Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

new user IUSER_ADMIN on computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

new user IUSER_ADMIN on computer

Unread postby CompGuy2008 » September 5th, 2008, 10:50 pm

I turned my computer on today I got the IUSER_ADMIN as a new user. Here's my hijack this uninstall log. I believe I did it correct.


Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.2
ANIO Service
ANIWZCS2 Service
ArcSoft Camera Suite
ArcSoft Software Suite
Atomic Pop
Belkin 54g USB Network Adapter
Betty Bad
BitTorrent 5.0.1
Blackhawk Striker
Blasterball 2
Blasterball Wild
ChurchGift
Concord EyeQ Duo 2000 Digital Camera
Concord EyeQ Duo 2000 Memory Browser TWAIN Driver V1.00
Dark Orbit
Detto IntelliMover Demo
Disney's Lilo and Stitch Pinball
DivX Content Uploader
DivX Web Player
DLA
easy Internet sign-up
FLV Player 2.0, build 23
GemMaster 2
GoldWave v4.26
HEC-RAS 3.1
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
hp center
hp deskjet 3320 series (Remove only)
hp deskjet 3820 series (Remove only)
HP Instant Support
hp learning adventure
HP Memories Disc
HP Photo and Imaging 1.1 - Photosmart Cameras
hp toolkit
Inactive HP Printer Drivers (Remove only)
Intel(R) 845G Chipset Graphics Driver Software
InterActual Player
InterVideo WinDVD
KBD
Kublox
Lernout & Hauspie TruVoice American English TTS Engine
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.16)
MSXML 6.0 Parser (KB933579)
MUSICMATCH Jukebox
Norton SystemWorks 2003
Norton WMI Update
NVIDIA Windows 2000/XP Display Drivers
PC-Doctor for Windows
PigPen
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2005
Quicken Financial Center
RecordNow
RecordNow Update Manager
S3Display
S3Gamma2
S3Info2
S3Overlay
SabreWing 2
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
SimCity 2000® Special Edition
Snowboard Extreme
Space Rocks
Speedway
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB951072-v2)
VideoLAN VLC media player 0.8.6c
Virtual Warfare
WildTangent Channel Manager
WildTangent Updater
WildTangent Web Driver
Winamp
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Wireless G WUA-1340
WordPerfect Productivity Pack
WordPerfect Productivity Pack


thanks
CompGuy2008
Active Member
 
Posts: 5
Joined: September 5th, 2008, 10:44 pm
Advertisement
Register to Remove

Re: new user IUSER_ADMIN on computer

Unread postby silver » September 13th, 2008, 5:43 am

Hi CompGuy2008,

Download RSIT by random/random to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)

  • Double click RSIT.exe to start the program, and click Continue at the disclaimer screen.
  • When the scan is complete, two text files will open - log.txt <- this one will be maximized and info.txt <-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt and info.txt in your reply

Once complete, please post both RSIT logs, you won't need to produce a new HijackThis log as RSIT produces one for you.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: new user IUSER_ADMIN on computer

Unread postby silver » September 15th, 2008, 9:23 pm

Do you still need help with your machine?

If the instructions are unclear or something isn't working, please let me know before proceeding.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: new user IUSER_ADMIN on computer

Unread postby CompGuy2008 » September 17th, 2008, 3:32 am

hello. sorry, I just received this post. I'll have this completed in the morning. thanks
CompGuy2008
Active Member
 
Posts: 5
Joined: September 5th, 2008, 10:44 pm

Re: new user IUSER_ADMIN on computer

Unread postby silver » September 19th, 2008, 11:18 pm

How are you getting on?
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: new user IUSER_ADMIN on computer

Unread postby CompGuy2008 » September 22nd, 2008, 6:39 pm

library. friends house, where ever I can.

info.txt logfile of random's system information tool 1.02 2008-09-22 15:24:33

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3}
-->c:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
-->MsiExec.exe /I{58DD5143-4417-4F43-A7DD-5B8B29CEDBEA}
-->MsiExec.exe /I{6975E810-C92F-45F0-0BFD-187B312F10E8}
-->MsiExec.exe /I{C8D79874-7F2B-4346-99F1-DAA8AABF9DCA}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
ANIO Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
ArcSoft Camera Suite-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\Camera Suite\Uninst.isu"
ArcSoft Software Suite-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\Software Suite\Uninst.isu"
Atomic Pop-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {96777B4D-1A97-492E-B5DA-C624AA675280}
Belkin 54g USB Network Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Belkin\Belkin Wireless Network Utility\setup.exe" -l0x9
Betty Bad-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {A27EAF80-CBFC-4F56-94E1-929A401D7515}
BitTorrent 5.0.1-->"C:\Program Files\BitTorrent\uninstall.exe"
Blackhawk Striker-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {5415BC25-6D6C-46C4-B34C-EA8470FE56D5}
Blasterball 2-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {357ECB62-CD36-4B63-B57E-769D0CA174F4}
Blasterball Wild-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {28BA89E7-2F60-4BE7-BAA2-7949EB3FE527}
ChurchGift-->C:\CG\setup\setup.exe
Concord EyeQ Duo 2000 Digital Camera-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{64DB6124-C6FE-11D6-88BF-009027BD5EBD}
Concord EyeQ Duo 2000 Memory Browser TWAIN Driver V1.00-->C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\coachMB.inf
Dark Orbit-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {7841B68B-B7DD-408E-8B45-D5CA39608185}
Detto IntelliMover Demo-->MsiExec.exe /X{E62C706B-1352-4DCA-B4D4-81C24750B70F}
Disney's Lilo and Stitch Pinball-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {63272979-21F0-48EF-9B97-A83DBC05BE39}
DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
easy Internet sign-up-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B5DDB2C-0807-47FD-9C11-80EA761902C0}\Setup.exe" -l0x9
FLV Player 2.0, build 23-->C:\Program Files\FLV Player\uninst.exe
GemMaster 2-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {4EDAE550-ACA5-4EF6-88BD-9F2B8BC2982D}
GoldWave v4.26-->C:\WINDOWS\sxstall2.exe "GoldWave v4.26" "C:\Program Files\GoldWave\unstall.log"
HEC-RAS 3.1-->MsiExec.exe /X{0AFACF83-7261-4362-9AFE-E6867F1624C3}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp center-->C:\WINDOWS\BWUnin-6.1.0.153.exe -AppId 137903
hp deskjet 3320 series (Remove only)-->C:\Program Files\hp deskjet 3320 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB/DeskJet 3320/ -vproduct=3320 -huninstall
hp deskjet 3820 series (Remove only)-->C:\Program Files\hp deskjet 3820 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB/DeskJet 3820/ -vproduct=3820 -huninstall
HP Instant Support-->C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
hp learning adventure-->c:\program files\HPSelect\Frontend\uninstall.exe
HP Memories Disc-->MsiExec.exe /X{FF384BDE-429B-45AD-A0C6-E593393D9D1C}
HP Photo and Imaging 1.1 - Photosmart Cameras-->MsiExec.exe /X{1EEE2A9F-6471-42fa-8923-E8879168CE26}
hp toolkit-->c:\Windows\HPTK\unhptkit.exe
Inactive HP Printer Drivers (Remove only)-->RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 prntunin.inf
Intel(R) 845G Chipset Graphics Driver Software-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
KBD-->C:\HP\KBD\KBD.EXE uninstalled
Kublox-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {F7A4D9BE-D989-45B9-BB49-2C0EA34B9991}
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MUSICMATCH Jukebox-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
Norton SystemWorks 2003-->MsiExec.exe /I{43C3D832-AC96-463A-2003-1B8D1BFA2523}
Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
PC-Doctor for Windows-->C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\PC-DOC~1\INSTALL.LOG
PigPen-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {B279B0DA-6F60-4FBD-9847-0C9AB79A3674}
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2005-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
Quicken Financial Center-->C:\PROGRA~1\QUICKE~1\rem\UNWISE.EXE /s C:\PROGRA~1\QUICKE~1\rem\INSTALL.LOG
RecordNow Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
RecordNow-->MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
S3Display-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
SabreWing 2-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {922B6E62-57DC-4153-97E3-12443BB5F9AE}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SimCity 2000® Special Edition-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Maxis\SimCity 2000\DeIsL1.isu"
Snowboard Extreme-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {753FE96B-D926-4B6C-BCFB-CC59153D004A}
Space Rocks-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {9FA01E11-9015-4140-B10A-5C6AA949B2FC}
Speedway-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {D6CAB2F4-26A4-48F4-A35D-CA83063E3928}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Warfare-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {4F0AE1FB-4082-4A27-8363-05D292D92FB0}
WildTangent Channel Manager-->C:\Program Files\WildTangent\DDC\DDCManager\Uninstall.exe
WildTangent Updater-->C:\WINDOWS\wt\updater\wcmdmgr.exe -uninstall wcmdmgr.exe
WildTangent Web Driver-->C:\WINDOWS\wt\updater\wcmdmgr.exe -uninstall wtwebdriver
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Wireless G WUA-1340-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{71FD28F7-E697-40B4-8DC9-91E8B1B9AEE9}
WordPerfect Productivity Pack-->C:\WINDOWS\Corel\Uninst32.exe
WordPerfect Productivity Pack-->C:\WINDOWS\Corel\uninst32.exe

======Security center information======

AV: Norton AntiVirus (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program files\PC-Doctor for Windows XP\WINDSAPI;"C:\Program Files\Norton SystemWorks\Norton Ghost\"
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------



Logfile of random's system information tool 1.02 (written by random/random)
Run by Owner at 2008-09-22 15:24:05
Microsoft Windows XP Home Edition Service Pack 3, v.3311
System drive C: has 32 GB (61%) free of 52 GB
Total RAM: 1022 MB (63% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\easy Internet sign-up.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73364D99-1240-4dff-B12A-67E448373148}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
CNavExtBho Class - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll [2002-11-15 112248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit - C:\HP\EXPLOREBAR\HPTOOLKT.DLL [2002-06-04 86016]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll [2002-11-15 112248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"CamMonitor"=c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe [2002-06-17 69632]
"KBD"=C:\HP\KBD\KBD.EXE [2001-07-06 61440]
"StorageGuard"=C:\Program Files\VERITAS Software\Update Manager\sgtray.exe [2002-05-09 155648]
"dla"=C:\Program Files\DLA\install\tfswctrl.exe [2002-07-16 106549]
"DDCM"=C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe [2002-06-08 122880]
"DDCActiveMenu"=C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe [2002-06-08 86016]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2001-12-18 212992]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2002-05-15 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2002-05-15 114688]
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-06-14 81920]
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe [2002-05-21 188416]
"wcmdmgr"=C:\WINDOWS\wt\updater\wcmdmgrl.exe [2002-02-28 20480]
"checktime"=c:\program files\HPSelect\Frontend\ct.exe [2002-01-26 45056]
"D-Link Wireless G WUA-1340"=C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe [2005-12-15 2715648]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2005-11-30 49152]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2002-08-19 50880]
"ccRegVfy"=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe [2002-08-19 34504]
"GhostStartTrayApp"=C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe [2002-08-14 94208]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-10-13 286720]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"LTMSG"=LTMSG.exe 7 []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-03 36352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-02-12 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-02-12 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2002-05-15 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{483ce92c-18a3-11d7-9d78-806d6172696f}]
shell\AutoRun\command - E:\ialaunch.exe id= ver=1.0.0.0


======List of files/folders created in the last 1 months======

2008-09-22 15:24:05 ----D---- C:\rsit
2008-09-13 02:38:40 ----D---- C:\WINDOWS\Prefetch
2008-09-13 02:24:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-13 02:23:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-13 02:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-13 02:22:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-13 02:21:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-13 02:20:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-13 02:19:11 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-13 02:18:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-13 02:17:09 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-13 02:05:49 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-13 02:05:49 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-13 02:05:48 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-13 02:05:47 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-13 02:05:47 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-13 02:05:47 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-13 02:05:47 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-13 02:05:47 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-13 02:05:47 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-13 02:05:47 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-13 02:05:47 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-13 02:05:47 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-13 02:05:46 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-13 02:05:46 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-13 02:05:46 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-13 02:05:46 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-13 02:05:46 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-13 02:05:45 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-13 02:05:45 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-13 02:05:45 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-13 02:05:45 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-13 02:05:43 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-13 02:05:42 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-13 02:05:42 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-13 02:05:41 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-13 02:05:41 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-13 02:05:41 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-13 02:05:40 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-13 02:05:40 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-13 02:05:40 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-13 02:05:40 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-13 02:05:39 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-13 02:05:39 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-13 02:05:38 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-13 02:05:38 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-13 02:05:38 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-13 02:05:37 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-13 02:05:36 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-13 02:05:36 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-13 02:05:36 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-13 02:05:36 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-13 02:05:36 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-13 02:05:35 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-13 02:05:34 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-13 02:05:23 ----D---- C:\WINDOWS\l2schemas
2008-09-13 02:05:21 ----D---- C:\WINDOWS\system32\en
2008-09-13 01:52:56 ----A---- C:\WINDOWS\005666_.tmp
2008-09-11 23:31:35 ----A---- C:\WINDOWS\system32\mywfhit.ini.tmp
2008-09-11 21:47:26 ----A---- C:\myls3tecj.bat
2008-09-11 20:27:14 ----A---- C:\WINDOWS\wftadfi16_080910a.dll
2008-09-11 20:27:14 ----A---- C:\WINDOWS\dcbdcatys32_080910a.dll
2008-09-05 17:17:56 ----HD---- C:\WINDOWS\PIF
2008-09-05 13:50:03 ----D---- C:\Program Files\Trend Micro
2008-09-04 08:42:06 ----A---- C:\WINDOWS\MSSqlServer.dll
2008-09-03 23:20:04 ----A---- C:\WINDOWS\system32\tmpacj0.exe
2008-09-03 23:19:53 ----A---- C:\WINDOWS\system32\mywfhit.ini
2008-09-03 23:17:09 ----D---- C:\WINDOWS\system32\inf
2008-09-03 23:17:09 ----A---- C:\WINDOWS\tawisys.ini
2008-09-03 23:16:59 ----AH---- C:\WINDOWS\system32\zordisa.dll
2008-08-31 04:04:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-08-31 04:04:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-31 04:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-31 04:04:17 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-31 04:04:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-31 04:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-08-31 04:03:32 ----D---- C:\Program Files\MSXML 6.0
2008-08-31 04:03:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-08-31 04:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-31 04:02:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-31 04:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-08-31 04:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-08-31 04:00:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-31 03:59:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-08-31 03:59:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-08-31 03:59:07 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-08-31 03:58:34 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-08-24 02:54:44 ----D---- C:\music
2008-08-24 02:43:06 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-08-24 02:43:06 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-08-24 02:43:06 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-08-24 02:43:06 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-08-24 02:43:06 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-08-24 02:43:05 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-08-24 02:42:58 ----D---- C:\Program Files\Winamp
2008-08-24 02:42:58 ----D---- C:\Documents and Settings\Owner\Application Data\Winamp
2008-08-24 00:57:04 ----A---- C:\WINDOWS\system32\B11gUSB.dll
2008-08-24 00:56:57 ----A---- C:\WINDOWS\system32\GTW32N50.dll

======List of files/folders modified in the last 1 months======

2008-09-22 15:21:34 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-09-22 15:21:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-22 15:21:22 ----D---- C:\WINDOWS\wt
2008-09-22 15:21:03 ----D---- C:\WINDOWS\Temp
2008-09-22 15:18:49 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-22 15:18:40 ----A---- C:\WINDOWS\ModemLog_Agere Win Modem.txt
2008-09-19 00:59:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-15 14:28:08 ----D---- C:\WINDOWS\system32
2008-09-14 12:25:50 ----D---- C:\Program Files\Mozilla Firefox
2008-09-14 12:25:36 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-09-14 12:21:00 ----D---- C:\WINDOWS
2008-09-13 02:46:01 ----D---- C:\WINDOWS\system32\drivers
2008-09-13 02:45:02 ----D---- C:\WINDOWS\inf
2008-09-13 02:41:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-13 02:40:29 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-13 02:39:32 ----A---- C:\WINDOWS\setuplog.txt
2008-09-13 02:37:49 ----D---- C:\Program Files\Messenger
2008-09-13 02:37:48 ----D---- C:\WINDOWS\system32\wbem
2008-09-13 02:37:48 ----D---- C:\WINDOWS\system32\Setup
2008-09-13 02:37:48 ----D---- C:\WINDOWS\AppPatch
2008-09-13 02:37:46 ----D---- C:\WINDOWS\Fonts
2008-09-13 02:25:17 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-13 02:16:35 ----D---- C:\WINDOWS\security
2008-09-13 02:06:13 ----D---- C:\WINDOWS\WinSxS
2008-09-13 02:06:00 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-13 02:05:55 ----D---- C:\WINDOWS\network diagnostic
2008-09-13 02:05:55 ----D---- C:\WINDOWS\ime
2008-09-13 02:05:54 ----D---- C:\WINDOWS\Help
2008-09-13 02:05:29 ----D---- C:\WINDOWS\system32\en-us
2008-09-13 02:05:28 ----D---- C:\WINDOWS\system32\usmt
2008-09-13 02:05:21 ----D---- C:\WINDOWS\system32\bits
2008-09-13 02:05:21 ----D---- C:\WINDOWS\peernet
2008-09-13 02:05:20 ----D---- C:\Program Files\Movie Maker
2008-09-13 01:59:50 ----D---- C:\WINDOWS\system32\Restore
2008-09-13 01:59:50 ----D---- C:\WINDOWS\system32\npp
2008-09-13 01:59:47 ----D---- C:\WINDOWS\msagent
2008-09-13 01:59:45 ----D---- C:\WINDOWS\srchasst
2008-09-13 01:59:43 ----D---- C:\Program Files\NetMeeting
2008-09-13 01:59:40 ----D---- C:\WINDOWS\system32\Com
2008-09-13 01:59:35 ----D---- C:\Program Files\Windows Media Player
2008-09-13 01:59:34 ----D---- C:\Program Files\Windows NT
2008-09-13 01:59:34 ----D---- C:\Program Files\Outlook Express
2008-09-13 01:59:27 ----D---- C:\Program Files\Common Files\System
2008-09-13 01:59:02 ----D---- C:\WINDOWS\system32\oobe
2008-09-13 01:58:58 ----D---- C:\WINDOWS\system
2008-09-13 01:52:49 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-13 01:52:02 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-13 01:43:01 ----D---- C:\WINDOWS\EHome
2008-09-13 01:43:01 ----D---- C:\WINDOWS\Debug
2008-09-12 17:35:12 ----D---- C:\Program Files\Norton SystemWorks
2008-09-12 16:48:06 ----D---- C:\Documents and Settings
2008-09-12 15:06:53 ----SHD---- C:\WINDOWS\Installer
2008-09-12 15:06:51 ----D---- C:\Program Files\Adobe
2008-09-05 19:59:12 ----D---- C:\Program Files\DivX
2008-09-05 14:05:25 ----D---- C:\WINDOWS\system32\NtmsData
2008-09-05 13:50:03 ----RD---- C:\Program Files
2008-08-31 04:04:47 ----HD---- C:\WINDOWS\$hf_mig$
2008-08-31 04:03:43 ----D---- C:\WINDOWS\ie7updates
2008-08-31 04:01:37 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-05-22 90336]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 GhPciScan;GhostPciScanner; \??\C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-02-12 36352]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2002-06-19 5589]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2002-06-19 22995]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-08-24 20747]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\System32\ANIO.SYS []
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2002-06-06 40368]
R2 SAVRTPEL;SAVRTPEL; \??\C:\WINDOWS\System32\Drivers\SAVRTPEL.SYS []
R2 SYMTDI;SYMTDI; \??\C:\WINDOWS\System32\Drivers\SYMTDI.SYS []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2002-07-16 23701]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2002-07-16 34805]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2002-07-16 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2002-07-16 2201]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2002-07-16 54900]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2002-07-16 14421]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2002-07-16 6325]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2002-07-16 91156]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2002-07-16 95125]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-05-22 69504]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 AR5211;EDUP Wireless Network Adapter Service; C:\WINDOWS\System32\DRIVERS\ar5211.sys [2004-11-23 396256]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-02-12 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2002-05-22 78045]
R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-12-12 652689]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2002-07-24 28164]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080528.002\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080528.002\NavEx15.Sys []
R3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS []
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-03-08 13780]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2007-07-12 96384]
R3 SAVRT;SAVRT; \??\C:\WINDOWS\System32\Drivers\SAVRT.SYS []
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\System32\Drivers\SYMREDRV.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-02-12 30208]
R3 usbhub;USB Root Hub (usbport); C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-02-12 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-02-12 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-02-12 20608]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-02-12 37760]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-02-12 42752]
S2 CoachCap;Concord EyeQ Duo 2000 USB Video Capture V1.00; C:\WINDOWS\system32\drivers\CoachCap.sys [2002-03-03 93068]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-02-12 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-02-12 71552]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2008-02-12 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2008-02-12 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2008-02-12 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2008-02-12 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2008-02-12 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2008-02-12 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2008-02-12 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2008-02-12 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2008-02-12 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2008-02-12 23615]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-02-12 1897408]
S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 RT73;Belkin USB Network Adapter; C:\WINDOWS\System32\DRIVERS\rt73.sys [2005-08-02 232192]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2008-02-12 166912]
S3 S3SavageNB;S3SavageNB; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2008-02-12 166912]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2002-04-08 188032]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-02-12 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-02-12 32128]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-02-12 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-02-12 25856]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 afisicx;afisicx Service; C:\WINDOWS\system32\afisicx.exe [2001-08-18 44032]
R2 Belkin Wireless USB Network Adapter Service;Belkin Wireless USB Network Adapter; C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 49152]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2002-08-08 308936]
R2 GhostStartService;GhostStartService; C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe [2002-08-14 200704]
R2 Internet Service;Internet Service; C:\WINDOWS\smss.exe [2004-09-03 159808]
R2 mabidwe;mabidwe Service; C:\WINDOWS\system32\mabidwe.exe [2001-08-18 39424]
R2 navapsvc;Norton AntiVirus Auto Protect Service; C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe [2002-11-14 116336]
R2 noytcyr;noytcyr Service; C:\WINDOWS\system32\noytcyr.exe [2001-08-18 39424]
R2 NProtectService;Norton Unerase Protection; C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [2002-08-14 135168]
R2 roytctm;roytctm Service; C:\WINDOWS\system32\roytctm.exe [2001-08-18 39936]
R2 soxpeca;soxpeca Service; C:\WINDOWS\system32\soxpeca.exe [2001-08-18 39424]
R2 Speed Disk service;Speed Disk service; C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe [2002-08-14 172065]
R2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
R2 tdydowkc;tdydowkc Service; C:\WINDOWS\system32\tdydowkc.exe [2001-08-18 43520]
R2 wsldoekd;wsldoekd Service; C:\WINDOWS\system32\wsldoekd.exe [2001-08-18 43008]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-02-12 14336]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2005-11-30 49152]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-02-12 267776]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2001-08-13 54408]
S2 seiuctol;Security Control; C:\WINDOWS\system32\zordisa.dll [2008-09-04 14848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 ccPwdSvc;Symantec Password Validation Service; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2002-08-19 63176]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

sorry for taking so long
CompGuy2008
Active Member
 
Posts: 5
Joined: September 5th, 2008, 10:44 pm

Re: new user IUSER_ADMIN on computer

Unread postby silver » September 22nd, 2008, 8:44 pm

Hi CompGuy2008,

Your computer appears to have been infected by a backdoor trojan. These programs have the ability to steal passwords and other information from your system. If you use your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

If you wish to reformat then please let me know in your next response, I'll now continue with instructions for cleaning.

------------------------------------------------------------------------

Does the computer have internet access?

Before proceeding, I'd like to see a HijackThis log. What you posted originally was an Uninstall list from HijackThis. Here is how to produce a HijackThis log:

First, if for any reason you need to install HijackThis please download it from here (right-click the link, select Save Target As..., select your Desktop and press Save):

Double-click the program and follow the prompts to install it.
After installing, HijackThis will open automatically.

Select Do a system scan and save a logfile - this will produce a HijackThis log in Notepad. Check in Notepad that Format->Word Wrap is UNchecked.

Please post it in a response to this message. Copy the contents of the log by pressing Ctrl-A then Ctrl-C, then paste it into your response by pressing Ctrl-V.

I will review the log and let you know how to proceed.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: new user IUSER_ADMIN on computer

Unread postby CompGuy2008 » September 23rd, 2008, 4:02 pm

I had one question... why is that when I run hijackthis I get a warning from from norton about Bloodhound.Exploit.6?
CompGuy2008
Active Member
 
Posts: 5
Joined: September 5th, 2008, 10:44 pm

Re: new user IUSER_ADMIN on computer

Unread postby CompGuy2008 » September 23rd, 2008, 4:16 pm

never mind last question. here's the log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:05:00 PM, on 9/23/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\WINDOWS\smss.exe
C:\WINDOWS\system32\mabidwe.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\noytcyr.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\roytctm.exe
C:\WINDOWS\system32\soxpeca.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\DLA\install\tfswctrl.exe
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us6.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.3929.cn?tn=102720
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\Program Files\DLA\install\tfswctrl.exe
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [D-Link Wireless G WUA-1340] C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\MAIN.MHT!http://butavertat.com///ms04013.chm::/pluginst.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D749ED47-49CA-4698-8AAC-16D4A9DCE4D0}: NameServer = 192.168.0.1,192.168.1.1
O23 - Service: afisicx Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
O23 - Service: Internet Service - Unknown owner - C:\WINDOWS\smss.exe
O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\WINDOWS\system32\mabidwe.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: noytcyr Service (noytcyr) - Unknown owner - C:\WINDOWS\system32\noytcyr.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: roytctm Service (roytctm) - Unknown owner - C:\WINDOWS\system32\roytctm.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS\system32\soxpeca.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: tdydowkc Service (tdydowkc) - Unknown owner - C:\WINDOWS\system32\tdydowkc.exe
O23 - Service: wsldoekd Service (wsldoekd) - Unknown owner - C:\WINDOWS\system32\wsldoekd.exe

--
End of file - 9519 bytes



I'd like to do the reformat, but their are a couple things I should mention that i think may pose a problem. If not then cool.
#1. My HP didn't come with reinstall disks, just a recovery partition
#2. Would reformatting an installing from the recovery partition be safe if it's infected? or is the the trojan localized? thanks
CompGuy2008
Active Member
 
Posts: 5
Joined: September 5th, 2008, 10:44 pm

Re: new user IUSER_ADMIN on computer

Unread postby silver » September 23rd, 2008, 10:13 pm

Hi CompGuy2008,

#1. My HP didn't come with reinstall disks, just a recovery partition
Yes this is fairly common and a perfectly adequate alternative to reinstall disks.

#2. Would reformatting an installing from the recovery partition be safe if it's infected? or is the the trojan localized? thanks
It's very unlikely that the recovery partition has been affected by this in any way. As a precaution, I would perform a full system scan after reinstallation - if this comes back clean and you haven't noticed anything unusual during the process then everything should be fine. You are welcome to post a new log for review if you wish.

The most important things about reformatting are a) making sure you save all your data first, and b) making sure you have everything ready for the install.
 
These articles should provide most of the information you need:
 
The Some Re-installation Notes: section of this article:
When Should I Format, How Should I Reinstall
 
Also, wng_z3r0's guide to reformatting:
Reformatting Windows by wng_z3r0
 
I recommend you make an offline copy of your security software so you can install it before connecting to the internet.  Also, I recommend you get your up to date with security patches before doing anything else online, it may take a while but until your machine is fully patched it is very vulnerable.  You will however be safe at windowsupdate.microsoft.com
 
If you need further assistance or have any questions please let me know.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: new user IUSER_ADMIN on computer

Unread postby silver » September 26th, 2008, 9:06 pm

As this topic appears to be resolved,
this topic is now closed
We are pleased to have been of assistance.

If you have been helped and wish to donate with the costs of this volunteer site, you can do so using this link
Donations For Malware Removal
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware