Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

New Hijack this logfiel

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: New Hijack this logfiel

Unread postby billmonahan » January 20th, 2008, 11:33 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:41 AM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Print Server\PTP\PSDiagnostic.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Western Digital Technologies\NetCenter EasyLink\WDEzLink.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\dllhost.exe
C:\Documents and Settings\Admin\Desktop\hijackthis.exe
C:\WINDOWS\system32\mmc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [WD NetCenter EasyLink] C:\Program Files\Western Digital Technologies\NetCenter EasyLink\WDEzLink.exe -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-720389747-1026544460-793208238-1011\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Daddy')
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 2768004665
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2597940078
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} (Sview Control) - http://www.swiftview.com/product/public ... _green.exe
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gateway.com/eSupport/sta ... launch.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/check/netset/ ... downls.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj01.custhelp.com/7530-b327h ... a/RntX.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe (file missing)

--
End of file - 7754 bytes

COMMENT FROM SOMEONE THAT DOESN'T KNOW MUCH ABOUT THIS:
The last service: WLTRYSVC, I notice when I go into the 'Services.msc', this item doesnt have a description which seems suspicious to me. The service is on Automatic but is currently stopped.
billmonahan
Regular Member
 
Posts: 18
Joined: January 11th, 2008, 11:38 pm
Advertisement
Register to Remove

Re: New Hijack this logfiel

Unread postby askey127 » January 20th, 2008, 11:46 am

That service and others have a display name and key name which are the same. Not unusual or suspicious.
The service is related to the wireless network card and is not dangerous.

What you posted was a HiJackThis log.
What I would like to see is the two logs from Deckard's System Scanner.
Thanks
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: New Hijack this logfiel

Unread postby billmonahan » January 22nd, 2008, 10:49 am

Deckard's System Scanner v20071014.68
Run by Admin on 2008-01-22 09:40:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
7: 2008-01-22 14:41:19 UTC - RP1086 - Deckard's System Scanner Restore Point
6: 2008-01-22 14:36:02 UTC - RP1085 - Installed Application
5: 2008-01-22 14:35:38 UTC - RP1084 - Installed Application
4: 2008-01-22 14:35:00 UTC - RP1083 - Printer Driver Samsung ML-2510 Series Installed
3: 2008-01-21 14:25:09 UTC - RP1082 - System Checkpoint


-- First Restore Point --
1: 2008-01-20 13:29:17 UTC - RP1080 - 1/20/2008


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:41 AM, on 1/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Print Server\PTP\PSDiagnostic.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Western Digital Technologies\NetCenter EasyLink\WDEzLink.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\45QVWXQZ\dss[1].exe
C:\DOCUME~1\Admin\Desktop\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [WD NetCenter EasyLink] C:\Program Files\Western Digital Technologies\NetCenter EasyLink\WDEzLink.exe -s
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-720389747-1026544460-793208238-1011\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Daddy')
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 2768004665
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2597940078
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} (Sview Control) - http://www.swiftview.com/product/public ... _green.exe
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gateway.com/eSupport/sta ... launch.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/check/netset/ ... downls.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj01.custhelp.com/7530-b327h ... a/RntX.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe (file missing)

--
End of file - 7761 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Admin\Desktop\backups\) ---------------

backup-20080119-172846-135 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
backup-20080119-172846-157 O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
backup-20080119-172846-331 O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
backup-20080119-172846-402 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20080119-172846-478 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20080119-172846-551 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://url.adtrgt.com/cpv.jsp?p=112194& ... eyword=irs com&selectedListingId=6349671
backup-20080119-172846-601 O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
backup-20080119-172846-772 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20080119-172846-882 O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
backup-20080119-172846-889 O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
backup-20080119-172847-440 O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 srr - c:\windows\system32\drivers\srr.sys
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 EMCFILT (Alcor Micro Corp for Emachine- 9361) - c:\windows\system32\drivers\emcfilt.sys <Not Verified; Alcor Micro Corp.; emcfilt>

S2 DgiVecp (Team MFP Comm Driver) - c:\windows\system32\drivers\dgivecp.sys <Not Verified; Samsung Electronics Co., Ltd.; Samsung Electronics Co., Ltd. VECP for Windows 2000, XP>
S3 cdiskdun - c:\docume~1\owner\locals~1\temp\cdiskdun.sys (file missing)
S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
S3 P2k (Motorola iDEN P2k Device) - c:\windows\system32\drivers\p2k.sys <Not Verified; Motorola Inc; P2k Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 WLTRYSVC - c:\windows\system32\wltrysvc.exe c:\windows\system32\bcmwltry.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Wireless-G PCI Adapter
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_041814E4&REV_03\3&61AAA01&1&60
Manufacturer: Linksys, A Division of Cisco Systems, Inc.
Name: Wireless-G PCI Adapter
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_041814E4&REV_03\3&61AAA01&1&60
Service: BCM43XX


-- Scheduled Tasks -------------------------------------------------------------

2008-01-22 07:47:01 316 --a------ C:\WINDOWS\Tasks\HP Usg Daily.job
2008-01-17 21:09:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-12-22 and 2008-01-22 -----------------------------

2008-01-22 09:36:15 0 d-------- C:\WINDOWS\Samsung
2008-01-22 09:34:32 0 d-------- C:\WINDOWS\LastGood
2008-01-22 09:32:42 0 d-------- C:\WINDOWS\ML-2510_GDI
2008-01-21 21:25:23 0 d-------- C:\Program Files\Common Files\ODBC
2008-01-20 08:43:40 0 d-------- C:\Program Files\Bluetack
2008-01-20 08:34:19 0 d-------- C:\Program Files\SpywareBlaster
2008-01-19 10:20:46 0 d-------- C:\Program Files\CCleaner
2008-01-18 00:08:02 0 d-------- C:\Documents and Settings\Daddy\Application Data\eFax Messenger
2008-01-16 09:10:41 21792 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-16 09:10:41 4182560 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-16 09:05:42 0 d-------- C:\KAV
2008-01-15 15:50:00 0 d-------- C:\Documents and Settings\Admin\.SunDownloadManager
2008-01-15 15:47:48 0 d-------- C:\Program Files\Common Files\Java
2008-01-15 15:41:27 0 d-------- C:\Program Files\SDM20
2008-01-15 09:25:39 0 d-------- C:\Program Files\Microsoft SMaRT
2008-01-14 17:02:14 0 d-------- C:\Documents and Settings\Admin\Application Data\Adobe
2008-01-14 16:10:49 0 d-------- C:\FFRMA
2008-01-13 23:18:07 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-01-13 20:37:06 0 d-------- C:\Program Files\Trend Micro
2008-01-13 20:26:32 0 d-------- C:\Documents and Settings\Admin\Application Data\Macromedia
2008-01-13 20:25:38 0 d-------- C:\Documents and Settings\Admin\Application Data\Mozilla
2008-01-13 20:23:44 0 d-------- C:\Documents and Settings\Admin\Application Data\Identities
2008-01-13 20:23:44 0 d-------- C:\Documents and Settings\Admin\Application Data\CyberLink
2008-01-13 20:23:43 0 d-------- C:\Documents and Settings\Admin\WINDOWS
2008-01-13 20:23:43 0 d-------- C:\Documents and Settings\Admin\Templates
2008-01-13 20:23:43 0 dr------- C:\Documents and Settings\Admin\Start Menu
2008-01-13 20:23:43 0 dr------- C:\Documents and Settings\Admin\SendTo
2008-01-13 20:23:43 0 dr------- C:\Documents and Settings\Admin\Recent
2008-01-13 20:23:43 0 d-------- C:\Documents and Settings\Admin\PrintHood
2008-01-13 20:23:43 0 d-------- C:\Documents and Settings\Admin\NetHood
2008-01-13 20:23:43 0 dr------- C:\Documents and Settings\Admin\My Documents
2008-01-13 20:23:43 0 d--h----- C:\Documents and Settings\Admin\Local Settings
2008-01-13 20:23:43 0 dr------- C:\Documents and Settings\Admin\Favorites
2008-01-13 20:23:43 0 d-------- C:\Documents and Settings\Admin\Desktop
2008-01-13 20:23:43 0 d--hs---- C:\Documents and Settings\Admin\Cookies
2008-01-13 20:23:43 0 dr------- C:\Documents and Settings\Admin\Application Data
2008-01-13 20:23:43 0 d-------- C:\Documents and Settings\Admin\Application Data\You've Got Pictures Screensaver
2008-01-13 20:23:43 0 d-------- C:\Documents and Settings\Admin\Application Data\Sun
2008-01-13 20:23:42 2883584 --ah----- C:\Documents and Settings\Admin\NTUSER.DAT
2008-01-13 15:57:07 0 d-------- C:\Documents and Settings\Daddy\Application Data\Macromedia
2008-01-13 15:33:29 0 d-------- C:\Documents and Settings\Daddy\Application Data\Yahoo!
2008-01-13 15:33:26 0 d-------- C:\Documents and Settings\Daddy\Application Data\Google
2008-01-13 15:32:15 0 d-------- C:\Documents and Settings\Daddy\Application Data\Mozilla
2008-01-13 15:22:32 0 d-------- C:\Documents and Settings\Daddy\Application Data\Adobe
2008-01-13 14:02:51 0 d-------- C:\Documents and Settings\Lauren\Application Data\Yahoo!
2008-01-13 14:02:36 0 d-------- C:\Documents and Settings\Lauren\Application Data\Google
2008-01-13 14:00:35 0 d-------- C:\Documents and Settings\Lauren\Application Data\Macromedia
2008-01-13 13:59:33 0 d-------- C:\Documents and Settings\Lauren\Application Data\Mozilla
2008-01-13 13:08:06 0 d-------- C:\Documents and Settings\Lauren\Application Data\Identities
2008-01-13 13:08:06 0 d-------- C:\Documents and Settings\Lauren\Application Data\CyberLink
2008-01-13 13:08:05 0 d-------- C:\Documents and Settings\Lauren\WINDOWS
2008-01-13 13:08:05 0 d-------- C:\Documents and Settings\Lauren\Templates
2008-01-13 13:08:05 0 dr------- C:\Documents and Settings\Lauren\Start Menu
2008-01-13 13:08:05 0 dr------- C:\Documents and Settings\Lauren\SendTo
2008-01-13 13:08:05 0 dr------- C:\Documents and Settings\Lauren\Recent
2008-01-13 13:08:05 0 d-------- C:\Documents and Settings\Lauren\PrintHood
2008-01-13 13:08:05 1835008 --ah----- C:\Documents and Settings\Lauren\NTUSER.DAT
2008-01-13 13:08:05 0 d-------- C:\Documents and Settings\Lauren\NetHood
2008-01-13 13:08:05 0 dr------- C:\Documents and Settings\Lauren\My Documents
2008-01-13 13:08:05 0 d--h----- C:\Documents and Settings\Lauren\Local Settings
2008-01-13 13:08:05 0 dr------- C:\Documents and Settings\Lauren\Favorites
2008-01-13 13:08:05 0 d-------- C:\Documents and Settings\Lauren\Desktop
2008-01-13 13:08:05 0 d--hs---- C:\Documents and Settings\Lauren\Cookies
2008-01-13 13:08:05 0 dr------- C:\Documents and Settings\Lauren\Application Data
2008-01-13 13:08:05 0 d-------- C:\Documents and Settings\Lauren\Application Data\You've Got Pictures Screensaver
2008-01-13 13:08:05 0 d-------- C:\Documents and Settings\Lauren\Application Data\Sun
2008-01-13 13:08:05 0 d---s---- C:\Documents and Settings\Lauren\Application Data\Microsoft
2008-01-13 13:03:09 0 d-------- C:\Documents and Settings\Daddy\Application Data\Identities
2008-01-13 13:03:09 0 d-------- C:\Documents and Settings\Daddy\Application Data\CyberLink
2008-01-13 13:03:08 0 d-------- C:\Documents and Settings\Daddy\WINDOWS
2008-01-13 13:03:08 0 d-------- C:\Documents and Settings\Daddy\Templates
2008-01-13 13:03:08 0 dr------- C:\Documents and Settings\Daddy\Start Menu
2008-01-13 13:03:08 0 dr------- C:\Documents and Settings\Daddy\SendTo
2008-01-13 13:03:08 0 dr------- C:\Documents and Settings\Daddy\Recent
2008-01-13 13:03:08 0 d-------- C:\Documents and Settings\Daddy\PrintHood
2008-01-13 13:03:08 0 d-------- C:\Documents and Settings\Daddy\NetHood
2008-01-13 13:03:08 0 dr------- C:\Documents and Settings\Daddy\My Documents
2008-01-13 13:03:08 0 d--h----- C:\Documents and Settings\Daddy\Local Settings
2008-01-13 13:03:08 0 dr------- C:\Documents and Settings\Daddy\Favorites
2008-01-13 13:03:08 0 d-------- C:\Documents and Settings\Daddy\Desktop
2008-01-13 13:03:08 0 d--hs---- C:\Documents and Settings\Daddy\Cookies
2008-01-13 13:03:08 0 dr------- C:\Documents and Settings\Daddy\Application Data
2008-01-13 13:03:08 0 d-------- C:\Documents and Settings\Daddy\Application Data\You've Got Pictures Screensaver
2008-01-13 13:03:08 0 d-------- C:\Documents and Settings\Daddy\Application Data\Sun
2008-01-13 13:03:08 0 d---s---- C:\Documents and Settings\Daddy\Application Data\Microsoft
2008-01-13 13:03:07 2359296 --ah----- C:\Documents and Settings\Daddy\NTUSER.DAT
2008-01-13 08:47:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-01-11 18:47:15 0 --a------ C:\WINDOWS\system32\eFax_4_3_Port
2008-01-11 18:47:15 0 d-------- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output
2008-01-11 18:46:50 0 d-------- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Setup
2008-01-11 18:46:45 0 d-------- C:\Program Files\eFax Messenger 4.3
2008-01-09 23:08:05 0 d-------- C:\Documents and Settings\Julie\Application Data\Canon
2008-01-08 14:51:50 0 d-------- C:\Program Files\Windows Defender
2008-01-08 14:07:06 0 d-------- C:\Documents and Settings\Julie\Application Data\eFax Messenger
2008-01-08 10:43:35 0 d-------- C:\Documents and Settings\Guest\Application Data\Yahoo!
2008-01-08 10:12:30 86016 --a------ C:\WINDOWS\system32\drivers\srr.sys
2008-01-08 10:12:28 0 d-------- C:\WINDOWS\system32\usmvt3
2008-01-08 10:12:28 0 d-------- C:\WINDOWS\system32\oobe3
2008-01-08 10:12:28 0 d-------- C:\WINDOWS\system32\cache3
2008-01-08 10:12:27 0 d-------- C:\WINDOWS\system32\drivez4
2008-01-08 10:12:27 0 d-------- C:\WINDOWS\system32\comp2
2008-01-08 10:12:23 0 d-------- C:\WINDOWS\system32\ardCo01
2008-01-06 13:19:47 0 d-------- C:\Documents and Settings\Julie\Application Data\Yahoo!


-- Find3M Report ---------------------------------------------------------------

2008-01-21 21:25:23 0 d-------- C:\Program Files\Common Files
2008-01-19 17:33:13 0 d-------- C:\Program Files\SwiftView
2008-01-19 17:33:12 0 d-------- C:\Program Files\Red Thunder
2008-01-19 17:33:08 0 d-------- C:\Program Files\QuickTime
2008-01-19 17:33:07 0 d-------- C:\Program Files\palmOne
2008-01-19 17:33:06 0 d-------- C:\Program Files\OfficeUpdate11
2008-01-19 17:32:51 0 d-------- C:\Program Files\Microsoft AntiSpyware
2008-01-19 17:32:45 0 d-------- C:\Program Files\HP
2008-01-19 17:32:43 0 d-------- C:\Program Files\GameSpy Arcade
2008-01-19 17:32:41 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-19 17:32:37 0 d-------- C:\Program Files\Common Files\AOL
2008-01-19 17:32:36 0 d-------- C:\Program Files\Battles In Normandy Demo
2008-01-19 17:32:36 0 d-------- C:\Program Files\Apple Software Update
2008-01-15 15:49:18 0 d-------- C:\Program Files\Java
2007-12-13 08:45:29 0 d-------- C:\Program Files\Microsoft Picture It! 9
2007-12-13 08:45:28 0 d-------- C:\Program Files\Messenger
2007-10-29 08:18:46 0 --a----c- C:\WINDOWS\system32\eFax_4_2_Port


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [03/27/2004 11:20 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/27/2004 11:20 AM]
"ATIModeChange"="Ati2mdxx.exe" [08/30/2002 05:17 AM C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/16/2003 01:10 PM]
"SunKist"="C:\Program Files\Digital Media Reader\shwicon2k.exe" [05/26/2004 07:57 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [06/07/2003 07:32 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [06/22/2004 07:05 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [06/03/2004 03:50 AM]
"PrintServer Diagnostic"="C:\Program Files\Print Server\PTP\PSDiagnostic.exe" [11/24/2004 04:09 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"eFax 4.3"="C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" [03/06/2007 12:21 PM]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [12/11/2007 09:42 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2007 03:42 AM]
"WD NetCenter EasyLink"="C:\Program Files\Western Digital Technologies\NetCenter EasyLink\WDEzLink.exe" [10/12/2005 01:51 PM]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe" [02/14/2006 06:32 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
eFax 4.3.lnk - C:\Program Files\eFax Messenger 4.3\J2GTray.exe [1/11/2008 6:46:48 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- Hosts -----------------------------------------------------------------------

127.0.0.1 localhost
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 http://www.aaa-livedoor.net
127.0.0.1 http://www.abx4.com
127.0.0.1 acezip.net
127.0.0.1 http://www.acezip.net
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net

16575 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-01-22 09:44:52 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile AMD Athlon(tm) XP 3000+
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 703.48 MiB / 310.93 MiB
Pagefile Memory (total/avail): 1336.04 MiB / 841.65 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.68 MiB

C: is Fixed (NTFS) - 74.53 GiB total, 46.14 GiB free.
D: is CDROM (CDFS)
E: is Removable (No Media)
F: is Removable (FAT)
Z: is Network (NTFS)

\\.\PHYSICALDRIVE0 - IC25N080ATMR04-0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:

\\.\PHYSICALDRIVE1 - Generic CF Reader USB Device

\\.\PHYSICALDRIVE2 - Generic SM/SD/MS Reader USB Device - 478.5 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 480.26 MiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntivirusOverride is set.

FW: Windows Live OneCare Firewall v1.0.0 (Microsoft Corporation)
AV: Windows Live OneCare v1.0.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft SMaRT\\SMaRTWatcherConsole.exe"="C:\\Program Files\\Microsoft SMaRT\\SMaRTWatcherConsole.exe"
"C:\\Program Files\\Microsoft SMaRT\\SMaRTUI.exe"="C:\\Program Files\\Microsoft SMaRT\\SMaRTUI.exe"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\\Program Files\\THQ\\Dawn of War\\W40k.exe"="C:\\Program Files\\THQ\\Dawn of War\\W40k.exe:*:Enabled:W40K"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\Nival Interactive\\Blitzkrieg\\Run\\game.exe"="C:\\Program Files\\Nival Interactive\\Blitzkrieg\\Run\\game.exe:*:Enabled:Game"
"C:\\DBA Online\\dba_server\\server.exe"="C:\\DBA Online\\dba_server\\server.exe:*:Disabled:server"
"C:\\FFRMA\\Office\\MSACCESS.EXE"="C:\\FFRMA\\Office\\MSACCESS.EXE:*:Enabled:Microsoft Access"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Admin\Application Data
CLASSPATH=.;C:\Borland\JBuilder2005\jdk1.4\jre\lib\ext\QTJava.zip
COLLECTIONID=COL8143
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WMONAHAN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HMSERVER=https://wwss1pro.cce.hp.com/wuss/servlet/WUSSServlet
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Admin
ITEMID=dj-22741-10
LANG=1033
LOGONSERVER=\\WMONAHAN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
OSVER=winXPH
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Borland\JBuilder2005\jdk1.4\jre\lib\ext\QTJava.zip
SESSIONID=1102555946115htx693110c2e8:100bd51539b:2fc7
SESSIONNAME=Console
SWUTVER=1.0.22.20030804
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Admin\LOCALS~1\Temp
TIMEOUT=0
TMP=C:\DOCUME~1\Admin\LOCALS~1\Temp
TOOLPATH=/c:\Program%20Files\HP\HP%20Software%20Update\install.htm
UPDATEDIR=C:\DOCUME~1\Owner\LOCALS~1\Temp\rad13D75.tmp
USERDOMAIN=WMONAHAN
USERNAME=Admin
USERPROFILE=C:\Documents and Settings\Admin
VERSION=3.0.2.993
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------


Owner
Julie
Daddy
Lauren
Admin (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Motorola Inc.\Motorola USB Modem Installation\Uninst.isu"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
B.I.S.S. Hosts Manager --> MsiExec.exe /I{A931C76A-8189-4485-A686-53A91658CD30}
BCM Wireless Network Adapter --> C:\WINDOWS\system32\BCMWLU00.exe verbose
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Canon CanoScan Toolbox 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\Setup.exe" -l0x9 anything
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Close Combat IV --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Close Combat IV\Uninst.isu"
DBA Online --> C:\DBA Online\uninstall.exe
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A607AC66-0C76-4519-9751-E12A93BF8EB2}
Dynamic Draw Professional 4 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Fukushiro Soft\Dynamic Draw4\Uninst.isu"
eFax Messenger 4.3 --> C:\Program Files\eFax Messenger 4.3\Uninstall.exe
Firefight 4.0 --> "C:\Program Files\Firefight\unins000.exe"
Fog of War --> MsiExec.exe /I{73403ADB-A1FA-4F7C-A8FA-A696A0C65C03}
GameMapr --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\GameMapr\GameMapr\Uninst.isu"
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GTOneCare --> MsiExec.exe /X{EE7C954E-2356-491D-9188-D1852ADF41FE}
GWCares --> MsiExec.exe /I{82EF8297-C8B2-4CA8-9430-FF2BC8C40414}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Documents and Settings\Julie\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HPS North German Plain '85 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DA2E1669-D933-46B0-8954-CC202C7BEEB4}\setup.exe" -l0x9
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Invasion Normandy Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FE3B1680-9947-11D4-9E9D-0050DA1EA555}\setup.exe"
iPod for Windows 2005-09-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
iPod for Windows 2005-11-17 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8338BA06-E527-491B-9400-F51708FEE695} /l1033
IPP Port Monitor --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IPP Port Monitor\Uninst.isu"
iTunes --> MsiExec.exe /I{3592F5CB-B524-43AA-92F2-2377268199CC}
Java(TM) 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Linksys Bi-Admin --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Linksys\PrintServer\Uninst.isu"
Linksys EasyLink Advisor 1.6 (0033) --> rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
Linksys PrintServer Driver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Linksys\PrintDriver\Uninst.isu"
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft ActiveX Control Pad --> C:\Program Files\ActiveX Control Pad\Setup\Remove.exe
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft MSDN 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft MSDN 2005 Express Edition - ENU\install.exe
Microsoft Office Access 2003 --> MsiExec.exe /I{90150409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Access 2003 Inside Out --> MsiExec.exe /X{80756F64-3FFA-4DBB-B518-C4C7015D8BAD}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Photo Premium 9 --> c:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft Protection Service --> MsiExec.exe /I{62514E51-0E57-41B8-968C-43BB55694CC6}
Microsoft SMaRT --> "C:\Program Files\Microsoft SMaRT\SMaRTExtractHelper.exe" -uninstall
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Streets and Trips 2005 with USB GPS --> MsiExec.exe /I{67E4EE98-59F4-4210-89A6-A20AF5BEC689}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Web Developer 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Web Developer 2005 Express Edition - ENU\setup.exe
Microsoft Visual Web Developer 2005 Express Edition - ENU --> MsiExec.exe /X{221125DC-6A40-4900-B844-591F5E1195B0}
Microsoft Visual Web Developer 2005 Express Edition - ENU Service Pack 1 (KB926751) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {D07A13F7-D30C-47DD-AD95-7D0105811327} /package {221125DC-6A40-4900-B844-591F5E1195B0}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Windows Live OneCare Resources v2.0.2500.14 --> MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus --> MsiExec.exe /I{CB8410EA-A3D5-47F2-8653-D4EEA4BF8D4C}
Microsoft Windows OneCare Live v2.0.2500.14 --> MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
Microsoft Windows OneCare Live v2.0.2500.14 Idcrl Install --> MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Move Networks Player for Firefox --> "C:\Program Files\Mozilla Firefox\plugins\unins000.exe"
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NetCenter EasyLink --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA7B0159-CEA4-4BD2-BA71-CDEE6A08A183}\setup.exe" -l0x9 -removeonly
Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Open Office Source Clode Link --> C:\PROGRA~1\PERFEC~1\OOSOUR~1\UNWISE.EXE C:\PROGRA~1\PERFEC~1\OOSOUR~1\UNINST~1.LOG
overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Palm Desktop --> MsiExec.exe /X{E89D78B8-28F7-412F-8B26-C684739CBBDC}
Photosmart 140,240,7200,7600,7700,7900 Series --> c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
Poseidon For UML CE 3.0 --> "C:\Program Files\Poseidon For UML CE 3.0\UninstallerData\Uninstall Poseidon For UML CE 3.0.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Print Server Driver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Print Server\PTP\Uninst.isu"
PX Engine --> MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
Quick64 v1.0 BETA (Full) --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Quick64\ST6UNST.LOG"
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Reverse Mortgage Analyzer 00 --> MsiExec.exe /I{B5AA141B-F6CE-49C1-AD77-60388588EC0F}
Reverse Mortgage Analyzer 2000 --> C:\WINDOWS\uninst.exe -fC:\FFRMA\DeIsL1.isu -cC:\FFRMA\_ISREG32.DLL
Samsung ML-2510 Series --> C:\Program Files\Samsung\Samsung ML-2510 Series\Install\Setup.exe /R
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SoftK56 Data Fax CARP --> C:\PROGRAM FILES\CONEXANT\CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_2033161F\HXFSETUP.EXE -U -IVEN_10B9&DEV_5457&SUBSYS_2033161F
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Steel Panthers World At War v8.20 --> C:\WINDOWS\iun6002.exe "C:\Matrix Games\Steel Panthers World At War\irunin.ini"
Sun(TM) Download Manager 2.0 --> C:\Program Files\SDM20\Uninstal.exe
SwiftView Viewer --> C:\Program Files\SwiftView\svinst.exe -Uninstall
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
War Plan Orange --> "C:\WINDOWS\War Plan Orange\uninstall.exe" "/U:C:\Matrix Games\War Plan Orange\Uninstall\uninstall.xml"
WebEx --> C:\PROGRA~1\WebEx\atcliun.exe
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live OneCare --> "C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Vista Upgrade Advisor --> MsiExec.exe /I{8F3CF9E1-D738-4C2B-8193-F45AC8B0EC7C}
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL


-- Application Event Log -------------------------------------------------------

Event Record #/Type36391 / Error
Event Submitted/Written: 01/22/2008 09:43:11 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16574, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type36387 / Warning
Event Submitted/Written: 01/21/2008 11:51:21 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type36386 / Error
Event Submitted/Written: 01/21/2008 09:26:31 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application EXCEL.EXE, version 11.0.8169.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type36384 / Warning
Event Submitted/Written: 01/21/2008 09:25:11 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{91120409-6000-11D3-8CFE-0150048383C9}', feature 'EXCELFiles' failed during request for component '{A2B280D4-20FB-4720-99F7-40C09FBCE10A}'

Event Record #/Type36383 / Warning
Event Submitted/Written: 01/21/2008 09:25:11 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{91120409-6000-11D3-8CFE-0150048383C9}', feature 'EXCELFiles', component '{43A46B81-37A6-11D2-AA89-00A0C90F57B0}' failed. The resource 'C:\Program Files\Microsoft Office\OFFICE11\XLSTART\' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type412955 / Warning
Event Submitted/Written: 01/22/2008 09:36:39 AM
Event ID/Source: 20 / Print
Event Description:
Printer Driver Samsung ML-2510 Series for Windows NT x86 Version-3 was added or updated. Files:- sugo3.DLL, sugo3UI.DLL, sugo3.DLL, sugo3U.DLL, sugo3U2.DLL, sugo3CM.DLL, sugo3UM.DLL, sugo3M.DLL, sugo3lf.DLL, sugo3CM.CTD, sugo3UM.XML, sugo3ab.chm, sugo3bp.chm, sugo3cp.chm, sugo3ct.chm, sugo3cz.chm, sugo3dn.chm, sugo3dt.chm, sugo3el.chm, sugo3EN.chm, sugo3fi.chm, sugo3fn.chm, sugo3gr.chm, sugo3hb.chm, sugo3hu.chm, sugo3it.chm, sugo3kr.chm, sugo3nr.chm, sugo3po.chm, sugo3pt.chm, sugo3ru.chm, sugo3sp.chm, sugo3sw.chm, sugo3tk.chm, sugo3ab.dat, sugo3bp.dat, sugo3cp.dat, sugo3ct.dat, sugo3cz.dat, sugo3dn.dat, sugo3dt.dat, sugo3el.dat, sugo3EN.DAT, sugo3fi.dat, sugo3fn.dat, sugo3gr.dat, sugo3hb.dat, sugo3hu.dat, sugo3it.dat, sugo3kr.dat, sugo3nr.dat, sugo3po.dat, sugo3pt.dat, sugo3ru.dat, sugo3sp.dat, sugo3sw.dat, sugo3tk.dat, sugo3M0.BMP, sugo3M1.BMP, sugo3M2.BMP, sugo3M3.BMP, sugo3u1.bmp, sugo3Ua.BMP, sugo3Ub.BMP, sugo3UC.BMP, sugo3UG.BMP, sugo3Ul.BMP, sugo3U.BMP, sugo3U.INI, sugo3.VER.

Event Record #/Type412954 / Warning
Event Submitted/Written: 01/22/2008 09:36:35 AM
Event ID/Source: 20 / Print
Event Description:
Printer Driver Samsung ML-2510 Series for Windows NT x86 Version-3 was added or updated. Files:- sugo3.DLL, sugo3UI.DLL, sugo3.DLL, sugo3U.DLL, sugo3U2.DLL, sugo3CM.DLL, sugo3UM.DLL, sugo3M.DLL, sugo3lf.DLL, sugo3CM.CTD, sugo3UM.XML, sugo3ab.chm, sugo3bp.chm, sugo3cp.chm, sugo3ct.chm, sugo3cz.chm, sugo3dn.chm, sugo3dt.chm, sugo3el.chm, sugo3EN.chm, sugo3fi.chm, sugo3fn.chm, sugo3gr.chm, sugo3hb.chm, sugo3hu.chm, sugo3it.chm, sugo3kr.chm, sugo3nr.chm, sugo3po.chm, sugo3pt.chm, sugo3ru.chm, sugo3sp.chm, sugo3sw.chm, sugo3tk.chm, sugo3ab.dat, sugo3bp.dat, sugo3cp.dat, sugo3ct.dat, sugo3cz.dat, sugo3dn.dat, sugo3dt.dat, sugo3el.dat, sugo3EN.DAT, sugo3fi.dat, sugo3fn.dat, sugo3gr.dat, sugo3hb.dat, sugo3hu.dat, sugo3it.dat, sugo3kr.dat, sugo3nr.dat, sugo3po.dat, sugo3pt.dat, sugo3ru.dat, sugo3sp.dat, sugo3sw.dat, sugo3tk.dat, sugo3M0.BMP, sugo3M1.BMP, sugo3M2.BMP, sugo3M3.BMP, sugo3u1.bmp, sugo3Ua.BMP, sugo3Ub.BMP, sugo3UC.BMP, sugo3UG.BMP, sugo3Ul.BMP, sugo3U.BMP, sugo3U.INI, sugo3.VER.

Event Record #/Type412953 / Warning
Event Submitted/Written: 01/22/2008 09:35:05 AM
Event ID/Source: 20 / Print
Event Description:
Printer Driver Samsung ML-2510 Series for Windows NT x86 Version-3 was added or updated. Files:- sugo3.DLL, sugo3UI.DLL, sugo3.DLL, sugo3U.DLL, sugo3U2.DLL, sugo3CM.DLL, sugo3UM.DLL, sugo3M.DLL, sugo3lf.DLL, sugo3CM.CTD, sugo3UM.XML, sugo3ab.chm, sugo3bp.chm, sugo3cp.chm, sugo3ct.chm, sugo3cz.chm, sugo3dn.chm, sugo3dt.chm, sugo3el.chm, sugo3EN.chm, sugo3fi.chm, sugo3fn.chm, sugo3gr.chm, sugo3hb.chm, sugo3hu.chm, sugo3it.chm, sugo3kr.chm, sugo3nr.chm, sugo3po.chm, sugo3pt.chm, sugo3ru.chm, sugo3sp.chm, sugo3sw.chm, sugo3tk.chm, sugo3ab.dat, sugo3bp.dat, sugo3cp.dat, sugo3ct.dat, sugo3cz.dat, sugo3dn.dat, sugo3dt.dat, sugo3el.dat, sugo3EN.DAT, sugo3fi.dat, sugo3fn.dat, sugo3gr.dat, sugo3hb.dat, sugo3hu.dat, sugo3it.dat, sugo3kr.dat, sugo3nr.dat, sugo3po.dat, sugo3pt.dat, sugo3ru.dat, sugo3sp.dat, sugo3sw.dat, sugo3tk.dat, sugo3M0.BMP, sugo3M1.BMP, sugo3M2.BMP, sugo3M3.BMP, sugo3u1.bmp, sugo3Ua.BMP, sugo3Ub.BMP, sugo3UC.BMP, sugo3UG.BMP, sugo3Ul.BMP, sugo3U.BMP, sugo3U.INI, sugo3.VER.

Event Record #/Type412952 / Warning
Event Submitted/Written: 01/22/2008 09:34:24 AM
Event ID/Source: 3 / Print
Event Description:
Printer Samsung ML-2510 Series was deleted.

Event Record #/Type412951 / Warning
Event Submitted/Written: 01/22/2008 09:34:18 AM
Event ID/Source: 4 / Print
Event Description:
Printer Samsung ML-2510 Series is pending deletion.



-- End of Deckard's System Scanner: finished at 2008-01-22 09:44:52 ------------
billmonahan
Regular Member
 
Posts: 18
Joined: January 11th, 2008, 11:38 pm

Re: New Hijack this logfiel

Unread postby askey127 » January 22nd, 2008, 11:39 am

billmonahan,
things look pretty good.
-----------------------------------------------------------
Folder Deletion
In Windows Explorer (My Computer), navigate to each folder shown below, highlight each one in turn shown in red, if found, and press Delete.

C:\Program Files\Common Files\AOL\ <== this folder only

You may have to first open the folder, choose View, Details, and delete all the underlying files and folders before an entire folder can be deleted.
If you need to delete underlying files in a folder and are unable to do so:
Right click the file set for deletion, and check Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete.
If a message pops up saying "File in use", or something like that,, note the name of the file, hit Ctrl-Alt-Delete and look under the Processes tab. If the exact filename is in there, highlight it and click End Process, then retry Delete.
Please Note the name and location of any item you cannot delete, or any file not found.
-----------------------------------------------------------
In my opinion you should seriously consider removing GameSpy Arcade if it's not the paid version.
It will drop popup ads on your machine and it may or may not track your behavior.
You also should remove
Viewpoint, Viewpoint Media Player, and Viewpoint xxxx (anything else). The choices are yours, however.

Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :
Viewpoint Media Player
Viewpoint
GameSpy Arcade

Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into Keeping the program.
-----------------------------------------------------------
Reset System Restore Points
  • Click Start > Help and Support
  • Click on ->Undo changes to your computer with System Restore.
  • Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
  • Close Help and Support Center.
  • Click Start | Run and type Cleanmgr
  • Select (C: ) then click OK.
  • Click the More Options tab.
  • Click Clean Up in the System Restore Section.
This will remove all previous restore points except the newly created one.
This System Restore sequence is not to be done regularly, but only as a Special Case after the removal of malware.

If things are running well you should be good to go. If any more issues or questions, please ask.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: New Hijack this logfiel

Unread postby billmonahan » January 22nd, 2008, 2:11 pm

:( Popups keep happening. :(

I also stopped the 'Linksys Viewer Recorder Service' listed as 'PsDiagnostic.exe' not signed because I dont know what this was from.
billmonahan
Regular Member
 
Posts: 18
Joined: January 11th, 2008, 11:38 pm

Re: New Hijack this logfiel

Unread postby askey127 » January 22nd, 2008, 2:48 pm

Did you Uninstall GameSpy Arcade?
If so, please go to C:\Program Files\ and Delete the GameSpy Arcade folder.
Likewise for Viewpoint.
----------------------------------------------------------------------------------
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found here if you need it : Start, All Programs, Malwarebytes' Anti-Malware, Logs
    The log names are date stamped.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: New Hijack this logfiel

Unread postby billmonahan » January 22nd, 2008, 4:41 pm

Malwarebytes' Anti-Malware version 1.00
Database version: 264

Scan type: Quick Scan
Objects scanned: 32890
Time elapsed: 14 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{4340df8e-d7a3-4675-be74-80077b2b3e81} (Trojan.AdWare.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5acae4b8-62d9-4124-a58a-9b1258b77e99} (Trojan.AdWare.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d12fb216-99da-4eb3-9cc0-c0f760b174a0} (Trojan.AdWare.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d56c1af1-3fde-471c-9bc2-c52515f260c1} (Trojan.AdWare.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e656b867-992c-4462-a27d-ebe604ec3a48} (Trojan.AdWare.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e656b867-aa2c-4462-a27d-ebe604ec3a48} (Trojan.AdWare.AntiSpamBoy) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> Failed to delete. (Delete on reboot).
billmonahan
Regular Member
 
Posts: 18
Joined: January 11th, 2008, 11:38 pm

Re: New Hijack this logfiel

Unread postby billmonahan » January 22nd, 2008, 4:55 pm

That didnt fix it...I'm running a full scan att...will post when done
billmonahan
Regular Member
 
Posts: 18
Joined: January 11th, 2008, 11:38 pm

Re: New Hijack this logfiel

Unread postby askey127 » January 22nd, 2008, 6:29 pm

Make sure you reboot so that last entry gets removed.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: New Hijack this logfiel

Unread postby billmonahan » January 22nd, 2008, 7:02 pm

Malwarebytes' Anti-Malware version 1.00
Database version: 264

Scan type: Full Scan (C:\|)
Objects scanned: 153677
Time elapsed: 1 hour(s), 33 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\cache3\vumpedll23.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> Failed to delete. (Delete on reboot).
billmonahan
Regular Member
 
Posts: 18
Joined: January 11th, 2008, 11:38 pm

Re: New Hijack this logfiel

Unread postby askey127 » January 23rd, 2008, 8:25 am

bill,
-----------------------------------------------------------
Download and Run ComboFix
Next time you get popup(s), please note what they are selling or what website they would like you to visit.
Please post the log from C:\combofix.txt
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: New Hijack this logfiel

Unread postby billmonahan » January 23rd, 2008, 9:31 am

ComboFix 08-01-23.2 - Admin 2008-01-23 8:04:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.341 [GMT -5:00]
Running from: C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\45QVWXQZ\ComboFix[1].exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\temp\tn3
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

----- BITS: Possible infected sites -----

hxxp://origin.onecare.live.com
.
((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.

2008-01-23 08:12 . 2008-01-23 08:12 <DIR> d-------- C:\TEMP\tn3
2008-01-23 08:02 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 15:21 . 2008-01-22 15:21 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-01-22 09:39 . 2008-01-22 09:39 <DIR> d-------- C:\Deckard
2008-01-22 09:36 . 2008-01-22 09:36 <DIR> d-------- C:\WINDOWS\Samsung
2008-01-22 09:32 . 2008-01-22 09:33 <DIR> d-------- C:\WINDOWS\ML-2510_GDI
2008-01-22 06:03 . 2008-01-22 06:03 552 --a------ C:\WINDOWS\system32\DO_NOT_DELETE.backupSetID
2008-01-20 08:46 . 2008-01-20 08:46 250 --a------ C:\WINDOWS\BissHM.ini
2008-01-20 08:43 . 2008-01-20 08:43 <DIR> d-------- C:\Program Files\Bluetack
2008-01-20 08:34 . 2008-01-20 08:36 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-19 10:20 . 2008-01-19 10:20 <DIR> d-------- C:\Program Files\CCleaner
2008-01-16 09:10 . 2008-01-19 17:40 4,182,560 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-16 09:10 . 2008-01-19 17:40 56,756 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-16 09:10 . 2008-01-19 17:40 21,792 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-16 09:10 . 2008-01-19 17:40 3,092 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-16 09:05 . 2008-01-16 09:05 <DIR> d-------- C:\KAV
2008-01-15 15:49 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-15 15:47 . 2008-01-15 15:47 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-15 15:41 . 2008-01-15 15:41 <DIR> d-------- C:\Program Files\SDM20
2008-01-15 09:25 . 2008-01-19 17:32 <DIR> d-------- C:\Program Files\Microsoft SMaRT
2008-01-14 16:10 . 2008-01-18 15:31 <DIR> d-------- C:\FFRMA
2008-01-13 23:25 . 2007-09-21 10:35 116,416 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-01-13 23:25 . 2007-09-21 10:35 91,328 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2008-01-13 23:24 . 2007-07-06 16:09 70,928 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2008-01-13 23:23 . 2007-03-29 07:56 409,600 -----c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-01-13 23:23 . 2007-03-29 07:56 18,944 -----c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-01-13 23:23 . 2007-03-29 07:56 8,192 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-01-13 23:23 . 2007-03-29 07:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-01-13 23:23 . 2007-03-29 07:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-01-13 23:23 . 2007-03-29 07:56 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-01-13 23:18 . 2008-01-23 00:47 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-01-13 20:37 . 2008-01-13 20:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-11 18:47 . 2008-01-22 18:18 0 --a------ C:\WINDOWS\system32\eFax_4_3_Port
2008-01-11 18:46 . 2008-01-18 00:08 <DIR> d-------- C:\Program Files\eFax Messenger 4.3
2008-01-08 14:51 . 2008-01-08 14:51 <DIR> d-------- C:\Program Files\Windows Defender
2008-01-08 10:12 . 2008-01-08 10:12 <DIR> d-------- C:\WINDOWS\system32\usmvt3
2008-01-08 10:12 . 2008-01-08 10:12 <DIR> d-------- C:\WINDOWS\system32\oobe3
2008-01-08 10:12 . 2008-01-08 10:12 <DIR> d-------- C:\WINDOWS\system32\drivez4
2008-01-08 10:12 . 2008-01-08 10:12 <DIR> d-------- C:\WINDOWS\system32\comp2
2008-01-08 10:12 . 2008-01-22 18:00 <DIR> d-------- C:\WINDOWS\system32\cache3
2008-01-08 10:12 . 2008-01-08 23:17 <DIR> d-------- C:\WINDOWS\system32\ardCo01
2008-01-08 10:12 . 2008-01-23 08:11 167,545 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-08 10:12 . 2008-01-08 10:12 86,016 --a------ C:\WINDOWS\system32\drivers\srr.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 22:33 --------- d-----w C:\Program Files\SwiftView
2008-01-19 22:33 --------- d-----w C:\Program Files\Red Thunder
2008-01-19 22:33 --------- d-----w C:\Program Files\QuickTime
2008-01-19 22:33 --------- d-----w C:\Program Files\palmOne
2008-01-19 22:33 --------- d-----w C:\Program Files\OfficeUpdate11
2008-01-19 22:32 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-01-19 22:32 --------- d-----w C:\Program Files\HP
2008-01-19 22:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-19 22:32 --------- d-----w C:\Program Files\Battles In Normandy Demo
2008-01-19 22:32 --------- d-----w C:\Program Files\Apple Software Update
2008-01-15 20:49 --------- d-----w C:\Program Files\Java
2007-12-13 13:45 --------- d-----w C:\Program Files\Microsoft Picture It! 9
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-03-27 11:20 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-03-27 11:20 499712]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-30 05:17 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-05-16 13:10 323584]
"SunKist"="C:\Program Files\Digital Media Reader\shwicon2k.exe" [2004-05-26 19:57 139264]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 19:32 50688]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-22 07:05 172032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 03:50 204800]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"eFax 4.3"="C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 12:21 116224]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-12-11 09:42 67112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"WD NetCenter EasyLink"="C:\Program Files\Western Digital Technologies\NetCenter EasyLink\WDEzLink.exe" [2005-10-12 13:51 1060864]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe" [2006-02-14 18:32 507904]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
eFax 4.3.lnk - C:\Program Files\eFax Messenger 4.3\J2GTray.exe [2008-01-11 18:46:48 629248]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

R1 srr;srr;C:\WINDOWS\system32\drivers\srr.sys [2008-01-08 10:12]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
S3 cdiskdun;cdiskdun;C:\DOCUME~1\Owner\LOCALS~1\Temp\cdiskdun.sys []
S3 SM_sugo3_FUService;sugo3 Status Monitor Service;"C:\Program Files\Samsung\Samsung ML-2510 Series\SPanel\ssmsrvc []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-18 02:09:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-23 12:47:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 08:13:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.


POPUPS:

http://www.pcsecurityshield.com/lp/shie ... &affid=541
http://ad.netcrefer.net/servecs?atype=p0
http://www.zonealarm.com/store/content/ ... 7591830531

NOTE:
I noticed Java Icon appeared in 'System Tray' in lower right after the reboot. I'm not sure if it was there before and I just didnt notice it.
billmonahan
Regular Member
 
Posts: 18
Joined: January 11th, 2008, 11:38 pm

Re: New Hijack this logfiel

Unread postby billmonahan » January 23rd, 2008, 9:54 am

billmonahan
Regular Member
 
Posts: 18
Joined: January 11th, 2008, 11:38 pm

Re: New Hijack this logfiel

Unread postby askey127 » January 23rd, 2008, 4:01 pm

bill,
-----------------------------------------------------------
Download Blacklight from here:
http://www.f-secure.com/security_center/
Under "Downloads", click on Blacklight and Save it to your Desktop
or
Link to it from the ftp site: ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe
and save it to your desktop from there.

Go to Start-->Run, copy in the following text, and press Enter:
"%userprofile%\desktop\fsbl.exe" /expert

Accept the license agreement.
Click > scan, wait for it to fimish, then click Close

There will be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
Copy and paste the contents of this log into your next reply.
-----------------------------------------------------------
First please read or print out the detailed instructions on ComboFix here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Use those instructions to Install the Windows Recovery Console as a safety precaution, in case of a Master Boot Record infection.
Post back after you install the Recovery Console, and please post the Blacklight log.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: New Hijack this logfiel

Unread postby billmonahan » January 23rd, 2008, 6:05 pm

01/23/08 16:32:23 [Info]: BlackLight Engine 1.0.67 initialized
01/23/08 16:32:23 [Info]: OS: 5.1 build 2600 (Service Pack 2)
01/23/08 16:32:24 [Note]: 7019 4
01/23/08 16:32:24 [Note]: 7005 0
01/23/08 16:32:39 [Note]: 7006 0
01/23/08 16:32:39 [Note]: 7022 0
01/23/08 16:32:39 [Note]: 7011 984
01/23/08 16:32:39 [Note]: 7026 0
01/23/08 16:32:39 [Note]: 7026 0
01/23/08 16:32:43 [Note]: FSRAW library version 1.7.1024
01/23/08 16:50:44 [Note]: 2000 1012
01/23/08 17:03:10 [Note]: 7007 0


I havnt installed recovery console yet, I only have a restore dvd with my system. I will reseach on MS website.
billmonahan
Regular Member
 
Posts: 18
Joined: January 11th, 2008, 11:38 pm
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 294 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware