose.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\level_win.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\menu_click.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\menu_rollover.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\mop_pickup.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\mop_spill.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_bring_check_1_snd.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_deliver_food_1_snd.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_dropoff_drinks_1.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_food_ready_1_snd.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_gain_heart_1.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_get_drinks_1_snd.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_menu_down.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_party_arrive_1_snd.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_pencil_write_2.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_pickup_food_1_snd.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_seat_people_snd.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\spill.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\table_drink.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\audio\sfx\tip_2.ogg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\flo_lose.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\flo_win.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\fullscreendialog.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\high_score_menu_bg.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelintro.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelintro.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\levelover.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\longdialog.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\longdialog.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\mainmenu.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\mainmenu_logo.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\popup.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\popup.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\textfield.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\backgrounds\upgrade_lines.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowdown_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\arrowup_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_rotated_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\checkbox_rotated_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_highlight.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_normal.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\decor_selected.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_1.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_2.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_3.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_1.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_2.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_3.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a1.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a2.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a3.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\left_arrow_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_mask.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_mask.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\map_button_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\right_arrow_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_down.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_over.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\upgrade_up.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\buttons\welcome_player.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\actionpoints.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\career.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\customer.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\endless.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\global.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\config\powerups.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cook\stove.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\arrow.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\click.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\click2.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\grab.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\cursor\open.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\anim.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\anim.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\blue.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\blue_legs.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\legs.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\red.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\dad_male\red_legs.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\anim.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\anim.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\blue.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\blue_legs.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\legs.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\red.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\kid_male\red_legs.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\anim.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\anim.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\baby.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\baby.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue_baby.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\blue_legs.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\legs.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red_baby.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\mom_female\red_legs.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\anim.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\anim.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\blue.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\blue_legs.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\legs.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\red.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\customers\young_female\red_legs.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\idle.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\idle.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\lower.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\lower.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\upper.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\flo\upper.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\fonts\mercurius.mvec c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\bench.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\bench.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\blue_highchairbaby.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\chair.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\chair.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dirt2top.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dirt4top.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dishcart.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\dishcart.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\green_highchairbaby.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchair_prop_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchair_prop_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchairbaby.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\highchairbaby.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\luxury_bench.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\luxury_bench.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\mop_station_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium_heart.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\podium_heart.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\purple_highchairbaby.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\radio.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\red_highchairbaby.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\spill.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\spill.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\stereo.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\ticketstation.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\ticketstation.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\furniture\yellow_highchairbaby.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\family.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help_dividerline.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_colormatch1.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_colormatch2.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_noise.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help1_score.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_cleardishes.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_givecheck.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_pickupfood.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_servefood.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\help\help2_takeorder.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\hiscore\local-hs-bb.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\hiscore\p1icon.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_1.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_2.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_3.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_4.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_5.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\career_1_6.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_a.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_b.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_c.bin c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\playfirstlogo.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\background.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\blue.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\green.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\green.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\grey.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\red.pal c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\cup1.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\food.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\food.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\frames\2_0.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\frames\2_1.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\people\cook.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\people\cook.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\props\cup_prop1.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\2top.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\2top.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\4top.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\4top.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrades.xml c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\restaurants\tableshadow.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\careerupgrade.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\choosedifficulty.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\closeconfirm.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\entername.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\game.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\getmoregames.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\help1.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\help2.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscore.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscoreinfo.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\hiscoresubmit.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\levelintro.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\levelover.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\loading.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\mainloop.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\mainmenu.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\ok.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\pause.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\style.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\upgrade.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\upsell.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\scripts\yesno.lua c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\splash\aol_logo.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\splash\playfirst_logo.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\strings.xml c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\angersmoke.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\angersmoke.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_bubble.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_mop.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\bubbles\request_rejectmeal.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\chairflags.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\chairflags.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\check.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\checkmark.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\closed.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\coinflip.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\coinflip.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\decor_lines.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\dollar.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\expert.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\foodpoof.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\foodpoof.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\heartgrow.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\heartgrow.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\jar.anm c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\jar.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\lives_icon.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\noisering.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_d.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_e.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_f.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tablenumber_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tablenumber_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\traynumber.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tutorialarrow.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\tutorialbox.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_base.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_hand.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_timer_off.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\ui_timer_on.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgradeanim.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_a.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_b.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_c.png c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd1.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd2.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd3.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\assets\upsell\dd4.jpg c:\windows\Downloaded Program Files\DinerDash2.1.0.0.48\dinerdash2.exe c:\windows\system32\bszip.dll . ((((((((((((((((((((((((( Files Created from 2008-10-05 to 2008-11-05 ))))))))))))))))))))))))))))))) . 2008-11-05 17:26 . 2008-11-05 17:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller 2008-10-31 18:43 . 2008-10-31 18:43 <DIR> d-------- c:\documents and settings\Claudette McFarlane\Application Data\QQ Games Plugin 2008-10-30 15:05 . 2008-10-30 15:06 <DIR> d-------- c:\program files\QuickTime 2008-10-29 15:36 . 2008-10-29 15:37 30 --a------ c:\documents and settings\Briana\jagex_runescape_preferences.dat 2008-10-29 14:30 . 2008-10-29 14:43 <DIR> d-------- c:\program files\Trillian 2008-10-29 00:01 . 2008-10-29 14:12 96,976 --a------ c:\windows\system32\drivers\klin.dat 2008-10-29 00:01 . 2008-10-29 14:12 87,855 --a------ c:\windows\system32\drivers\klick.dat 2008-10-29 00:00 . 2008-10-29 00:00 <DIR> d-------- c:\program files\Kaspersky Lab 2008-10-29 00:00 . 2008-11-05 18:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2008-10-28 23:50 . 2008-11-05 18:44 38,863,136 --ahs---- c:\windows\system32\drivers\fidbox.dat 2008-10-28 23:50 . 2008-11-05 18:46 750,624 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2008-10-28 23:50 . 2008-11-05 18:44 608,316 --ahs---- c:\windows\system32\drivers\fidbox.idx 2008-10-28 23:50 . 2008-11-05 18:44 82,588 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2008-10-28 22:09 . 2008-10-28 22:09 <DIR> d-------- c:\program files\Notepad++ 2008-10-28 22:09 . 2008-10-28 22:10 <DIR> d-------- c:\documents and settings\Briana\Application Data\Notepad++ 2008-10-28 21:54 . 2008-10-28 21:54 <DIR> d-------- C:\rsit 2008-10-28 21:54 . 2008-11-04 18:34 <DIR> d-------- c:\program files\trend micro 2008-10-28 21:29 . 2008-10-28 21:29 250 --a------ c:\windows\gmer.ini 2008-10-28 20:25 . 2008-10-28 20:25 <DIR> d-------- c:\program files\CCleaner 2008-10-28 19:45 . 2008-10-28 19:45 <DIR> d-------- c:\documents and settings\Briana\Application Data\MSNInstaller . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-05 23:24 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2008-11-05 23:05 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-10-30 20:05 --------- d-----w c:\program files\Common Files\Apple 2008-10-30 20:04 --------- d-----w c:\program files\Apple Software Update 2008-10-29 23:36 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip 2008-10-29 23:28 --------- d-----w c:\program files\Jasc Software Inc 2008-10-29 20:40 --------- d-----w c:\program files\Windows Live Toolbar 2008-10-29 20:40 --------- d-----w c:\program files\Nick Arcade 2008-10-29 19:52 --------- d-----w c:\program files\AIM6 2008-10-29 04:58 --------- d-----w c:\program files\Yahoo! 2008-10-29 01:49 --------- d-----w c:\program files\Common Files\Real 2008-10-29 01:17 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2008-10-29 00:41 --------- d-----w c:\program files\MySpace 2008-10-29 00:41 --------- d-----w c:\program files\Microsoft ActiveSync 2008-10-29 00:37 --------- d-----w c:\program files\Common Files\Sonic Shared 2008-10-29 00:37 --------- d-----w c:\program files\Common Files\Roxio Shared 2008-10-29 00:37 --------- d-----w c:\documents and settings\All Users\Application Data\Roxio 2008-10-29 00:24 --------- d-----w c:\documents and settings\All Users\Application Data\Kodak 2008-10-29 00:23 --------- d-----w c:\program files\Kodak 2008-10-29 00:16 --------- d-----w c:\documents and settings\Briana\Application Data\Yahoo! 2008-10-29 00:16 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! 2008-10-18 15:06 --------- d-----w c:\documents and settings\Claudette McFarlane\Application Data\LimeWire 2008-10-11 00:48 --------- d-----w c:\documents and settings\Briana\Application Data\LimeWire 2008-10-08 12:45 --------- d-----w c:\documents and settings\Claudette McFarlane\Application Data\Corel 2008-09-21 21:18 43,201 ----a-w c:\windows\bbybs.exe 2008-09-21 21:18 43,201 ----a-w c:\windows\bbyb.exe 2008-07-04 13:45 256 ----a-w c:\documents and settings\Briana\pool.bin 2008-03-17 19:44 0 ----a-w c:\program files\temp01 2007-08-13 19:55 774,144 ----a-w c:\program files\RngInterstitial.dll 2007-07-18 15:11 88 --sh--r c:\windows\system32\AF8AB2D516.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472] "DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 49263] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-11 218032] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688] "IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-03-13 197896] c:\documents and settings\Armani\Start Menu\Programs\Startup\ IM-me.lnk - c:\documents and settings\Armani\Application Data\Microsoft\Installer\{92F7A7A1-9576-4CD2-8D11-13CDDD5B9491}\_D449D0FE307099DAF00FC9.exe [2008-01-14 2238] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-04-15 24576] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.JDCT"= jl_jdct.drv [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1144043344\\ee\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\1144043344\\ee\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\1144043344\\ee\\aim6.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dlcfcoms.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-02-05 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-12-13 24592] S3 JL2005C;Dual Mode Camera;c:\windows\system32\Drivers\jl2005c.sys [2007-01-26 68954] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0df81ff4-fe9b-11db-ae1c-00132045f6c7}] \Shell\Auto\command - F:\sxs.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a129d85-08ce-11dd-b042-00132045f6c7}] \Shell\Auto\command - F:\sxs.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1c3e856-b3d0-11dc-af9f-00132045f6c7}] \Shell\Auto\command - F:\sxs.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9044982-24f1-11db-ac14-00132045f6c7}] \Shell\Auto\command - G:\sxs.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e66ed9fc-fc9f-11da-abc3-00132045f6c7}] \Shell\Auto\command - F:\sxs.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe . Contents of the 'Scheduled Tasks' folder 2008-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-11-05 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . - - - - ORPHANS REMOVED - - - - HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Briana\Application Data\Mozilla\Firefox\Profiles\x06b4wuz.default\ FF -: plugin - c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\Java\jre1.5.0_09\bin\NPJava11.dll FF -: plugin - c:\program files\Java\jre1.5.0_09\bin\NPJava12.dll FF -: plugin - c:\program files\Java\jre1.5.0_09\bin\NPJava13.dll FF -: plugin - c:\program files\Java\jre1.5.0_09\bin\NPJava14.dll FF -: plugin - c:\program files\Java\jre1.5.0_09\bin\NPJava32.dll FF -: plugin - c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll FF -: plugin - c:\program files\Java\jre1.5.0_09\bin\NPOJI610.dll FF -: plugin - c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-05 18:45:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\dlcfcoms.exe c:\windows\system32\PSIService.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\program files\AIM6\aolsoftware.exe . ************************************************************************** . Completion time: 2008-11-05 18:50:35 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-05 23:50:28 Pre-Run: 108,066,422,784 bytes free Post-Run: 110,559,010,816 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 534 --- E O F --- 2008-10-29 02:28:28 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:54:16 PM, on 11/5/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\dlcfcoms.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM6\aim6.exe C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.myspace.com/index.cfm?fu...4BC06E61410162 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file) O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Armani\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Sally's%20Salon/Images/stg_drm.ocx O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/...nlineGames.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46.../bejeweled.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/tr...2.1.0.0.48.cab O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v41...l/freecell.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/down.../OTOYAX29b.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41...an/hangman.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/fr...amesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Sally's%20Salon/Images/armhelper.ocx O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47...familyfeud.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/pla.../installer.exe O16 - DPF: {EF6E7E56-9229-4C73-AAD0-15316405DB95} (Easy Photo Uploader) - http://preview.bh662.photosite.com/~...adBox_live.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) -- End of file - 12431 bytes |
|
|
|
|
11-06-2008, 03:22 AM
|
#9 (permalink) | |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 4,453
OS: XP
|
Re: pop ups and viruses?
Hello again
Download ATF-Cleaner by Atribune to your desktop. Do not run just yet, we will shortly ======== Open notepad and copy/paste the text in the quotebox below into it: Quote:
 Refering to the picture above, drag CFscript into ComboFix.exe Follow the prompts, and post the resulting log, C:\ComboFix.txt Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system. Warning: Do not mouseclick combofix's window whilst it's running. That may cause it to stall When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis. Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file(s). ======== JAVA OUTDATED Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
======== Double-click ATF Cleaner.exe to open it Under Main choose: Windows Temp Current User Temp All Users Temp Cookies Temporary Internet Files Prefetch Java Cache *The other boxes are optional* Then click the Empty Selected button. If you have Firefox installed: Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click NO at the prompt. If you have Opera installed: Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click NO at the prompt. Click Exit on the Main menu to close the program. ========== Go here and do the BitDefender online virus scan. * Click "I Agree" to agree to the EULA. * Allow the ActiveX control to install when prompted. * Leave the scanning options at default and press "Click here to scan" to begin the scan. * Please refrain from using the computer until the scan is finished. * When the scan is finished, click on "Click here to export the scan results" * Save the report to your desktop then come back here and post it in your next reply along with all the required logs. ========= Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. ========= Logs Required C:\Combofix.txt BitDefender Scan Report Hijackthis Log How is your system running now.
__________________
Member of ASAP since 2007 Member of UNITE since 2008 **Notice to BT customers** BT-Phorm spyware to go live before the end of 2009- for more information please visit No DPI website for more information. Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit. If we have helped you in anyway,please consider Donating |
|
|
|
|
|
11-06-2008, 03:46 PM
|
#10 (permalink) |
|
Registered User
Join Date: Oct 2008
Posts: 8
OS: service pack 2 windows xp
|
Re: pop ups and viruses?
when i try to do the scan a window pops up saying
"This website is not authorized to host this Active X Control Please contact the webmaster of this site.." Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:35:14 PM, on 11/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\dlcfcoms.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM6\aim6.exe C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\trend micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.myspace.com/index.cfm?fu...4BC06E61410162 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Armani\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Sally's%20Salon/Images/stg_drm.ocx O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/...nlineGames.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46.../bejeweled.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/tr...2.1.0.0.48.cab O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v41...l/freecell.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/down.../OTOYAX29b.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41...an/hangman.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/fr...amesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Sally's%20Salon/Images/armhelper.ocx O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47...familyfeud.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/pla.../installer.exe O16 - DPF: {EF6E7E56-9229-4C73-AAD0-15316405DB95} (Easy Photo Uploader) - http://preview.bh662.photosite.com/~...adBox_live.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) -- End of file - 12838 bytes ComboFix 08-11-05.02 - Briana 2008-11-06 17:36:49.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.111 [GMT -5:00] Running from: c:\documents and settings\Briana\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Briana\Desktop\CFscript.txt * Created a new restore point FILE :: c:\documents and settings\Briana\pool.bin c:\program files\temp01 G:\sxs.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Viewpoint c:\documents and settings\Briana\pool.bin c:\program files\Common Files\Symantec Shared c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll c:\program files\Common Files\Symantec Shared\TBM72.tmp c:\program files\temp01 c:\windows\bbyb.exe c:\windows\bbybs.exe . ((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 ))))))))))))))))))))))))))))))) . 2008-11-05 17:26 . 2008-11-05 17:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller 2008-10-31 18:43 . 2008-10-31 18:43 <DIR> d-------- c:\documents and settings\Claudette McFarlane\Application Data\QQ Games Plugin 2008-10-30 15:05 . 2008-10-30 15:06 <DIR> d-------- c:\program files\QuickTime 2008-10-29 15:36 . 2008-10-29 15:37 30 --a------ c:\documents and settings\Briana\jagex_runescape_preferences.dat 2008-10-29 14:30 . 2008-10-29 14:43 <DIR> d-------- c:\program files\Trillian 2008-10-29 00:01 . 2008-10-29 14:12 96,976 --a------ c:\windows\system32\drivers\klin.dat 2008-10-29 00:01 . 2008-10-29 14:12 87,855 --a------ c:\windows\system32\drivers\klick.dat 2008-10-29 00:00 . 2008-10-29 00:00 <DIR> d-------- c:\program files\Kaspersky Lab 2008-10-29 00:00 . 2008-11-06 17:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2008-10-28 23:50 . 2008-11-05 21:56 38,863,136 --ahs---- c:\windows\system32\drivers\fidbox.dat 2008-10-28 23:50 . 2008-11-06 17:40 841,760 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2008-10-28 23:50 . 2008-11-05 21:56 608,316 --ahs---- c:\windows\system32\drivers\fidbox.idx 2008-10-28 23:50 . 2008-11-05 21:56 90,400 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2008-10-28 22:09 . 2008-10-28 22:09 <DIR> d-------- c:\program files\Notepad++ 2008-10-28 22:09 . 2008-10-28 22:10 <DIR> d-------- c:\documents and settings\Briana\Application Data\Notepad++ 2008-10-28 21:54 . 2008-10-28 21:54 <DIR> d-------- C:\rsit 2008-10-28 21:54 . 2008-11-05 18:54 <DIR> d-------- c:\program files\trend micro 2008-10-28 21:29 . 2008-10-28 21:29 250 --a------ c:\windows\gmer.ini 2008-10-28 20:25 . 2008-10-28 20:25 <DIR> d-------- c:\program files\CCleaner 2008-10-28 19:45 . 2008-10-28 19:45 <DIR> d-------- c:\documents and settings\Briana\Application Data\MSNInstaller . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-30 20:05 --------- d-----w c:\program files\Common Files\Apple 2008-10-30 20:04 --------- d-----w c:\program files\Apple Software Update 2008-10-29 23:36 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip 2008-10-29 23:30 6,686 --sha-w c:\windows\system32\KGyGaAvL.sys 2008-10-29 23:28 --------- d-----w c:\program files\Jasc Software Inc 2008-10-29 20:40 --------- d-----w c:\program files\Windows Live Toolbar 2008-10-29 20:40 --------- d-----w c:\program files\Nick Arcade 2008-10-29 19:52 --------- d-----w c:\program files\AIM6 2008-10-29 04:58 --------- d-----w c:\program files\Yahoo! 2008-10-29 01:49 --------- d-----w c:\program files\Common Files\Real 2008-10-29 01:17 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2008-10-29 00:41 --------- d-----w c:\program files\MySpace 2008-10-29 00:41 --------- d-----w c:\program files\Microsoft ActiveSync 2008-10-29 00:37 --------- d-----w c:\program files\Common Files\Sonic Shared 2008-10-29 00:37 --------- d-----w c:\program files\Common Files\Roxio Shared 2008-10-29 00:37 --------- d-----w c:\documents and settings\All Users\Application Data\Roxio 2008-10-29 00:24 --------- d-----w c:\documents and settings\All Users\Application Data\Kodak 2008-10-29 00:23 --------- d-----w c:\program files\Kodak 2008-10-29 00:16 --------- d-----w c:\documents and settings\Briana\Application Data\Yahoo! 2008-10-29 00:16 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! 2008-10-18 15:06 --------- d-----w c:\documents and settings\Claudette McFarlane\Application Data\LimeWire 2008-10-15 16:57 332,800 ------w c:\windows\system32\dllcache\netapi32.dll 2008-10-11 00:48 --------- d-----w c:\documents and settings\Briana\Application Data\LimeWire 2008-10-08 12:45 --------- d-----w c:\documents and settings\Claudette McFarlane\Application Data\Corel 2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll 2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys 2008-09-15 11:57 1,846,016 ------w c:\windows\system32\dllcache\win32k.sys 2008-08-28 10:04 333,056 ------w c:\windows\system32\dllcache\srv.sys 2008-08-27 08:24 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll 2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-08-25 08:37 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe 2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-08-14 10:00 2,180,352 ------w c:\windows\system32\dllcache\ntoskrnl.exe 2008-08-14 09:58 2,136,064 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 09:58 2,136,064 ------w c:\windows\system32\dllcache\ntkrnlmp.exe 2008-08-14 09:51 138,368 ------w c:\windows\system32\dllcache\afd.sys 2008-08-14 09:22 2,057,728 ------w c:\windows\system32\dllcache\ntkrnlpa.exe 2008-08-14 09:22 2,015,744 ----a-w c:\windows\system32\ntkrnlpa.exe 2008-08-14 09:22 2,015,744 ------w c:\windows\system32\dllcache\ntkrpamp.exe 2007-08-13 19:55 774,144 ----a-w c:\program files\RngInterstitial.dll 2007-07-18 15:11 88 --sh--r c:\windows\system32\AF8AB2D516.sys . ((((((((((((((((((((((((((((( snapshot@2008-11-05_18.49.55.75 ))))))))))))))))))))))))))))))))))))))))) . - 2008-11-03 20:31:30 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-11-06 22:09:07 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-11-03 20:31:30 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-11-06 22:09:07 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-11-03 20:31:30 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-11-06 22:09:07 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472] "DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 49263] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-11 218032] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688] "IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] c:\documents and settings\Armani\Start Menu\Programs\Startup\ IM-me.lnk - c:\documents and settings\Armani\Application Data\Microsoft\Installer\{92F7A7A1-9576-4CD2-8D11-13CDDD5B9491}\_D449D0FE307099DAF00FC9.exe [2008-01-14 2238] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-04-15 24576] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.JDCT"= jl_jdct.drv [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1144043344\\ee\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\1144043344\\ee\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\1144043344\\ee\\aim6.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dlcfcoms.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-02-05 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-12-13 24592] S3 JL2005C;Dual Mode Camera;c:\windows\system32\Drivers\jl2005c.sys [2007-01-26 68954] . Contents of the 'Scheduled Tasks' folder 2008-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-11-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-06 17:39:48 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-11-06 17:42:42 ComboFix-quarantined-files.txt 2008-11-06 22:42:38 ComboFix2.txt 2008-11-05 23:50:36 Pre-Run: 110,547,587,072 bytes free Post-Run: 110,532,550,656 bytes free 179 --- E O F --- 2008-10-29 02:28:28 |
|
|
|
|
11-07-2008, 02:49 AM
|
#11 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 4,453
OS: XP
|
Re: pop ups and viruses?
Hello again
Files uploaded successfully, thank you. ======= Delete this folder in blue: c:\documents and settings\All Users\Application Data\NortonInstaller If you have uninstalled Limewire, please delete these folder in blue. c:\documents and settings\Claudette McFarlane\Application Data\LimeWire c:\documents and settings\Briana\Application Data\LimeWire ========== Download Malwarebytes ' Anti-Malware from Here or Here Double-click on mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform Full Scan, then click Scan. * The scan may take some time to finish, so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below). * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy & paste the entire report into your next reply. Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. ========= Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. ========= Logs Required MBAM.txt Hijackthis Log
__________________
Member of ASAP since 2007 Member of UNITE since 2008 **Notice to BT customers** BT-Phorm spyware to go live before the end of 2009- for more information please visit No DPI website for more information. Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit. If we have helped you in anyway,please consider Donating |
|
|
|
|
11-09-2008, 09:49 AM
|
#12 (permalink) |
|
Registered User
Join Date: Oct 2008
Posts: 8
OS: service pack 2 windows xp
|
Re: pop ups and viruses?
Malwarebytes' Anti-Malware 1.30
Database version: 1306 Windows 5.1.2600 Service Pack 2 2008-11-09 12:48:46 mbam-log-2008-11-09 (12-48-46).txt Scan type: Full Scan (C:\|) Objects scanned: 131384 Time elapsed: 55 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 13 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:49, on 2008-11-09 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\dlcfcoms.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\trend micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - (no file) O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKUS\S-1-5-21-2526772172-4162990797-3673555424-1006\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Claudette McFarlane') O4 - HKUS\S-1-5-21-2526772172-4162990797-3673555424-1006\..\Run: [Aim6] (User 'Claudette McFarlane') O4 - HKUS\S-1-5-21-2526772172-4162990797-3673555424-1006\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'Claudette McFarlane') O4 - HKUS\S-1-5-21-2526772172-4162990797-3673555424-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Claudette McFarlane') O4 - HKUS\S-1-5-21-2526772172-4162990797-3673555424-1006\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" (User 'Claudette McFarlane') O4 - HKUS\S-1-5-21-2526772172-4162990797-3673555424-1006\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (User 'Claudette McFarlane') O4 - HKUS\S-1-5-21-2526772172-4162990797-3673555424-1006\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'Claudette McFarlane') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Armani\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Sally's%20Salon/Images/stg_drm.ocx O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/...nlineGames.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46.../bejeweled.cab O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/tr...2.1.0.0.48.cab O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v41...l/freecell.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/down.../OTOYAX29b.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41...an/hangman.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://aolsvc.aol.com/onlinegames/fr...amesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Sally's%20Salon/Images/armhelper.ocx O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47...familyfeud.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/pla.../installer.exe O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://cdn.ll.neoedge.com/webgames/W...h.1.0.0.47.cab O16 - DPF: {EF6E7E56-9229-4C73-AAD0-15316405DB95} (Easy Photo Uploader) - http://preview.bh662.photosite.com/~...adBox_live.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) -- End of file - 14114 bytes |
|
|
|
|
11-09-2008, 03:11 PM
|
#13 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 4,453
OS: XP
|
Re: pop ups and viruses?
Hello again
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - (no file) Please remember to close all other windows, including browsers then click Fix checked. ========== If there are no further issues, continue below. ========== On your keyboard, press the Windows logo key and the letter 'R' to launch the Run command. Copy/paste command below into box: %systemroot%\gmer_uninstall.cmd Click ok. ============ Delete RSIT from your desktop, also delete this folder c:\rsit. Uninstall Hijackthis via add/remove, you can keep ATF-Cleaner and Malwarebytes' Anti-Malware if you wish. ============= Well done, your logs are clean. Click start>run>type(or copy/paste command into run box): ComboFix /u Click ok. =========== Clear IE7 cookies *On the Internet Explorer 7 Tools menu, click Internet Options. The Internet Options box should open to the General tab. *On the General tab, in the Browsing History, click the Delete button. This will delete all the files that are currently stored in your cache [that includes cookies too]. *Click OK, and then click OK again. Clear Firefox cookies/cache • Select "Tools" • Select "Options". • Select "Privacy". • In "Settings" window put the check mark for Cookies,Cache,Browsing history and any others you want. • Click OK. • In Private area click "Clear Now". ------------------------------------------------------------------------------------------- MICROSOFT UPDATES 1.Click Start,Run, type sysdm.cpl, and then press OK. 2.Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended). Microsoft updates are released every second Tuesday of each month,what is called "Patch Tuesday". ------------------------------------------------------------------------------------------ Useful Information and Programs to keep you safe. TrendProtect is a FREE browser plug-in that helps you avoid Web pages with unwanted content and hidden threats. TrendProtect rates the current page and pages listed in Google, MSN, and Yahoo search results. You can use the rating to decide if you want to visit or avoid a given Web page. To rate Web pages, TrendProtect refers to an extensive database that covers the following information for billions of Web pages: * Content category * Phishing scam detection * Site reputation * Page reputation WOT Free helps you avoid disingenuous Internet content by allowing you to learn from others' experiences. WOT shows you website reputations on your browser, telling you how much other users trust a website. This helps you make better decisions while browsing and avoid phishing, malware, and other types of fraud. Reputations can also be added to web search results, Gmail, Wikipedia, and other selected sites. WOT reputations are computed mainly from user testimonies. Sharing your knowledge with others is just a click away, without ever having to leave the site. We also collect data from hundreds of other sources (including PhishTank) to quickly warn you of emerging threats. Currently, WOT knows over 12 million websites. Note:Only compatible with Firefox 1.5 and higher. -------------------------------------------------------------------------------------- Alternate Browsers Try the following free alternate browsers rather than Internet Explorer Avant Firefox Opera K-Meleon ------------------------------------------------------------------------------------------ Free Antispyware Products SuperAntiSpyware Malwarebytes ' Anti-Malware SpywareBlaster to help prevent spyware from installing in the first place.
------------------------------------------------------------------ IE-Spyad™ is a freeware utility that places more than 4000 dubious websites and domains in the Internet Explorer Restricted List. Download and installation instructions for IE-Spyad™ Here ----------------------------------------- The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file. If your having trouble downloading & extracting,see link below for guidance: http://www.mvps.org/winhelp2002/hosts2.htm Once you have extracted the host file,double click on it and a new window will open. Double-click on mvps.batand follow the prompts --------------------------------------------------------------- Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here: Using Winpatrol to protect your computer. ---------------------------------------- SnoopFree is a programme that informs you when another programme is wanting to log your keystrokes or read your screen.Only for XP users. Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released. ============================================== Also, please take a look at this well written article: PC Safety and Security--What Do I Need? **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. Please reply to this thread once more, as we may mark this as resolved, thanks.
__________________
Member of ASAP since 2007 Member of UNITE since 2008 **Notice to BT customers** BT-Phorm spyware to go live before the end of 2009- for more information please visit No DPI website for more information. Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit. If we have helped you in anyway,please consider Donating |
|
|
|
|
11-11-2008, 06:09 AM
|
#15 (permalink) |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 4,453
OS: XP
|
Re: pop ups and viruses?
You`re welcome, surf safely
__________________
Member of ASAP since 2007 Member of UNITE since 2008 **Notice to BT customers** BT-Phorm spyware to go live before the end of 2009- for more information please visit No DPI website for more information. Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit. If we have helped you in anyway,please consider Donating |
|
|
|
| Thread Tools | |
|
|
