Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Incorrect web page

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Incorrect web page

Unread postby WAR » November 25th, 2008, 5:12 pm

Using WinXP, IE7 or IE8 makes no difference.

I want to go to "https://login.fidelity.com/ftgw/Fidelity/RtlCust/Login/Init?AuthRedUrl=https://oltx.fidelity.com/ftgw/fbc/ofsummary/summary". (I have been going to this page daily for over a year with no problem.)
I get the error message; UNAVAILABLE Sorry. This page is currently not available. Our technicians are at work updating this section and will restore service as soon as possible.
Per a phone call to the web site, I am told the web site provider IS NOT working on this site and suggested I try Firefox. I did and the page loads correctly.
WHY? All other links and favorites seem to work correctly!
Upgrading to IE8 made no difference.
Using other computers in the household loaded the page correctly.
What is happening here? How do I fix it?

Hijack this log is below;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:10:42 PM, on 11/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Wayne & PJ\My Documents\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Windows Defender] "C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Jet Detection] C:\PROGRAM FILES\Creative\SBLive\Program\ADGJDet.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Calendarscope] "C:\Program Files\Calendarscope\cs.exe"
O4 - HKCU\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: MRCLOCK.EXE.lnk = Wayne & PJ\My Documents\WILLPOND\RACK\MRCLOCK.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Password Generator - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra 'Tools' menuitem: Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O9 - Extra 'Tools' menuitem: Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6662.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6CD8E2C-884E-4C4B-9960-239BF584D170}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BBIPQPGTE - Unknown owner - (no file)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10983 bytes
WAR
Active Member
 
Posts: 12
Joined: November 25th, 2008, 5:01 pm
Advertisement
Register to Remove

Re: Incorrect web page

Unread postby Katana » November 30th, 2008, 5:10 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
  1. Please Read All Instructions Carefully
  2. If you don't understand something, stop and ask! Don't keep going on.
  3. Please do not run any other tools or scans whilst I am helping you
  4. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly Image

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe


----------------------------------------------------------------------------------------

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please do the following


Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Incorrect web page

Unread postby WAR » December 1st, 2008, 8:39 am

As Requested;

Logfile of random's system information tool 1.04 (written by random/random)
Run by Wayne & PJ at 2008-12-01 07:30:35
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 122 GB (80%) free of 153 GB
Total RAM: 2559 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:31:07 AM, on 12/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ntvdm.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Wayne & PJ\My Documents\RSIT.exe
C:\Documents and Settings\Wayne & PJ\My Documents\Wayne & PJ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/s/s.dll?spage=hb/index.htm&ck=&ck=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Windows Defender] "C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Jet Detection] C:\PROGRAM FILES\Creative\SBLive\Program\ADGJDet.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Calendarscope] "C:\Program Files\Calendarscope\cs.exe"
O4 - HKCU\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: MRCLOCK.EXE.lnk = Wayne & PJ\My Documents\WILLPOND\RACK\MRCLOCK.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Password Generator - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra 'Tools' menuitem: Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O9 - Extra 'Tools' menuitem: Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6662.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6CD8E2C-884E-4C4B-9960-239BF584D170}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BBIPQPGTE - Unknown owner - (no file)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10792 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{ED22EE8F-0FD0-4A1F-A81A-1A1A7E9BFBF8}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-11-27 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-11-26 5759816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-18 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-18 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}]
C:\Program Files\PicLensIE\cooliris.dll [2008-10-21 4087808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
ZoneAlarm Spy Blocker BHO - C:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL [2008-10-14 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-11-26 5759816]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - ZoneAlarm Spy Blocker - C:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL [2008-10-14 262144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2003-08-28 24576]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-10-09 333120]
"Windows Defender"=C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCui.exe [2006-11-03 866584]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-18 136600]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-08-21 981904]
"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 1406024]
"Jet Detection"=C:\PROGRAM FILES\Creative\SBLive\Program\ADGJDet.exe [2001-11-29 28672]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-28 1261336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Calendarscope"=C:\Program Files\Calendarscope\cs.exe [2005-12-05 1781818]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2003-04-07 114688]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 1406024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliType]
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe [2002-03-21 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

C:\Documents and Settings\Wayne & PJ\Start Menu\Programs\Startup
MRCLOCK.EXE.lnk - C:\Documents and Settings\Wayne & PJ\My Documents\WILLPOND\RACK\MRCLOCK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-07 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideShutdownScripts"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=C0FFFF03
"NoRecentDocsNetHood"=01000000
"MaxRecentDocs"=99

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15db886e-acc0-11db-9f5c-000cf1e49d53}]
shell\AutoRun\command - G:\LaunchU3.exe


======List of files/folders created in the last 1 months======

2008-12-01 07:30:35 ----D---- C:\rsit
2008-11-29 12:02:42 ----A---- C:\WINDOWS\{00000002-00000000-00000001-00001102-00000002-80671102}.BAK
2008-11-27 10:37:10 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-11-27 10:26:47 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-11-27 10:11:25 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-11-24 19:35:09 ----A---- C:\WINDOWS\system32\ieencode.dll
2008-11-24 16:04:58 ----D---- C:\Program Files\Mozilla Firefox
2008-11-18 11:52:33 ----D---- C:\Program Files\Microsoft Baseline Security Analyzer 2
2008-11-18 11:48:54 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-18 11:48:54 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-18 11:48:54 ----A---- C:\WINDOWS\system32\java.exe
2008-11-18 11:48:54 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-18 11:46:15 ----D---- C:\Program Files\Microsoft IntelliPoint
2008-11-18 11:29:09 ----D---- C:\Documents and Settings\Wayne & PJ\Application Data\Yahoo!
2008-11-13 08:01:31 ----D---- C:\Program Files\MSXML 4.0
2008-11-10 07:45:08 ----D---- C:\Documents and Settings\All Users\Application Data\SystemExplorer
2008-11-10 07:45:04 ----D---- C:\Program Files\System Explorer
2008-11-07 13:37:18 ----D---- C:\Program Files\Common Files\Apple
2008-11-07 13:35:48 ----D---- C:\Program Files\Apple Software Update
2008-11-07 13:31:34 ----D---- C:\Program Files\QuickTime

======List of files/folders modified in the last 1 months======

2008-12-01 07:31:07 ----D---- C:\WINDOWS\Temp
2008-12-01 07:07:38 ----D---- C:\WINDOWS\Internet Logs
2008-12-01 07:06:45 ----SD---- C:\WINDOWS\Tasks
2008-12-01 07:06:16 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-01 07:04:24 ----AC---- C:\WINDOWS\ModemLog_Intel(R) 536EP Modem.txt
2008-12-01 07:04:05 ----D---- C:\WINDOWS\system32\drivers
2008-11-30 22:35:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-30 12:01:50 ----AC---- C:\WINDOWS\hwsolii.ini
2008-11-30 11:22:59 ----D---- C:\WINDOWS\system32
2008-11-30 11:18:46 ----D---- C:\WINDOWS\Prefetch
2008-11-30 11:12:29 ----D---- C:\WINDOWS
2008-11-30 10:47:49 ----D---- C:\WINDOWS\network diagnostic
2008-11-30 10:16:41 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-30 10:15:41 ----HD---- C:\WINDOWS\inf
2008-11-30 10:11:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-30 10:11:09 ----D---- C:\WINDOWS\system32\en-US
2008-11-30 10:11:06 ----D---- C:\WINDOWS\Media
2008-11-30 10:11:06 ----D---- C:\WINDOWS\Help
2008-11-30 10:11:06 ----D---- C:\Program Files\Internet Explorer
2008-11-30 08:33:06 ----D---- C:\WINDOWS\system32\FxsTmp
2008-11-29 15:58:57 ----D---- C:\Moraff
2008-11-27 10:36:40 ----SHD---- C:\WINDOWS\Installer
2008-11-27 10:36:05 ----AC---- C:\WINDOWS\MRCLOCK.INI
2008-11-27 08:34:57 ----D---- C:\WINDOWS\Debug
2008-11-26 07:04:18 ----D---- C:\Program Files\Yahoo!
2008-11-25 19:31:32 ----D---- C:\Program Files
2008-11-25 13:18:00 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-25 13:17:22 ----D---- C:\Program Files\SpywareBlaster
2008-11-25 13:12:37 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-24 16:05:13 ----D---- C:\Documents and Settings\Wayne & PJ\Application Data\Mozilla
2008-11-23 13:24:30 ----AC---- C:\WINDOWS\RANGOON.INI
2008-11-19 07:57:38 ----D---- C:\WINDOWS\system32\Macromed
2008-11-19 07:17:38 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-18 12:45:07 ----D---- C:\Program Files\Windows Live Safety Center
2008-11-18 11:48:35 ----D---- C:\Program Files\Java
2008-11-18 11:46:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-18 11:46:34 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-18 11:28:16 ----D---- C:\Program Files\IObit
2008-11-18 11:28:16 ----D---- C:\Documents and Settings\Wayne & PJ\Application Data\IObit
2008-11-13 08:06:45 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 08:01:32 ----D---- C:\WINDOWS\WinSxS
2008-11-07 13:37:18 ----D---- C:\Program Files\Common Files
2008-11-05 09:23:55 ----D---- C:\Favorite Pictures
2008-11-03 16:10:26 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-11-02 06:07:00 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-11-27 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-11-27 26824]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2003-03-06 3840]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SbcpHid;SbcpHid; \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys []
R1 sf;SFI Service; C:\WINDOWS\system32\drivers\sf.sys [2003-05-08 33248]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-08-21 353680]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\drivers\PfModNT.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2003-08-28 186068]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2003-09-18 496800]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2003-08-28 6144]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2003-08-28 136448]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2003-08-28 145504]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2003-08-28 823456]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
R3 Intels51;Intel(R) 536EP Modem; C:\WINDOWS\System32\DRIVERS\Intels51.sys [2004-12-10 1903338]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [2004-07-26 6912]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2003-08-28 113840]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2008-06-10 31048]
R3 SMBios;Intel (R) System Management BIOS Service; C:\WINDOWS\System32\DRIVERS\SMBios.sys [2003-10-14 36484]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\System32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 a016bus;Sony Ericsson Device A016 driver (WDM); C:\WINDOWS\system32\DRIVERS\a016bus.sys [2008-01-18 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter; C:\WINDOWS\system32\DRIVERS\a016mdfl.sys [2008-01-18 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\a016mdm.sys [2008-01-18 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\a016mgmt.sys [2008-01-18 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\a016obex.sys [2008-01-18 100648]
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys []
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys []
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2003-08-28 135696]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
S3 IPFilter;Microsoft IntelliPoint Features driver; C:\WINDOWS\System32\DRIVERS\IPFilter.sys [2002-04-11 11136]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys []
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-06-16 7808]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-16 611664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-11-27 231704]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 Iomega App Services;Iomega App Services; C:\PROGRA~1\Iomega\System32\AppServices.exe [2002-09-04 73728]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-18 152984]
R2 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-08-21 2405776]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 6to4;IPv6 Helper Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Iomega Activity Disk2;Iomega Activity Disk2; []
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]

-----------------EOF-----------------




info.txt logfile of random's system information tool 1.04 2008-12-01 07:31:10

======Uninstall list======

-->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
123 Free Solitaire-->C:\PROGRA~1\123FRE~1\UNWISE.EXE C:\PROGRA~1\123FRE~1\INSTALL.LOG
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Advanced Disk Cleaner-->MsiExec.exe /X{6C2EDF63-C83B-4AAD-AC26-1784660F618B}
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AM-DeadLink 2.8-->"C:\Program Files\AM-DeadLink\unins000.exe"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HydraVision-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Avery DesignPro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}\setup.exe" -uninst
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Belarc Advisor 6.1-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
BellSouth FastAccess DSL Help Center-->"C:\Program Files\Support.com\BellSouth\Uninstall.exe" /c "Remove BellSouth® FastAccess® DSL Help Center?"
Calendarscope-->"C:\Program Files\Calendarscope\unins000.exe"
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Cooliris for Internet Explorer-->MsiExec.exe /I{DA0E9ED5-6B64-36C3-AE30-717496E0FBFB}
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Debugging Tools for Windows-->MsiExec.exe /I{F3ECED46-91CC-4F44-9917-9A20085D5D26}
Eraser 5.82-->"C:\Program Files\Eraser\unins000.exe"
filehippo.com Update Checker-->"C:\Program Files\filehippo.com\uninstall.exe"
Fisher-Price® Ready for School Family Resource Center-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Fisher-Price\Family Resource Center\DeIsL1.isu"
Flickr Uploadr 3.0.5-->"C:\Program Files\Flickr Uploadr\uninstall.exe"
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Hardwood Solitaire II-->C:\Hardwood Solitaire\\hwsolii.exe /uninstall
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Documents and Settings\Wayne & PJ\Local Settings\Temporary Internet Files\Content.IE5\24Q183OF\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hoyle Board Games 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB1CCBED-FA66-4D30-BFD7-EF20AD0A81FE}\setup.exe" -l0x9
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
MasterCook Deluxe 7.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5F457DDF-B768-434C-8802-9BB3B383B1E8}
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Baseline Security Analyzer 2.1-->MsiExec.exe /I{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Location Finder-->MsiExec.exe /I{8D6AE289-7A5E-41B4-A7F0-687C2DAB1B87}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Outlook 2003 with Business Contact Manager Update-->MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63}
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Sounds-->MsiExec.exe /I{10CE1EA2-12E9-11D3-825E-00C04F6843FE}
Microsoft Office XP Web Components-->MsiExec.exe /I{90260409-6000-11D3-8CFE-0150048383C9}
Microsoft Outlook Personal Folders Backup-->MsiExec.exe /X{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML 6.0 SDK-->MsiExec.exe /I{DF67E8C2-1D4C-44E1-93DC-7E26E2D74D00}
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Paint Shop Pro 7-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
PicLens for Internet Explorer-->MsiExec.exe /X{5B5B1BD4-1450-355C-92AF-2DA0C9DF1A7F}
Play Disney's Tigger's Honey Hunt-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\DISNEY~1\TIGGER~1\DeIsL1.isu
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Scholastic's I SPY Junior Puppet Playhouse-->C:\PROGRA~1\SCHOLA~1\ISPYJU~2\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPYJU~2\INSTALL.LOG
Scholastic's I SPY Junior-->C:\PROGRA~1\SCHOLA~1\ISPYJU~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPYJU~1\INSTALL.LOG
Screen Paver Screen Saver-->C:\WINDOWS\ScreenPaver.scr -u
Secunia PSI (RC3)-->"C:\Program Files\Secunia\PSI (RC3)\uninstall.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sony Ericsson PC Suite 4.006.00-->C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe -runfromtemp -l0x0009 -removeonly
Sound Blaster Live!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\SETUP.EXE" -l0x9
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
SSA Benefit Calculator-->MsiExec.exe /I{340D61BB-350A-40F4-8CFD-4F860E12066E}
System Explorer 1.5-->"C:\Program Files\System Explorer\unins000.exe"
Tweak UI-->"C:\WINDOWS\System32\mshta.exe" "res://C:\WINDOWS\System32\TweakUI.exe/uninstall.hta"
Uniblue ProcessQuickLink 2-->"C:\Program Files\Uniblue\ProcessQuickLink 2\unins000.exe"
Uniblue RegistryBooster 2009-->"C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009-->C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe
Uniblue System Tweaker-->"C:\Program Files\Uniblue\System Tweaker\unins000.exe"
User Profile Hive Cleanup Service-->MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
Virtual Earth 3D (Beta)-->MsiExec.exe /I{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Essentials Media Codec Pack 1.0-->C:\Program Files\Essentials Codec Pack\uninst.exe
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows WMF Metafile Vulnerability HotFix 1.4-->"C:\Program Files\WindowsMetafileFix\unins000.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPatrol 2008-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WordPerfect Office 2002-->C:\WINDOWS\Corel\uninst32.exe
WordPerfect Office 2002-->C:\WINDOWS\Corel\Uninst32.exe
Yahoo! Internet Mail-->C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
ZoneAlarm Spy Blocker-->rundll32 C:\PROGRA~1\ZoneAlarmSB\bar\2.bin\SpyBlock.dll,O
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 localhost
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 a9rhiwa.cn #[Google.Warning]
127.0.0.1 http://www.a9rhiwa.cn
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 http://www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net

======Security center information======

AV: AVG Anti-Virus Free
FW: ZoneAlarm Firewall (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\ATI Technologies\ATI.ACE\;;;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 3, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0303
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"tvdumpflags"=8
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------
WAR
Active Member
 
Posts: 12
Joined: November 25th, 2008, 5:01 pm

Re: Incorrect web page

Unread postby WAR » December 1st, 2008, 8:39 am

Duplicate....sorry!
WAR
Active Member
 
Posts: 12
Joined: November 25th, 2008, 5:01 pm

Re: Incorrect web page

Unread postby Katana » December 1st, 2008, 9:45 am

Information

Hi WAR,
There is no obvious sign of infection, but let's make sure before we look for other reasons.

WARNING
Please Copy/Paste or Print the information from additional notes ( at the end of this post ) BEFORE you do anything.


----------------------------------------------------------- -----------------------------------------------------------

Registry Cleaners

Re. Uniblue RegistryBooster 2009

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.

http://forums.whatthetech.com/Regcleaner_t42862.html


----------------------------------------------------------- -----------------------------------------------------------

Step 1


Fix With HJT

Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -
If you do not recognise these TCP/IP settings then I recommend you fix these also
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6CD8E2C-884E-4C4B-9960-239BF584D170}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222

O23 - Service: BBIPQPGTE - Unknown owner - (no file)

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis


----------------------------------------------------------- -----------------------------------------------------------
Step 2


Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------------------------------------------------------- -----------------------------------------------------------
Step 3

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • MalwareBytes Log
  • A fresh HJT Log
  • How are things running now ?

----------------------------------------------------------- -----------------------------------------------------------

Additional Notes

If you are unable to access the internet after these steps, please do the following

Restore With HiJack This
  • Open Hijack This
  • Click on the Misc Tools button
  • Click on the Backups button.
  • Put a check mark next to the following items
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F6CD8E2C-884E-4C4B-9960-239BF584D170}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
  • Click Restore
  • Click Yes/OK at any prompt
Exit Hijack This
Reboot
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Incorrect web page

Unread postby WAR » December 1st, 2008, 12:08 pm

I followed instructions and the problem still exists.
Log files are included below;

Malwarebytes' Anti-Malware 1.30Database version: 1441
Windows 5.1.2600 Service Pack 3

12/1/2008 11:01:12 AM
mbam-log-2008-12-01 (11-01-12).txt

Scan type: Full Scan (C:\|)
Objects scanned: 144293
Time elapsed: 1 hour(s), 25 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.






Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:02:57 AM, on 12/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Wayne & PJ\My Documents\Hijack This\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/s/s.dll?spage=hb/index.htm&ck=&ck=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Windows Defender] "C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Jet Detection] C:\PROGRAM FILES\Creative\SBLive\Program\ADGJDet.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Calendarscope] "C:\Program Files\Calendarscope\cs.exe"
O4 - HKCU\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: MRCLOCK.EXE.lnk = Wayne & PJ\My Documents\WILLPOND\RACK\MRCLOCK.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Password Generator - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra 'Tools' menuitem: Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O9 - Extra 'Tools' menuitem: Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6662.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6CD8E2C-884E-4C4B-9960-239BF584D170}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10296 bytes



PS: The items referred to in the HJT log #017 are Open DNS entries. See http://www.opendns.com/
WAR
Active Member
 
Posts: 12
Joined: November 25th, 2008, 5:01 pm

Re: Incorrect web page

Unread postby Katana » December 1st, 2008, 12:51 pm

Information

PS: The items referred to in the HJT log #017 are Open DNS entries.

I know, but if you didn't specifically set them there is no reason for them to be there :)

----------------------------------------------------------- -----------------------------------------------------------

Step 1

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper



----------------------------------------------------------- -----------------------------------------------------------
Step 2

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)

NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

----------------------------------------------------------- -----------------------------------------------------------
Step 3

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • Combofix Log
  • Kaspersky Log
  • How are things running now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Incorrect web page

Unread postby WAR » December 1st, 2008, 1:00 pm

I did change the DNS entries. Should I remove these items #017?
OR should I revert to the Default DNS entries?
OR Both?
WAR
Active Member
 
Posts: 12
Joined: November 25th, 2008, 5:01 pm

Re: Incorrect web page

Unread postby Katana » December 1st, 2008, 1:28 pm

You can leave the DNS settings as they are.

You don't need your CD, just double click Combofix and it will install the recovery console for you.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Incorrect web page

Unread postby WAR » December 1st, 2008, 4:43 pm

Boy were you right! I put the kettle on, fixed dinner, made two batch's of egg nog and still had time to play a few games!

Kapersky did find a few items, but I didn't know if I should delete them. Awaiting your instructions......

Log Files enclosed;
ComboFix Log
ComboFix 08-11-30.02 - Wayne & PJ 2008-12-01 12:48:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1976 [GMT -5:00]
Running from: c:\documents and settings\Wayne & PJ\Desktop\ComboFix.exe
.
Error: Cfiles.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\kdkro.exe
c:\windows\system32\winctrl16.exe
c:\windows\system32\winctrl32.exe
c:\windows\system32\winctrl64.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-01 to 2008-12-01 )))))))))))))))))))))))))))))))
.

2008-12-01 09:24 . 2008-12-01 09:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-01 09:24 . 2008-12-01 09:24 <DIR> d-------- c:\documents and settings\Wayne & PJ\Application Data\Malwarebytes
2008-12-01 09:24 . 2008-12-01 09:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-01 09:24 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-01 09:24 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-01 07:30 . 2008-12-01 07:31 <DIR> d-------- C:\rsit
2008-11-30 10:06 . 2008-11-30 10:10 1,393 --a------ c:\windows\imsins.BAK
2008-11-29 15:58 . 2008-11-29 15:58 6,144 --ahs---- c:\windows\Thumbs.db
2008-11-29 12:02 . 2008-12-01 12:36 3,375,239 --a------ c:\windows\{00000002-00000000-00000001-00001102-00000002-80671102}.BAK
2008-11-27 10:37 . 2008-12-01 09:26 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-27 10:37 . 2008-11-27 10:37 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-27 10:37 . 2008-11-27 10:37 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-27 10:26 . 2008-11-27 10:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2008-11-27 10:11 . 2008-11-27 10:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-24 19:41 . 2008-11-24 19:41 <DIR> d--hs---- c:\documents and settings\Wayne & PJ\PrivacIE
2008-11-24 19:35 . 2008-04-13 19:11 81,920 --a------ c:\windows\system32\ieencode.dll
2008-11-24 19:35 . 2008-04-13 19:11 81,920 --a------ c:\windows\system32\dllcache\ieencode.dll
2008-11-18 11:52 . 2008-11-18 11:52 <DIR> d-------- c:\program files\Microsoft Baseline Security Analyzer 2
2008-11-18 11:48 . 2008-11-18 11:48 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-18 11:46 . 2008-11-18 11:46 <DIR> d-------- c:\program files\Microsoft IntelliPoint
2008-11-18 11:46 . 2008-06-10 13:04 31,048 --a------ c:\windows\system32\drivers\point32.sys
2008-11-18 11:29 . 2008-11-18 11:29 <DIR> d-------- c:\documents and settings\Wayne & PJ\Application Data\Yahoo!
2008-11-13 08:01 . 2008-11-13 08:01 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-12 19:35 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 19:31 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-10 07:45 . 2008-11-10 07:45 <DIR> d-------- c:\program files\System Explorer
2008-11-10 07:45 . 2008-11-10 11:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\SystemExplorer
2008-11-07 13:37 . 2008-11-07 13:37 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-07 13:35 . 2008-11-07 13:35 <DIR> d-------- c:\program files\Apple Software Update
2008-11-07 13:31 . 2008-11-07 13:38 <DIR> d-------- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-26 12:04 9,530,586 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-11-26 12:04 --------- d-----w c:\program files\Yahoo!
2008-11-25 18:18 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-25 18:17 --------- d-----w c:\program files\SpywareBlaster
2008-11-25 18:12 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-18 17:45 --------- d-----w c:\program files\Windows Live Safety Center
2008-11-18 16:48 --------- d-----w c:\program files\Java
2008-11-18 16:28 --------- d-----w c:\program files\IObit
2008-11-18 16:28 --------- d-----w c:\documents and settings\Wayne & PJ\Application Data\IObit
2008-11-08 18:09 1,973,248 ----a-w c:\windows\Internet Logs\xDB3.tmp
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 14:42 --------- d-----w c:\program files\PicLensIE
2008-10-21 16:46 --------- d-----w c:\program files\Sony Ericsson
2008-10-21 16:46 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Ericsson
2008-10-21 16:44 --------- d-----w c:\documents and settings\Wayne & PJ\Application Data\InstallShield
2008-10-21 13:39 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 -c--a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 -c--a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-14 16:17 262,144 ----a-w c:\program files\Uninstall Spy Blocker.dll
2008-10-14 16:17 --------- d-----w c:\program files\Support.com
2008-10-14 16:16 --------- d-----w c:\program files\Microsoft Hardware
2008-10-14 16:16 --------- d-----w c:\program files\Google
2008-10-14 16:16 --------- d-----w c:\program files\Flickr Uploadr
2008-10-14 16:16 --------- d-----w c:\program files\Creative
2008-10-14 16:16 --------- d-----w c:\program files\Common Files\Real
2008-10-14 16:01 --------- d-----w c:\program files\Debugging Tools for Windows
2008-10-14 15:31 --------- d-----w c:\program files\Kodak1
2008-10-14 15:28 --------- d-----w c:\documents and settings\All Users\Application Data\Kodak
2008-10-14 13:32 --------- dc-h--w c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-13 19:07 --------- d-----w c:\documents and settings\Wayne & PJ\Application Data\System Tweaker
2008-10-12 14:05 --------- d-----w c:\program files\IDA
2008-10-12 12:48 --------- d-----w c:\documents and settings\Wayne & PJ\Application Data\Internet Download Accelerator
2008-10-12 12:00 1,757,696 ----a-w c:\windows\Internet Logs\xDB21.tmp
2008-10-11 16:13 --------- d-----w c:\program files\Uniblue
2008-10-11 15:51 --------- d-----w c:\documents and settings\Wayne & PJ\Application Data\Uniblue
2008-10-09 15:06 --------- d-----w c:\documents and settings\Wayne & PJ\Application Data\ZoomBrowser EX
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-05-14 14:52 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051420080515\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Calendarscope"="c:\program files\Calendarscope\cs.exe" [2005-12-05 1781818]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-07 114688]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-18 136600]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-21 981904]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"Jet Detection"="c:\program files\Creative\SBLive\Program\ADGJDet.exe" [2001-11-29 28672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-28 1261336]
"CTHelper"="CTHELPER.EXE" [2003-08-28 c:\windows\system32\CTHELPER.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-11-26 160592]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Wayne & PJ\Start Menu\Programs\Startup\
MRCLOCK.EXE.lnk - c:\documents and settings\Wayne & PJ\My Documents\WILLPOND\RACK\MRCLOCK.EXE [2004-07-31 352000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000
"MaxRecentDocs"= 99 (0x63)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--------- 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2008-06-10 12:56 1406024 c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliType]
-----c--- 2002-03-21 23:41 94208 c:\program files\Microsoft Hardware\Keyboard\type32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 19:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:@xpsp2res.dll,-22010
"3540:UDP"= 3540:UDP:@xpsp2res.dll,-22011
"1900:UDP"= 1900:UDP:@xpsp2res.dll,-22007
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-27 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-27 231704]
S3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\DRIVERS\a016bus.sys [2008-10-21 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\DRIVERS\a016mdfl.sys [2008-10-21 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\a016mdm.sys [2008-10-21 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\a016mgmt.sys [2008-10-21 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\a016obex.sys [2008-10-21 100648]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-06-16 7808]
S4 BBIPQPGTE;BBIPQPGTE; []
S4 R;R; []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15db886e-acc0-11db-9f5c-000cf1e49d53}]
\Shell\AutoRun\command - G:\LaunchU3.exe

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-11-18 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 12:56]

2008-12-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2008-12-01 c:\windows\Tasks\User_Feed_Synchronization-{ED22EE8F-0FD0-4A1F-A81A-1A1A7E9BFBF8}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Wayne & PJ\Application Data\Mozilla\Firefox\Profiles\kdiz2ouy.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxps://login.fidelity.com/ftgw/Fidelit ... efaultPage
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Virtual Earth 3D\npVE3D.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 12:49:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(944)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2008-12-01 12:50:23
ComboFix-quarantined-files.txt 2008-12-01 17:50:17

Pre-Run: 127,141,511,168 bytes free
Post-Run: 127,127,171,072 bytes free

215 --- E O F --- 2008-11-30 15:15:42


Kapersky Log:


KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 1, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 01, 2008 16:09:05
Records in database: 1429402


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\
F:\

Scan statistics
Files scanned 86285
Threat name 2
Infected objects 1
Suspicious objects 1
Duration of the scan 01:43:10

File name Threat name Threats count
C:\Documents and Settings\Wayne & PJ\Application Data\Thunderbird\Profiles\u9efnwnz.default\Mail\Local Folders\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\Documents and Settings\Wayne & PJ\My Documents\Download\SpySweeper sspsetup1612_1883162953.exe Infected: Backdoor.Win32.Delf.jgi 1

The selected area was scanned.


RESULTS: THE PROBLEM HAS DISAPPEARED! HOORAY!
I bow at Katana's altar!
What do I do with the Kapersky threats?
WAR
Active Member
 
Posts: 12
Joined: November 25th, 2008, 5:01 pm

Re: Incorrect web page

Unread postby Katana » December 1st, 2008, 5:16 pm

For the ~Thunderbird\~\Inbox item that Kaspersky found, I recommend that you delete all mail that you don't recognise from your Thunderbird inbox and then empty the deleted folder.

For the other, we'll get rid of it this way :)

OTMoveIt
Please download OTMoveIt3 by OldTimer and save it to your desktop
  • Double-click OTMoveIt3.exe to run it.
  • Copy the lines in the codebox below. ( Make sure you include :Services )
Code: Select all
:Services
BBIPQPGTE
R
:Files
C:\Documents and Settings\Wayne & PJ\My Documents\Download\SpySweeper sspsetup1612_1883162953.exe
:Commands
[EmptyTemp]

  • Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Are there any other problems left ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Incorrect web page

Unread postby WAR » December 1st, 2008, 5:41 pm

I wasn't aware Thunderbird was on the computer. It wasn't in add/remove programs or in Start/All programs.
Should I just delete the entire file?

Move It log enclosed!

========== SERVICES/DRIVERS ==========
Service BBIPQPGTE stopped successfully.
Service BBIPQPGTE deleted successfully.
Service R stopped successfully.
Service R deleted successfully.
========== FILES ==========
C:\Documents and Settings\Wayne & PJ\My Documents\Download\SpySweeper sspsetup1612_1883162953.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\WAYNE&~1\LOCALS~1\Temp\fla2A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\WAYNE&~1\LOCALS~1\Temp\fla2D.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\WAYNE&~1\LOCALS~1\Temp\~DF545.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\WAYNE&~1\LOCALS~1\Temp\~DF83E8.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\WAYNE&~1\LOCALS~1\Temp\~DFC616.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\WAYNE&~1\LOCALS~1\Temp\~DFC62F.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_518.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT07154.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12012008_163426
WAR
Active Member
 
Posts: 12
Joined: November 25th, 2008, 5:01 pm

Re: Incorrect web page

Unread postby PA Bear » December 1st, 2008, 5:45 pm

<kibbitz>

======Security center information======

AV: AVG Anti-Virus Free
FW: ZoneAlarm Firewall (disabled)

Does (Windows) Security Center continue to show ZA as disabled 5 to 10 minutes after you're (re)booted? :?

Can you now access the fidelity.com log-in page?

</kibbitz>
PA Bear
Visiting Staff
 
Posts: 3
Joined: June 11th, 2007, 12:13 pm

Re: Incorrect web page

Unread postby WAR » December 1st, 2008, 5:57 pm

Does (Windows) Security Center continue to show ZA as disabled 5 to 10 minutes after you're (re)booted? Yes, but the zone alarm program shows it IS running and protecting the computer.

Can you now access the fidelity.com log-in page? YES! Thank You.
WAR
Active Member
 
Posts: 12
Joined: November 25th, 2008, 5:01 pm

Re: Incorrect web page

Unread postby Katana » December 1st, 2008, 6:07 pm

It looks like Thunderbird has been uninstalled, so you can delete the entire folder

C:\Documents and Settings\Wayne & PJ\Application Data\Thunderbird << This folder


Unless you or PA Bear has any more comments/questions, I think we are about done :)
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: pgmigg and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware