Jump to content

akokes

Advanced Member
  • Content Count

    676
  • Joined

  • Last visited

About akokes

  • Rank
    Advanced Member
  • Birthday 03/05/1975

Contact Methods

  • Website URL
    http://home.comcast.net/~stephanie.kokes/
  • ICQ
    0

Profile Information

  • Location
    Minnesota

Previous Fields

  • Teams:
    Nothing Selected
  1. Sorry it is forever between replies - life is busy and this is my father in laws computer. Anyway - most of the scans you want me to run seem to start. I get an hourglass for a couple of seconds and then a regular cursor. Then nothing. No new program starting up. The task manager reports that they are running, mbam, and gmer both are running right now in task manager but not on the desktop. now it likes to come up with an error message too - Windows no disk Exception processing message c0000013 ill google that on my own, but I'm hitting a roadblock with all the scanners
  2. I scanned the file you posted and it came back clean. I tried to post the screenshot and the browser crashed halfway through here is the other log requested : ========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== c:\program files\popcorn Terms.html moved successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Linda\LOCALS~1\Temp\Perflib_Perfdata_1398.dat scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\hlktmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcafee_MBTv1kKY8KbRaQH scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_b0Jm7KCWe5zast6 scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_eIstUCutT4mNd9n scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_LPRIvHV2622f5gl scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_vOzgDhZNppoEWpj scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\WFVA5.tmp scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 04062009_132157 Files moved on Reboot... File C:\DOCUME~1\Linda\LOCALS~1\Temp\Perflib_Perfdata_1398.dat not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot. File C:\WINDOWS\temp\mcafee_MBTv1kKY8KbRaQH not found! File C:\WINDOWS\temp\mcmsc_b0Jm7KCWe5zast6 not found! File C:\WINDOWS\temp\mcmsc_eIstUCutT4mNd9n not found! File C:\WINDOWS\temp\mcmsc_LPRIvHV2622f5gl not found! File C:\WINDOWS\temp\mcmsc_vOzgDhZNppoEWpj not found! File C:\WINDOWS\temp\WFVA5.tmp not found!
  3. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-03-16.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 1/16/2005 11:22:39 PM System Uptime: 3/31/2009 4:51:02 PM (2 hours ago) Motherboard: ASUSTek Computer Inc. | | P4SD-VX Processor: Intel® Pentium® 4 CPU 2.80GHz | CPU 1 | 2793/200mhz Processor: Intel® Pentium® 4 CPU 2.80GHz | CPU 1 | 2793/200mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 80 GiB total, 62.429 GiB free. D: is FIXED (NTFS) - 63 GiB total, 62.945 GiB free. E: is CDROM () F: is CDROM () G: is Removable H: is Removable I: is Removable ==== Disabled Device Manager Items ============= Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318} Description: Microsoft PS/2 Port Mouse (IntelliPoint) Device ID: ACPI\PNP0F03\4&35F762C4&0 Manufacturer: Microsoft Name: Microsoft PS/2 Port Mouse (IntelliPoint) PNP Device ID: ACPI\PNP0F03\4&35F762C4&0 Service: i8042prt ==== System Restore Points =================== RP1708: 3/23/2009 6:30:16 PM - Software Distribution Service 3.0 RP1709: 3/25/2009 12:52:15 PM - Software Distribution Service 3.0 ==== Installed Programs ====================== µTorrent 32-bit VSM Device Drivers 32-bit VSM Device Drivers 8.2 4D Embroidery Extra 8.1 4D Embroidery System 8.2 Documentation Update 4D Embroidery System 8.2 Update ABBYY FineReader 5.0 Sprint Adobe Acrobat 5.0 Adobe AIR Adobe Flash Player 10 ActiveX Adobe Media Player Adobe Photoshop Album 2.0 Starter Edition Adobe Reader 8.1.3 Adobe Reader for Palm OS 3.0 Amazing Adventures Around The World Anzio Lite AOL Uninstaller (Choose which Products to Remove) ArcSoft Software Suite ATI Control Panel ATI Display Driver Bejeweled Deluxe 1.862 Berlitz Before You Know It Flash Cards Berlitz Learning System - Italian Big Kahuna Reef Brochures 1.1.0.0.A Business Cards Business Legal Forms Canon PIXMA iP4000 Creative Driver Drag'n Drop CD+DVD DVgate Plus Embroidery Machine Communication Software 8.2 FaxTools Full Tilt Poker Galapago Google Toolbar for Firefox Google Toolbar for Internet Explorer Greeting Card Factory 2 Deluxe HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB952287) Instant Accounting - Accounting for the REAL WORLD Intel® PRO Network Adapters and Drivers iTunes Java 6 Update 11 Java 6 Update 7 LabelMaker Lexmark X1100 Series LogMeIn Malwarebytes' Anti-Malware Managed DirectX (0901) Mastering QuickBooks Enterprise Solutions Seminar-in-a-Box McAfee SecurityCenter Microsoft .NET Framework 1.0 Hotfix (KB887998) Microsoft .NET Framework 1.0 Hotfix (KB930494) Microsoft .NET Framework 2.0 Microsoft Application Error Reporting Microsoft Digital Image Library 9 - Blocker Microsoft Digital Image Standard 2006 Microsoft Digital Image Standard 2006 Editor Microsoft Digital Image Standard 2006 Library Microsoft Encarta Encyclopedia Standard 2006 Microsoft IntelliPoint 6.2 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Money 2006 Microsoft National Language Support Downlevel APIs Microsoft Office Converter Pack Microsoft Office Excel Viewer 2003 Microsoft Office PowerPoint 2003 Template Pack 3 Microsoft Visual C++ 2005 Redistributable Microsoft Web Publishing Wizard 1.52 Microsoft Word 2002 Microsoft Works Microsoft Works Suite 2006 Setup Launcher Microsoft Works Suite Add-in for Microsoft Word Move Networks Media Player for Internet Explorer MSN Toolbar MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 6 Service Pack 2 (KB954459) Music Visualizer Library 1.4.00 Navilog1 3.6.6 NVIDIA Windows 2000/XP Display Drivers OpenMG Limited Patch 3.2-03-02-21-08 OpenMG Limited Patch 3.2-03-03-18-01 OpenMG Limited Patch 3.2-03-04-14-02 OpenMG Metadata Extractor for Windows Media Player OpenMG Secure Module 3.2 PictureGear Studio 2.0 Postcards 1.0.0.0 B QuickBooks Premier: Contractor Edition 2003 Quicken 2004 QuickTime Search Enhancer Toolbar Security Update for CAPICOM (KB931906) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917537) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939373) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB942830) Security Update for Windows XP (KB942831) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953155) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) SonicStage 1.6.00 Sony Certificate PCH Sony TV Tuner Library 1.0 Sony Video Shared Library Spelling Dictionaries Support For Adobe Reader 8 Stationery Turbo Tax Offer Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB932823-v3) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB951072-v2) Update for Windows XP (KB955839) Update for Windows XP (KB967715) VAIO BrightColor Wallpaper VAIO Media 2.6 VAIO Media Redistribution 2.6 VAIO Registration VAIO Support VAIO Survey Standalone VAIO System Information VCOM Flip WebFldrs XP WebPageDesigner Windows Defender Windows Defender Signatures Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Media Player 10 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Windows XP Service Pack 2 Works Upgrade Zuma Deluxe 1.0 ==== Event Viewer Messages From Past Week ======== 3/27/2009 1:17:15 AM, error: DCOM [10001] - Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding 3/26/2009 5:44:31 PM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified. 3/26/2009 5:44:31 PM, error: Service Control Manager [7000] - The McAfee WSC Integration service failed to start due to the following error: The system cannot find the file specified. 3/26/2009 5:44:31 PM, error: Service Control Manager [7000] - The MAPMEM service failed to start due to the following error: The system cannot find the path specified. 3/26/2009 5:44:31 PM, error: Service Control Manager [7000] - The BCMNTIO service failed to start due to the following error: The system cannot find the path specified. 3/26/2009 2:46:38 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s). 3/25/2009 10:59:15 PM, error: System Error [1003] - Error code 000000d1, parameter1 e2061000, parameter2 00000002, parameter3 00000000, parameter4 f2683cf6. 3/25/2009 6:07:43 PM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 3/25/2009 6:07:28 PM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 3/25/2009 6:07:19 PM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s). 3/25/2009 6:07:16 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/25/2009 6:04:36 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office PowerPoint Viewer 2003 (KB956500). 3/25/2009 10:41:44 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D. 3/25/2009 12:20:03 AM, error: Print [19] - Sharing printer failed + 1722, Printer Lexmark X1100 Series share name Printer. 3/28/2009 3:33:25 PM, error: System Error [1003] - Error code 000000d1, parameter1 e202d000, parameter2 00000002, parameter3 00000000, parameter4 f254dcf6. 3/31/2009 4:04:49 AM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 3/31/2009 4:11:52 AM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 3/31/2009 4:18:55 AM, error: Service Control Manager [7034] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 5 time(s). 3/31/2009 5:28:14 AM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty. 3/31/2009 8:50:07 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the mcmscsvc service. ==== End Of File =========================== DDS (Ver_09-03-16.01) - NTFSx86 Run by Linda at 18:25:14.06 on Tue 03/31/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.138 [GMT -5:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) FW: McAfee Personal Firewall *enabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\WINDOWS\ehome\ehSched.exe C:\WINDOWS\system32\hasplms.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\wanmpsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\Iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\lexpps.exe C:\Documents and Settings\Linda\Desktop\spyware temp folder\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.comcast.net/ uDefault_Page_URL = hxxp://www.aol.com/?src=customie7 uSearch Bar = hxxp://www.comcast.net/toolbar2.0/search/ mStart Page = hxxp://www.aol.com/?src=customie7 mDefault_Page_URL = hxxp://www.aol.com/?src=customie7 mSearchMigratedDefaultURL = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = hxxp://www.popcap.com/register.php?theGame=www.popcap.com&referid=mumbojumbo&src=mj_zuma uURLSearchHooks: H - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {B7D3E479-CC68-42B5-A338-938ECE35F419} - No File TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File TB: {BFB5F154-9212-46F3-B547-AC6106030A54} - No File TB: {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://chill.comcast.net/AspNet2.0/App/games/channel--110341560/lc--en/room--2eb98dc8-7156-49e3-89b5-466ede376161/online/dream_chronicles/en/dreamweb.1.0.0.9.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} - hxxp://chill.comcast.net/AspNet2.0/App/games/channel--110341560/lc--en/room--dd4908ed-13cf-40ca-8cec-824e8df57e3f/online/zenerchi/en/ZenerchiWeb.1.0.0.10.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 Notify: LMIinit - LMIinit.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll ============= SERVICES / DRIVERS =============== R0 SonyLSM;LED State Service;c:\windows\system32\drivers\SonyLSM.sys [2003-9-16 4736] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-10-15 201320] R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-4-17 12992] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-7-7 46112] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-10-15 359248] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-10-15 144704] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-10-5 13592] R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-10-15 695624] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-10-15 79304] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-10-15 35240] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-10-15 40488] R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2007-4-17 12192] S2 BCMNTIO;BCMNTIO;\??\c:\progra~1\checkit\diagno~1\bcmntio.sys --> c:\progra~1\checkit\diagno~1\BCMNTIO.sys [?] S2 MAPMEM;MAPMEM;\??\c:\progra~1\checkit\diagno~1\mapmem.sys --> c:\progra~1\checkit\diagno~1\MAPMEM.sys [?] S2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\mcdetect.exe --> c:\program files\mcafee.com\agent\mcdetect.exe [?] S2 mrtRate;mrtRate; [x] S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe --> c:\progra~1\mcafee.com\agent\mcupdmgr.exe [?] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-10-15 33832] S3 W8100PCI;D-Link AirPlus G Wireless Driver;c:\windows\system32\drivers\mrv8k51.sys [2004-4-2 258560] S4 [email protected]:+Documents and Settings+Linda+Local Settings+Temporary Internet Files+Content.IE5+G1WBATUJ+FAH502-Console[1].exe;[email protected]:+Documents and Settings+Linda+Local Settings+Temporary Internet Files+Content.IE5+G1WBATUJ+FAH502-Console[1].exe;c:\documents and settings\linda\local settings\temporary internet files\content.ie5\g1wbatuj\fah502-console[1].exe -svcstart --> c:\documents and settings\linda\local settings\temporary internet files\content.ie5\g1wbatuj\FAH502-Console[1].exe -svcstart [?] S4 LMIRfsClientNP;LMIRfsClientNP; [x] =============== Created Last 30 ================ 2009-03-27 14:45 <DIR> --d----- C:\_OTMoveIt 2009-03-26 11:32 <DIR> --d----- c:\docume~1\linda\applic~1\funkitron 2009-03-23 18:33 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-03-23 18:33 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-23 18:33 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware ==================== Find3M ==================== 2009-03-25 10:23 7,074 a------- c:\docume~1\linda\applic~1\wklnhst.dat 2009-02-09 05:19 1,846,272 a------- c:\windows\system32\win32k.sys 2009-01-31 17:28 96,640 a------- c:\docume~1\linda\applic~1\GDIPFONTCACHEV1.DAT 2006-09-10 19:54 29,784 ac------ c:\program files\popcorn Terms.html 2006-04-24 09:01 774,144 ac------ c:\program files\RngInterstitial.dll 2005-03-24 10:19 475 ---sh--- c:\windows\system32\clos.dll ============= FINISH: 18:27:05.46 ===============
  4. Yes, this is a repeat offender it was clean when we finished last time and is now running poorly again... here are the logs you wanted, and no, MBAM will not start up. Process explorer.exe killed successfully. ========== FILES ========== File/Folder c:\windows\system32\mmmgkoo.exe not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mmmgkoo not found. ========== COMMANDS ========== User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\hlktmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcafee_5WU6bRiRdWlnQBd scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_44fgSnsLxXKgNg7 scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_4sBp80alnzdB5sQ scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_6LGjfVHlHvIx151 scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_kfDvc5NYkm1fNkf scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_XdV1iQ3GUKiJtXA scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1138.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_19c.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\WFV32.tmp scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03272009_144556 Files moved on Reboot... File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot. File C:\WINDOWS\temp\mcafee_5WU6bRiRdWlnQBd not found! File C:\WINDOWS\temp\mcmsc_44fgSnsLxXKgNg7 not found! File C:\WINDOWS\temp\mcmsc_4sBp80alnzdB5sQ not found! File C:\WINDOWS\temp\mcmsc_6LGjfVHlHvIx151 not found! C:\WINDOWS\temp\mcmsc_kfDvc5NYkm1fNkf moved successfully. C:\WINDOWS\temp\mcmsc_XdV1iQ3GUKiJtXA moved successfully. C:\WINDOWS\temp\Perflib_Perfdata_1138.dat moved successfully. File C:\WINDOWS\temp\Perflib_Perfdata_19c.dat not found! File C:\WINDOWS\temp\WFV32.tmp not found! and Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:07:38 PM, on 3/27/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\WINDOWS\ehome\ehSched.exe C:\WINDOWS\system32\hasplms.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.popcap.com/register.php?theGame...amp;src=mj_zuma R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file) N3 - Netscape 7: # Mozilla User Preferences // This is a generated file! user_pref("browser.bookmarks.added_static_root", true); user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); user_pref("browser.startup.homepage_override.mstone", "rv:1.0.2"); user_pref("intl.charsetmenu.browser.cache", "ISO-8859-1"); user_pref("prefs.converted-to-utf8", true); user_pref("timebomb.first_launch_time", "1130363976546000"); user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file"); (C:\Documents and Settings\LINDA\Application Data\Mozilla\Profiles\default\a3nq7jqe.slt\prefs.js) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://chill.comcast.net/AspNet2.0/App/gam...web.1.0.0.9.cab O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://chill.comcast.net/AspNet2.0/App/gam...eb.1.0.0.10.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing) O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 7970 bytes
  5. I am having a hard time getting started on this computer as malwarebytes (and adaware and spybot) does not seem to want to run. The cursor shows an hourglass for a few seconds then goes back to normal and the program does not run I've managed to run a hijackthis log, so if anything looks obvious and can be removed manually I would appreciate the advice - thanks in advance, you guys have always been the best in the past. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:10:09 PM, on 3/25/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\ehome\ehSched.exe C:\WINDOWS\system32\hasplms.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\wanmpsvc.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.popcap.com/register.php?theGame...amp;src=mj_zuma R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file) N3 - Netscape 7: # Mozilla User Preferences // This is a generated file! user_pref("browser.bookmarks.added_static_root", true); user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); user_pref("browser.startup.homepage_override.mstone", "rv:1.0.2"); user_pref("intl.charsetmenu.browser.cache", "ISO-8859-1"); user_pref("prefs.converted-to-utf8", true); user_pref("timebomb.first_launch_time", "1130363976546000"); user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file"); (C:\Documents and Settings\LINDA\Application Data\Mozilla\Profiles\default\a3nq7jqe.slt\prefs.js) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [mmmgkoo] "c:\windows\system32\mmmgkoo.exe" mmmgkoo O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://chill.comcast.net/AspNet2.0/App/gam...web.1.0.0.9.cab O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://chill.comcast.net/AspNet2.0/App/gam...eb.1.0.0.10.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing) O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 8079 bytes
  6. Juliet - I believe you can move this one to the completed logs section. The Viewpoint stuff was already gone, and so were the two folders you pointed out. So no changes tonite The computer is running great and Dan (the guy who uses it daily) says it has been great for a few days now. Thanks again for all the help!
  7. Hi Juliet, I have not forgotten about this. The computer is running a LOT better at this point. here is the new combo-fix log : ComboFix 09-01-21.04 - dsticha 2009-01-29 7:36:36.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.154 [GMT -6:00] Running from: C:\Documents and Settings\dsticha\Desktop\Antispyware temp folder\Combo-Fix.exe Command switches used :: C:\Documents and Settings\dsticha\Desktop\Antispyware temp folder\CFScript.txt AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) FW: Norton Internet Worm Protection *disabled* * Created a new restore point FILE :: C:\WINDOWS\SYSTEM32\soblofei.exe C:\WINDOWS\SYSTEM32\winsystems.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\SYSTEM32\soblofei.exe C:\WINDOWS\SYSTEM32\winsystems.dll . ((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-29 ))))))))))))))))))))))))))))))) . 2009-01-28 19:59 . 2009-01-28 19:58 410,984 --a------ C:\WINDOWS\SYSTEM32\deploytk.dll 2009-01-28 19:59 . 2009-01-28 19:58 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl 2009-01-28 10:21 . 2009-01-28 10:21 <DIR> d-------- C:\rsit 2009-01-28 10:17 . 2009-01-28 10:17 <DIR> d-------- C:\Program Files\Trend Micro 2009-01-28 10:17 . 2009-01-28 10:17 <DIR> d-------- C:\Hijackthis 2009-01-28 10:16 . 2009-01-28 10:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn 2009-01-28 10:16 . 2008-10-16 20:35 83,288 --a------ C:\WINDOWS\SYSTEM32\LMIRfsClientNP.dll 2009-01-28 10:16 . 2008-07-24 18:46 47,640 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\LMIRfsDriver.sys 2009-01-28 10:16 . 2008-10-16 20:35 28,984 --a------ C:\WINDOWS\SYSTEM32\LMIport.dll 2009-01-28 10:15 . 2009-01-29 03:09 <DIR> d-------- C:\Program Files\LogMeIn 2009-01-28 10:15 . 2008-10-16 20:35 87,352 --a------ C:\WINDOWS\SYSTEM32\LMIinit.dll 2009-01-28 10:15 . 2009-01-28 10:15 1,024 --a------ C:\.rnd 2009-01-17 19:01 . 2009-01-17 19:01 <DIR> d-------- C:\Documents and Settings\dsticha\Application Data\Malwarebytes 2009-01-14 19:46 . 2009-01-14 19:46 <DIR> d-------- C:\Documents and Settings\AKokes\Application Data\Malwarebytes 2009-01-14 19:45 . 2009-01-14 19:45 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2009-01-14 19:45 . 2009-01-14 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-01-14 19:45 . 2009-01-14 16:11 38,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys 2009-01-14 19:45 . 2009-01-14 16:11 15,504 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys 2009-01-14 08:50 . 2009-01-14 20:04 4 --a------ C:\WINDOWS\yoxktwqs 2009-01-13 17:19 . 2009-01-14 08:50 2,412 --a------ C:\WINDOWS\whmomdtj . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-29 02:00 --------- d-----w C:\Program Files\Java 2009-01-29 01:34 --------- d-----w C:\Program Files\Viewpoint 2009-01-29 01:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2009-01-13 23:13 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-12-23 18:16 --------- d-----w C:\Documents and Settings\dsticha\Application Data\AdobeUM 2008-12-17 22:01 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-12-17 22:01 --------- d-----w C:\Program Files\Qwest 2008-12-17 22:01 --------- d-----w C:\Program Files\Common Files\supportsoft 2008-12-17 22:00 --------- d-----w C:\Program Files\Actiontec 2008-12-17 22:00 --------- d-----w C:\Program Files\2Wire 2008-12-17 20:28 --------- d-----w C:\Documents and Settings\jkrech\Application Data\InstallShield 2008-12-11 10:57 333,952 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-01 13:45 56,912 ----a-w C:\Documents and Settings\jkrech\g2mdlhlpx.exe . ((((((((((((((((((((((((((((( [email protected]_16.55.07.64 ))))))))))))))))))))))))))))))))))))))))) . - 2008-12-12 09:05:58 12,288 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2009-01-29 09:03:51 12,288 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2008-12-12 09:05:58 135,168 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2009-01-29 09:03:51 135,168 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2008-12-12 09:05:58 11,264 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2009-01-29 09:03:51 11,264 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2008-12-12 09:05:58 27,136 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2009-01-29 09:03:51 27,136 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2008-12-12 09:05:58 4,096 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2009-01-29 09:03:51 4,096 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2008-12-12 09:05:58 794,624 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2009-01-29 09:03:51 794,624 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2008-12-12 09:05:58 23,040 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2009-01-29 09:03:51 23,040 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2008-12-12 09:05:58 286,720 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2009-01-29 09:03:51 286,720 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2008-12-12 09:05:58 409,600 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2009-01-29 09:03:51 409,600 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2008-09-08 10:41:42 333,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\srv.sys + 2008-12-11 10:57:09 333,952 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\srv.sys - 2003-11-19 22:36:26 24,681 ------w C:\WINDOWS\SYSTEM32\java.exe + 2009-01-29 01:58:42 144,792 ----a-w C:\WINDOWS\SYSTEM32\java.exe - 2003-11-19 22:36:30 28,779 ------w C:\WINDOWS\SYSTEM32\javaw.exe + 2009-01-29 01:58:42 144,792 ----a-w C:\WINDOWS\SYSTEM32\javaw.exe + 2009-01-29 01:58:42 148,888 ----a-w C:\WINDOWS\SYSTEM32\javaws.exe - 2008-12-09 23:24:37 17,593,280 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe + 2009-01-10 01:35:28 20,853,704 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe + 2009-01-29 13:41:39 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_7a0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:42 15360] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 12:02 53408] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-03-17 05:34 124656] "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2008-04-14 04:42 143360] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-26 11:08 282624] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 13:49 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 13:46 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 13:50 114688] "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-09 19:11 2595792] "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-09 19:23 909208] "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-09 19:14 136472] "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 18:46 63048] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-01-28 19:58 136600] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2006-02-23 11:41 67264] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 22:37:56 217194] QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-01-14 12:01:45 724992] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-16 20:35 87352 C:\WINDOWS\SYSTEM32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-14 04:42 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [2008-09-05 16:23:04 99376] R4 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\rainfo.sys [2008-07-24 18:46:12 12856] R4 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\SYSTEM32\DRIVERS\LMIRfsDriver.sys [2009-01-28 10:16:15 47640] R4 SavRoam;SAVRoam;C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-03-17 05:34:24 115952] R4 sprtlisten;SupportSoft Listener Service;C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 12:02:16 1213728] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . Contents of the 'Scheduled Tasks' folder 2009-01-13 C:\WINDOWS\Tasks\defrag.job - C:\WINDOWS\SYSTEM32\DEFRAG.EXE [2008-04-14 04:42] 2009-01-29 C:\WINDOWS\Tasks\SHUTDOWN.job - c:\windows\system32\SHUTDOWN.EXE [2008-04-14 04:42] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {F5920B39-878F-45DB-A078-CE97214586B1} = 192.168.0.100,205.171.3.65,205.171.2.65 . And a new Hijackthis Log : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:19, on 2009-02-02 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\basfipm.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182383764137 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182383036162 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fantasticfloors.com O17 - HKLM\Software\..\Telephony: DomainName = fantasticfloors.com O17 - HKLM\System\CCS\Services\Tcpip\..\{F5920B39-878F-45DB-A078-CE97214586B1}: NameServer = 192.168.0.100,205.171.3.65,205.171.2.65 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fantasticfloors.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fantasticfloors.com O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fantasticfloors.com O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- End of file - 9071 bytes
  8. here is the kapersky scan - looks like the work is not quite done -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Wednesday, January 28, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Thursday, January 29, 2009 00:42:11 Records in database: 1722428 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ H:\ Scan statistics: Files scanned: 49350 Threat name: 5 Infected objects: 7 Suspicious objects: 0 Duration of the scan: 01:09:55 File name / Threat name / Threats count C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\byXQJYqN.dll.vir Infected: Trojan.Win32.Monder.ankf 1 C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\polqqy.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gbs 1 C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\uhexxqgf.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gbs 1 C:\WINDOWS\CSC\d4\80000013 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 2 C:\WINDOWS\SYSTEM32\soblofei.exe Infected: Backdoor.Win32.TDSS.bau 1 C:\WINDOWS\SYSTEM32\winsystems.dll Infected: Trojan.Win32.Agent.bimt 1 The selected area was scanned.
  9. I am currently running the kapersky scan - as soon as its done I'll post the logfile The computer is running like normal now - but I'll keep at it until you give me a clean bill of health - and thank you for the help. I am usually the one who people wonder "how the heck do you know how to do that?!?" Now I know what it is like from the other perspective. This is the second pc I've had you folks help with after getting frustrated and both times the help has been wonderful, and somehow free I recommend you guys all the time to customers at my day job (I'm a cable guy and do internet work mostly.) I've even had the opportunity to get feedback from some of those customers and they liked the experience as well... I'll post the kapersky log as soon as its done.
  10. File soblofei.exe received on 01.29.2009 02:22:10 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 25/38 (65.79%) Loading server information... Your file is queued in position: ___. Estimated start time is between ___ and ___ . Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.0.0.93 2009.01.29 Downloader.Delphi!IK AhnLab-V3 5.0.0.2 2009.01.29 - AntiVir 7.9.0.60 2009.01.28 TR/Dropper.Gen Authentium 5.1.0.4 2009.01.28 - Avast 4.8.1281.0 2009.01.28 Win32:Fasec AVG 8.0.0.229 2009.01.28 Win32/Heur BitDefender 7.2 2009.01.28 Trojan.Crypt.HM CAT-QuickHeal 10.00 2009.01.28 Backdoor.TDSS.bau ClamAV 0.94.1 2009.01.29 - Comodo 951 2009.01.28 - DrWeb 4.44.0.09170 2009.01.29 - eSafe 7.0.17.0 2009.01.28 Win32.NewMalware.bx eTrust-Vet 31.6.6333 2009.01.29 - F-Prot 4.4.4.56 2009.01.28 - F-Secure 8.0.14470.0 2009.01.29 Backdoor.Win32.TDSS.bau Fortinet 3.117.0.0 2009.01.28 PossibleThreat GData 19 2009.01.28 Trojan.Crypt.HM Ikarus T3.1.1.45.0 2009.01.29 Downloader.Delphi K7AntiVirus 7.10.608 2009.01.28 Backdoor.Win32.TDSS.bau Kaspersky 7.0.0.125 2009.01.29 Backdoor.Win32.TDSS.bau McAfee 5509 2009.01.28 Generic Dropper McAfee+Artemis 5509 2009.01.28 Generic Dropper Microsoft 1.4205 2009.01.28 TrojanDropper:Win32/Delf.CI NOD32 3808 2009.01.28 a variant of Win32/TrojanDropper.Delf.NIX Norman 6.00.02 2009.01.28 W32/Hupigon.EXEI nProtect 2009.1.8.0 2009.01.28 Trojan.Crypt.HM Panda 9.5.1.2 2009.01.28 Generic Trojan PCTools 4.4.2.0 2009.01.28 - Prevx1 V2 2009.01.29 System Back Door Rising 21.13.42.00 2009.01.23 - SecureWeb-Gateway 6.7.6 2009.01.28 Trojan.Dropper.Gen Sophos 4.38.0 2009.01.28 Mal/Generic-A Sunbelt 3.2.1835.2 2009.01.16 - TheHacker 6.3.1.5.230 2009.01.29 - TrendMicro 8.700.0.1004 2009.01.28 - VBA32 3.12.8.11 2009.01.29 Backdoor.Win32.UltimateDefender.nf ViRobot 2009.1.28.1579 2009.01.28 Backdoor.Win32.TDSS.184832 VirusBuster 4.5.11.0 2009.01.28 - Additional information File size: 184832 bytes MD5...: 962ea4b209f7adc59fa04549cc26cd90 SHA1..: bc946c20b2ac079ee2790aaca6282021c8023bc1 SHA256: 63d81d5dff8e13ed9e183bb25b4cf4e225a213b7830c779c13d75b3985b87dca SHA512: 6a27dd013e0b835ef87c744e6b39a489f7d10d5e18def940b3f579477508e60a bacf24b539972205b8d9ccd5c59bdc5e2d89d4cb24b03b3ab8bc01c721127c82 ssdeep: 3072:KVt9nZnAGZ8ITLa4Tzpa+CaACxEEpETLxwxtjPkKN0OGM+QGuRWb:K3ZBZf aYFaBaxutYVP9KO1Wb PEiD..: - TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) VXD Driver (0.1%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x35000 timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992) machinetype.......: 0x14c (I386) ( 9 sections ) name viradd virsiz rawdsiz ntrpy md5 CODE 0x1000 0x4000 0x3b1b 6.53 52b7dd9abc357031bc4fa73256db3e5f DATA 0x5000 0x1000 0xbc 4.23 1a740d539567857811fbb17bcba0cc1a BSS 0x6000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .idata 0x7000 0x1000 0x5d9 4.32 ed346d7d259470b93b4f6229afa802ff .tls 0x8000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .rdata 0x9000 0x2000 0x13 2.46 231ec597a238bf6a2b7189bb5ece7901 .rsrc 0xb000 0x2829c 0x28400 7.37 39e91d717283d1716004f02a008aff14 WCALab 0x34000 0x1000 0x40 4.38 df9d9ede144141e069519f121bc26379 .Sunzer 0x35000 0x200 0x200 5.29 44b119a5b33da07429a3c8d65a3b6c74 ( 7 imports ) > kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, GetThreadLocale, GetStartupInfoA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, ExitProcess, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle > user32.dll: GetKeyboardType, MessageBoxA > advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey > oleaut32.dll: SysFreeString, SysReAllocStringLen > kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA > kernel32.dll: WriteFile, VirtualFree, VirtualAlloc, SizeofResource, SetFilePointer, SetEndOfFile, ReadFile, LockResource, LoadResource, GetTempPathA, FreeResource, FindResourceA, DeleteFileA, CreateFileA, CopyFileA, CloseHandle > shell32.dll: ShellExecuteA ( 0 exports ) Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=6244429800F818C3D2480237F9C99600D65A9ED7' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=6244429800F818C3D2480237F9C99600D65A9ED7</a> ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. edit : here is the combofix logfile : ComboFix 09-01-21.04 - dsticha 2009-01-28 19:45:40.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.146 [GMT -6:00] Running from: c:\documents and settings\dsticha\Desktop\Antispyware temp folder\Combo-Fix.exe Command switches used :: c:\documents and settings\dsticha\Desktop\Antispyware temp folder\CFScript.txt AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) FW: Norton Internet Worm Protection *disabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\whmomdtj\ c:\windows\yoxktwqs\ . ((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-29 ))))))))))))))))))))))))))))))) . 2009-01-28 10:21 . 2009-01-28 10:21 <DIR> d-------- C:\rsit 2009-01-28 10:17 . 2009-01-28 10:17 <DIR> d-------- c:\program files\Trend Micro 2009-01-28 10:17 . 2009-01-28 10:17 <DIR> d-------- C:\Hijackthis 2009-01-28 10:16 . 2009-01-28 10:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogMeIn 2009-01-28 10:16 . 2008-10-16 20:35 83,288 --a------ c:\windows\SYSTEM32\LMIRfsClientNP.dll 2009-01-28 10:16 . 2008-07-24 18:46 47,640 --a------ c:\windows\SYSTEM32\DRIVERS\LMIRfsDriver.sys 2009-01-28 10:16 . 2008-10-16 20:35 28,984 --a------ c:\windows\SYSTEM32\LMIport.dll 2009-01-28 10:15 . 2009-01-28 10:16 <DIR> d-------- c:\program files\LogMeIn 2009-01-28 10:15 . 2008-10-16 20:35 87,352 --a------ c:\windows\SYSTEM32\LMIinit.dll 2009-01-28 10:15 . 2009-01-28 10:15 1,024 --a------ C:\.rnd 2009-01-17 19:01 . 2009-01-17 19:01 <DIR> d-------- c:\documents and settings\dsticha\Application Data\Malwarebytes 2009-01-14 19:46 . 2009-01-14 19:46 <DIR> d-------- c:\documents and settings\AKokes\Application Data\Malwarebytes 2009-01-14 19:45 . 2009-01-14 19:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-14 19:45 . 2009-01-14 19:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-14 19:45 . 2009-01-14 16:11 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys 2009-01-14 19:45 . 2009-01-14 16:11 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys 2009-01-14 18:47 . 2009-01-14 18:47 184,832 --a------ c:\windows\SYSTEM32\soblofei.exe 2009-01-14 08:50 . 2009-01-14 20:04 4 --a------ c:\windows\yoxktwqs 2009-01-13 17:19 . 2009-01-14 08:50 2,412 --a------ c:\windows\whmomdtj . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-29 01:34 --------- d-----w c:\program files\Viewpoint 2009-01-29 01:34 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2009-01-13 23:13 --------- d-----w c:\program files\Symantec AntiVirus 2008-12-23 18:16 --------- d-----w c:\documents and settings\dsticha\Application Data\AdobeUM 2008-12-17 22:01 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-17 22:01 --------- d-----w c:\program files\Qwest 2008-12-17 22:01 --------- d-----w c:\program files\Common Files\supportsoft 2008-12-17 22:00 --------- d-----w c:\program files\Actiontec 2008-12-17 22:00 --------- d-----w c:\program files\2Wire 2008-12-17 20:28 --------- d-----w c:\documents and settings\jkrech\Application Data\InstallShield 2008-04-01 13:45 56,912 ----a-w c:\documents and settings\jkrech\g2mdlhlpx.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-17 124656] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-26 282624] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-09 2595792] "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-09 909208] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-09 136472] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2006-02-23 67264] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-01-14 724992] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-16 20:35 87352 c:\windows\SYSTEM32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-14 04:42 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [2008-09-05 99376] R4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856] R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\SYSTEM32\DRIVERS\LMIRfsDriver.sys [2009-01-28 47640] R4 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-03-17 115952] R4 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . Contents of the 'Scheduled Tasks' folder 2009-01-13 c:\windows\Tasks\defrag.job - c:\windows\SYSTEM32\DEFRAG.EXE [2008-04-14 04:42] 2009-01-15 c:\windows\Tasks\SHUTDOWN.job - c:\windows\system32\SHUTDOWN.EXE [2008-04-14 04:42] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {F5920B39-878F-45DB-A078-CE97214586B1} = 192.168.0.100,205.171.3.65,205.171.2.65 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-28 19:50:17 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(640) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll - - - - - - - > 'lsass.exe'(696) c:\windows\system32\relog_ap.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\windows\SYSTEM32\BAsfIpM.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Dell\OpenManage\Client\Iap.exe c:\program files\LogMeIn\x86\ramaint.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\program files\LogMeIn\x86\LMIGuardian.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Symantec AntiVirus\DoScan.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\LogMeIn\x86\LMIGuardian.exe . ************************************************************************** . Completion time: 2009-01-28 19:54:45 - machine was rebooted [dsticha] ComboFix-quarantined-files.txt 2009-01-29 01:54:40 ComboFix2.txt 2009-01-28 22:56:13 Pre-Run: 27,318,800,384 bytes free Post-Run: 27,333,488,640 bytes free 153 --- E O F --- 2008-12-19 09:01:11
  11. I noticed in the log from combofix that norton is shut down. Is that something combo fix does to facilitate scanning, or is my antivirus just magically turned off? And should I turn it back on?
  12. after reading a few other antivirus 2009 threads I figured you would want me to run combo-fix. Here are the logs you requested after running it : ComboFix 09-01-21.04 - dsticha 2009-01-28 16:41:08.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.154 [GMT -6:00] Running from: c:\documents and settings\dsticha\Desktop\Combo-Fix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) FW: Norton Internet Worm Protection *disabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm c:\windows\IE4 Error Log.txt c:\windows\system32\byXQJYqN.dll c:\windows\system32\drivers\fad.sys c:\windows\system32\idvftrfu.ini c:\windows\system32\polqqy.dll c:\windows\system32\TDSSosvd.dat c:\windows\system32\uhexxqgf.dll c:\windows\Tasks\fehhwnyt.job . ((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-28 ))))))))))))))))))))))))))))))) . 2009-01-28 10:21 . 2009-01-28 10:21 <DIR> d-------- C:\rsit 2009-01-28 10:17 . 2009-01-28 10:17 <DIR> d-------- c:\program files\Trend Micro 2009-01-28 10:17 . 2009-01-28 10:17 <DIR> d-------- C:\Hijackthis 2009-01-28 10:16 . 2009-01-28 10:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogMeIn 2009-01-28 10:16 . 2008-10-16 20:35 83,288 --a------ c:\windows\SYSTEM32\LMIRfsClientNP.dll 2009-01-28 10:16 . 2008-07-24 18:46 47,640 --a------ c:\windows\SYSTEM32\DRIVERS\LMIRfsDriver.sys 2009-01-28 10:16 . 2008-10-16 20:35 28,984 --a------ c:\windows\SYSTEM32\LMIport.dll 2009-01-28 10:15 . 2009-01-28 10:16 <DIR> d-------- c:\program files\LogMeIn 2009-01-28 10:15 . 2008-10-16 20:35 87,352 --a------ c:\windows\SYSTEM32\LMIinit.dll 2009-01-28 10:15 . 2009-01-28 10:15 1,024 --a------ C:\.rnd 2009-01-17 19:01 . 2009-01-17 19:01 <DIR> d-------- c:\documents and settings\dsticha\Application Data\Malwarebytes 2009-01-14 19:46 . 2009-01-14 19:46 <DIR> d-------- c:\documents and settings\AKokes\Application Data\Malwarebytes 2009-01-14 19:45 . 2009-01-14 19:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-14 19:45 . 2009-01-14 19:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-14 19:45 . 2009-01-14 16:11 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys 2009-01-14 19:45 . 2009-01-14 16:11 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys 2009-01-14 18:47 . 2009-01-14 18:47 184,832 --a------ c:\windows\SYSTEM32\soblofei.exe 2009-01-14 08:50 . 2009-01-14 20:04 4 --a------ c:\windows\yoxktwqs 2009-01-13 17:19 . 2009-01-14 08:50 2,412 --a------ c:\windows\whmomdtj . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-13 23:13 --------- d-----w c:\program files\Symantec AntiVirus 2008-12-23 18:16 --------- d-----w c:\documents and settings\dsticha\Application Data\AdobeUM 2008-12-17 22:01 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-17 22:01 --------- d-----w c:\program files\Qwest 2008-12-17 22:01 --------- d-----w c:\program files\Common Files\supportsoft 2008-12-17 22:00 --------- d-----w c:\program files\Actiontec 2008-12-17 22:00 --------- d-----w c:\program files\2Wire 2008-12-17 20:28 --------- d-----w c:\documents and settings\jkrech\Application Data\InstallShield 2008-04-01 13:45 56,912 ----a-w c:\documents and settings\jkrech\g2mdlhlpx.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-17 124656] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-26 282624] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-09 2595792] "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-09 909208] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-09 136472] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2006-02-23 67264] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-01-14 724992] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-16 20:35 87352 c:\windows\SYSTEM32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=ogfksb.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-14 04:42 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [2008-09-05 99376] R4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856] R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\SYSTEM32\DRIVERS\LMIRfsDriver.sys [2009-01-28 47640] R4 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-03-17 115952] R4 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728] R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-11 24652] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . Contents of the 'Scheduled Tasks' folder 2009-01-13 c:\windows\Tasks\defrag.job - c:\windows\SYSTEM32\DEFRAG.EXE [2008-04-14 04:42] 2009-01-15 c:\windows\Tasks\SHUTDOWN.job - c:\windows\system32\SHUTDOWN.EXE [2008-04-14 04:42] . - - - - ORPHANS REMOVED - - - - HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe MSConfigStartUp-AIM - c:\program files\AIM\aim.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.comcast.net/ uInternet Connection Wizard,ShellNext = hxxp://www.download.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 TCP: {F5920B39-878F-45DB-A078-CE97214586B1} = 192.168.0.100,205.171.3.65,205.171.2.65 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-28 16:52:56 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(624) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll - - - - - - - > 'lsass.exe'(680) c:\windows\system32\relog_ap.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\windows\SYSTEM32\BAsfIpM.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Dell\OpenManage\Client\Iap.exe c:\program files\LogMeIn\x86\ramaint.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\program files\LogMeIn\x86\LMIGuardian.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\program files\LogMeIn\x86\LMIGuardian.exe c:\program files\LogMeIn\x86\LMIGuardian.exe . ************************************************************************** . Completion time: 2009-01-28 16:56:12 - machine was rebooted [akokes] ComboFix-quarantined-files.txt 2009-01-28 22:56:08 Pre-Run: 27,271,966,720 bytes free Post-Run: 27,340,685,312 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 172 --- E O F --- 2008-12-19 09:01:11 And a new Hijackthis log : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:02, on 2009-01-28 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\basfipm.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.download.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - ESC Trusted Zone: http://dw.com.com O15 - ESC Trusted Zone: http://software-files.download.com O15 - ESC Trusted Zone: http://*.windowsupdate.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182383764137 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182383036162 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fantasticfloors.com O17 - HKLM\Software\..\Telephony: DomainName = fantasticfloors.com O17 - HKLM\System\CCS\Services\Tcpip\..\{F5920B39-878F-45DB-A078-CE97214586B1}: NameServer = 192.168.0.100,205.171.3.65,205.171.2.65 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fantasticfloors.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fantasticfloors.com O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fantasticfloors.com O20 - AppInit_DLLs: ogfksb.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 9468 bytes
  13. info.txt logfile of random's system information tool 1.05 2009-01-28 10:21:24 ======Uninstall list====== -->C:\Program Files\Installshield Installation Information\{08082022-2a50-4196-8196-a6f86d6e8f12}\QBReplace.exe {08082022-2a50-4196-8196-a6f86d6e8f12}#{01288593-26bb-4b3a-a04e-0a4ed28cc937} -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Acronis True Image Home-->MsiExec.exe /X{633A06C3-B709-479A-AAB3-5EE94AD9EE4B} Actiontec Gateway-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9692FD03-6662-4E62-B08C-30DFF51651E1}\setup.exe" -l0x9 Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01} Adobe Acrobat 6.0.1 Standard-->MsiExec.exe /I{AC76BA86-1033-0000-BA7E-000000000001} Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001} Anzio Lite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{584CB0DD-3B9C-4FF8-A91A-78F70D3CE4CA}\Setup.exe" Belarc Advisor 7.2-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG Broadcom Advanced Control Suite 2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033 Broadcom ASF Management Applications-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{25D24E84-64A9-40D2-85CF-540B1C4A6D52} /l1033 HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582 Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030} LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U LogMeIn-->MsiExec.exe /I{7F831576-6246-42C7-B523-55B3F96509CC} Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5 Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003} Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} OMCI-->MsiExec.exe /X{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B} QuickBooks Pro Edition 2004-->C:\Program Files\Installshield Installation Information\{2b02f822-a9b9-458c-80e5-3ea8c0de8471}\QBReplace.exe {2b02f822-a9b9-458c-80e5-3ea8c0de8471}#{2B02F82E-A9B9-458C-80E5-3EA8C0DE8471} QuickConnect-->C:\Program Files\InstallShield Installation Information\{4998FF95-709A-430A-B104-92A009ABB848}\setup.exe -runfromtemp -l0x0009 -removeonly Qwest QuickAssist Desktop Tools-->MsiExec.exe /I{A63E18AC-B504-4045-AFE6-A279BBABB988} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Symantec AntiVirus-->MsiExec.exe /I{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428} Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u Viewpoint Toolbar-->C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\Uninstaller.exe /u /k /url "http://www.viewpoint.com/pub/uninstallcompleted.html" Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" ======Hosts File====== 192.168.0.100 server 192.168.0.101 Jerry 192.168.0.102 Jill 192.168.0.103 RETAIL2 192.168.0.104 RETAIL1 192.168.0.105 FRONTDESK 192.168.0.106 Debbie 192.168.0.107 LREA 192.168.0.108 TIM_OFFICE 192.168.0.109 linda ======Security center information====== AV: Symantec AntiVirus Corporate Edition (disabled) FW: Norton Internet Worm Protection (disabled) System event log Computer Name: DAN Event Code: 6006 Message: The Event log service was stopped. Record Number: 31684 Source Name: EventLog Time Written: 20081015000042.000000-300 Event Type: information User: Computer Name: DAN Event Code: 1074 Message: The process winlogon.exe has initiated the restart of DAN for the following reason: No title for this reason could be found Minor Reason: 0xff Shutdown Type: reboot Comment: Record Number: 31683 Source Name: USER32 Time Written: 20081015000009.000000-300 Event Type: information User: NT AUTHORITY\SYSTEM Computer Name: DAN Event Code: 7036 Message: The LiveUpdate service entered the stopped state. Record Number: 31682 Source Name: Service Control Manager Time Written: 20081014234620.000000-300 Event Type: information User: Computer Name: DAN Event Code: 7036 Message: The LiveUpdate service entered the running state. Record Number: 31681 Source Name: Service Control Manager Time Written: 20081014234606.000000-300 Event Type: information User: Computer Name: DAN Event Code: 7035 Message: The LiveUpdate service was successfully sent a start control. Record Number: 31680 Source Name: Service Control Manager Time Written: 20081014234606.000000-300 Event Type: information User: NT AUTHORITY\SYSTEM Application event log Computer Name: DAN Event Code: 101 Message: Information Level: success Scheduler launched Automatic LiveUpdate. Record Number: 71739 Source Name: Automatic LiveUpdate Scheduler Time Written: 20090110070646.000000-360 Event Type: information User: NT AUTHORITY\SYSTEM Computer Name: DAN Event Code: 1 Message: Chassis intrusion detected. This typically does NOT indicate a hardware failure. 1. Contact your Help Desk if you did not personally open your chassis. 2. Enter System Setup & Set Chassis Intrusion to 'Clear'. Record Number: 71738 Source Name: OMCI Time Written: 20090110063902.000000-360 Event Type: information User: Computer Name: DAN Event Code: 1053 Message: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted. Record Number: 71737 Source Name: Userenv Time Written: 20090110062351.000000-360 Event Type: error User: NT AUTHORITY\SYSTEM Computer Name: DAN Event Code: 1 Message: Chassis intrusion detected. This typically does NOT indicate a hardware failure. 1. Contact your Help Desk if you did not personally open your chassis. 2. Enter System Setup & Set Chassis Intrusion to 'Clear'. Record Number: 71736 Source Name: OMCI Time Written: 20090110060902.000000-360 Event Type: information User: Computer Name: DAN Event Code: 1053 Message: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted. Record Number: 71735 Source Name: Userenv Time Written: 20090110060223.000000-360 Event Type: error User: NT AUTHORITY\SYSTEM ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel "PROCESSOR_REVISION"=0401 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- It appears that there is a hijackthis log included in the first logfile, so I'll skip that for now. Let me know if you folks want something else...
  14. edit : I fixed the name of the thread Hi guys. I've been trying to clean this machine for a while now with limited success. The only way I can get on now is with add ons disabled here are the log files requested in the getting started thread : Logfile of random's system information tool 1.05 (written by random/random) Run by dsticha at 2009-01-28 10:21:19 Microsoft Windows XP Professional Service Pack 3 System drive C: has 26 GB (69%) free of 38 GB Total RAM: 502 MB (39% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:21:21 AM, on 1/28/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\basfipm.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\dsticha\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\dsticha.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: &Research - {0B014B81-4E12-46F9-806F-55867AF8FD3C} - C:\WINDOWS\SYSTEM32\winsystems.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-21-3838740422-2293467068-509530460-1172\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'AKokes') O4 - HKUS\S-1-5-21-3838740422-2293467068-509530460-1172\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'AKokes') O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182383764137 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182383036162 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fantasticfloors.com O17 - HKLM\Software\..\Telephony: DomainName = fantasticfloors.com O17 - HKLM\System\CCS\Services\Tcpip\..\{F5920B39-878F-45DB-A078-CE97214586B1}: NameServer = 192.168.0.100,205.171.3.65,205.171.2.65 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fantasticfloors.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fantasticfloors.com O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fantasticfloors.com O20 - AppInit_DLLs: ogfksb.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 9752 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\defrag.job C:\WINDOWS\tasks\fehhwnyt.job C:\WINDOWS\tasks\SHUTDOWN.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-03 54248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B014B81-4E12-46F9-806F-55867AF8FD3C}] &Research - C:\WINDOWS\SYSTEM32\winsystems.dll [2004-08-04 296960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}] Viewpoint Toolbar BHO - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll [2007-11-28 32867] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456] {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - Viewpoint Toolbar - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll [2007-11-28 327759] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [2003-11-19 32881] "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-03-07 53408] "vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-03-17 124656] "Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-04-14 143360] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-01-26 282624] "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688] "TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2008-04-09 2595792] "AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2008-04-09 909208] "Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2008-04-09 136472] "LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-07-24 63048] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="ogfksb.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit] C:\WINDOWS\system32\LMIinit.dll [2008-10-16 87352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] C:\WINDOWS\system32\NavLogon.dll [2006-03-17 43760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 relog_ap [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2009-01-28 10:21:19 ----D---- C:\rsit 2009-01-28 10:17:24 ----D---- C:\Program Files\Trend Micro 2009-01-28 10:17:08 ----D---- C:\Hijackthis 2009-01-28 10:16:20 ----D---- C:\Documents and Settings\All Users\Application Data\LogMeIn 2009-01-28 10:16:15 ----A---- C:\WINDOWS\system32\LMIRfsClientNP.dll 2009-01-28 10:16:15 ----A---- C:\WINDOWS\system32\LMIport.dll 2009-01-28 10:16:09 ----D---- C:\WINDOWS\LastGood 2009-01-28 10:15:57 ----A---- C:\WINDOWS\system32\LMIinit.dll 2009-01-28 10:15:45 ----D---- C:\Program Files\LogMeIn 2009-01-17 19:01:24 ----D---- C:\Documents and Settings\dsticha\Application Data\Malwarebytes 2009-01-14 19:45:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-01-14 19:45:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-01-14 19:20:38 ----N---- C:\WINDOWS\system32\byXQJYqN.dll 2009-01-14 18:47:41 ----A---- C:\WINDOWS\system32\soblofei.exe 2009-01-13 17:22:22 ----A---- C:\WINDOWS\system32\polqqy.dll 2009-01-13 17:22:20 ----A---- C:\WINDOWS\system32\uhexxqgf.dll 2009-01-13 17:21:12 ----SH---- C:\WINDOWS\system32\idvftrfu.ini 2009-01-13 17:19:44 ----A---- C:\WINDOWS\system32\0763309b-.txt ======List of files/folders modified in the last 1 months====== 2009-01-28 10:17:35 ----D---- C:\WINDOWS\Prefetch 2009-01-28 10:17:24 ----RD---- C:\Program Files 2009-01-28 10:16:21 ----SHD---- C:\WINDOWS\Installer 2009-01-28 10:16:15 ----D---- C:\WINDOWS\system32\DRIVERS 2009-01-28 10:16:15 ----D---- C:\WINDOWS\SYSTEM32 2009-01-28 10:16:12 ----HD---- C:\WINDOWS\INF 2009-01-28 10:16:09 ----D---- C:\WINDOWS 2009-01-28 10:16:08 ----D---- C:\WINDOWS\Temp 2009-01-27 13:23:05 ----D---- C:\WINDOWS\system32\CatRoot2 2009-01-27 11:16:29 ----D---- C:\WINDOWS\SECURITY 2009-01-14 20:04:00 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-01-14 19:45:23 ----SHD---- C:\WINDOWS\CSC 2009-01-14 18:47:53 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-01-13 17:14:02 ----SD---- C:\WINDOWS\Tasks 2009-01-13 17:13:29 ----D---- C:\Program Files\Symantec AntiVirus 2009-01-09 08:48:34 ----A---- C:\WINDOWS\BRPP2KA.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2005-04-07 3840] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153] R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys [] R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys [] R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [] R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-01-24 195776] R2 BASFND;BASFND; \??\C:\WINDOWS\system32\Drivers\BASFND.sys [] R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [] R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [] R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-10-22 44384] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816] R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 36224] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812] R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090109.003\naveng.sys [] R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090109.003\navex15.sys [] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352] R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS [] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-05-29 186112] S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-01-24 24768] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2008-04-09 431384] R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-02-23 100032] R2 BAsfIpM;Broadcom ASF IP monitoring service v6.0.4; C:\WINDOWS\system32\basfipm.exe [2004-04-01 77824] R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-03-07 169632] R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-03-17 30448] R2 Iap;Iap; C:\Program Files\Dell\OpenManage\Client\Iap.exe [2004-02-13 155648] R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2008-10-16 116032] R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-07-24 63040] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-03-17 115952] R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-02-06 1160848] R2 sprtlisten;SupportSoft Listener Service; C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728] R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2008-04-09 492896] R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] R3 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-03-07 192160] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-01-24 214720] S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [2008-01-08 394608] S3 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-03-17 1799408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880] -----------------EOF-----------------
  15. it would appear that the problem is resolved. My fatherinlaw is on orders to contact me if there are more popup problems. So in the meantime, thanks for the help and you can move this to the resolved section. Juliet - thanks again for the patience and assistance, Andy.
×
×
  • Create New...