Jump to content

Temp0.exe? pt. 1- my post was too long


Recommended Posts

I was directed here from another post. McAfee keeps alerting me to the presence of Temp0.exe. See my original posts here: http://www-

307.ibm.com/pc/support/IbmEgath.cab

O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) -

https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common

Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32

\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32

\ibmpmsvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program

Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program

Files\McAfee\VirusScan Enterprise\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program

Files\McAfee\VirusScan Enterprise\vstskmgr.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation -

C:\WINDOWS\System32\S24EvMon.exe

O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32

\TpKmpSVC.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program

Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 11712 bytes

Any help would be greatly appreciated.

Link to post
Share on other sites

  • Root Admin

Hello researchvet.

Let me ask you this. Is this a Work computer? Normally home users don't have an Enterprise version.

The reason I ask is that most Companies take a dim view of users fixing, repairing, or otherwise altering their computers. They have their own IT Support that manages these systems. I don't want you to get in trouble for working on the system if it's a work computer.

1. Do you have the original installation disk for McAfee ?

2. Have you contacted McAfee about this problem?

3. You should go and undo the prevention of files executing from the %temp% as many programs require access to this folder for normal operation.

4. Update McAfee manually to the latest version once again after undoing the permissions on the %temp% location.

5. You need to decide which forum you want to get assistance from as most sites take a dim view of working against each other or giving different advice at the same time. Bottom line is I'm sure you want help and either forum can provide you with assistance, but only one should be helping you. If you have an open post on Bleeping then you should remain there and follow their instructions.

Let us know please and we can proceed as you want based on your answers.

.

Link to post
Share on other sites

Hello researchvet.

Let me ask you this. Is this a Work computer? Normally home users don't have an Enterprise version.

The reason I ask is that most Companies take a dim view of users fixing, repairing, or otherwise altering their computers. They have their own IT Support that manages these systems. I don't want you to get in trouble for working on the system if it's a work computer.

1. Do you have the original installation disk for McAfee ?

2. Have you contacted McAfee about this problem?

3. You should go and undo the prevention of files executing from the %temp% as many programs require access to this folder for normal operation.

4. Update McAfee manually to the latest version once again after undoing the permissions on the %temp% location.

5. You need to decide which forum you want to get assistance from as most sites take a dim view of working against each other or giving different advice at the same time. Bottom line is I'm sure you want help and either forum can provide you with assistance, but only one should be helping you. If you have an open post on Bleeping then you should remain there and follow their instructions.

Let us know please and we can proceed as you want based on your answers.

.

This is a personal computer. However, I received the McAfee program through my college. Students download it from their server using FirstClass. I have now graduated so I cannot access the college's IT help forums. So, I never had a CD. Also, because I received McAfee through my school, my past attempts to contact them have failed-- they tell you to speak with the IT department.

My fear in allowing programs to run from the temp folder is that the TEMP0.exe file will run.

I would like to get assistance from this forum. I had asked on the other forum because I was having problems with SDFix, something that site recommends.

Can you help me deal with Temp0.exe and all of these other issues? Can you see what my problem is from the info I posted?

Link to post
Share on other sites

Link to your thread at BC please. You can't get help at two forums at the same time. This can cause major damage and takes up the time of two helpers.

I noticed that many users were posting in both forums and did not realize this was not allowed. However, I am taking the advice of this forum.

Link to post
Share on other sites

  • Root Admin
However, I am taking the advice of this forum.

Well based on the fact that you don't have a valid CD, a valid update account, or any other reason to stay with McAfee (which is a huge resource hog on your computer) I recommend that you fully remove it and install one of the free versions of Antivirus

Avira AntiVir Personal - FREE Antivirus

or

FREE avast! antivirus 4.x Home Edition

ESET/NOD32 is also a good Antivirus product but it is not free.

You can keep McAfee if you choose to, but it is not my recommendation. If you do keep it then you will need to disable it for the tests that we need to do.

Let me know what you would like to do please so that we can move on to the Pre-Hijackthis portion to get further information from your system while McAfee is not interfering with the scans.

.

Link to post
Share on other sites

Well based on the fact that you don't have a valid CD, a valid update account, or any other reason to stay with McAfee (which is a huge resource hog on your computer) I recommend that you fully remove it and install one of the free versions of Antivirus

Avira AntiVir Personal - FREE Antivirus

or

FREE avast! antivirus 4.x Home Edition

ESET/NOD32 is also a good Antivirus product but it is not free.

You can keep McAfee if you choose to, but it is not my recommendation. If you do keep it then you will need to disable it for the tests that we need to do.

Let me know what you would like to do please so that we can move on to the Pre-Hijackthis portion to get further information from your system while McAfee is not interfering with the scans.

.

I am able to update McAfee using their control panel. In any case, for now I think I would like to hang on to it, but disable it for the tests. I appreciate your help. I'll wait to hear back.

Link to post
Share on other sites

  • Root Admin

Okay you can keep it. Just make sure you disable it as it will prevent us from properly scanning your system.

STEP 1

Please download and run an updated version of Spybot Search & Destroy.

STEP 2

Download
CCleaner
from
here
to clean temp files from your computer.

  • Double click on the ccsetup.exe file to start the installation of the program.
  • Select your language and click
    OK
    , then
    next
    .

  • Read the license agreement and click
    I Agree
    .

  • Click
    next
    to use the default install location.

  • Under Install Options, choose all the default settings except
    I would recommend that you unclick/untick install the Yahoo! Toolbar, unless you want it. You can also Uncheck the 'Automatically check for updates' box.

  • Click
    Install
    then
    finish
    to complete installation.

  • Double click the
    CCleaner
    shortcut on the desktop to start the program.

  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).

  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.

  • Click on the "Options" icon at the left side of the window, then click on "Advanced."

    deselect
    "Only delete files in Windows Temp folders older than 48 hours."

  • Caution:
    It is not recommended that you use the "Registry" feature unless you are very familiar with the registry as it has been known to find legitimate items.
    Click on Registry and make sure Registry Integrity is UNchecked!

  • Click on the "Cleaner" icon on the left side of the window, then click
    Run Cleaner
    to run the program.

  • After
    CCleaner
    has completed its process, click
    Exit.

STEP 3

Update Malwarebytes and run a
Quick Scan
and fix any issues found

STEP 4

PANDA ONLINE SCAN

(NOTE: You must use Internet Explorer)

Please go
>here<
to run Panda's ActiveScan
  • Once you are on the Panda site, click the
    Scan your PC now
    button
  • A new window will open...click the
    Scan Now
    button

  • Allow the ActiveX control to be installed. It will start downloading the files it requires for the scan. Note: This may take a couple of minutes

  • Run
    the ActiveX control, if requested. The screen will then show the scanning progress - the scan will take a while to finish. Please be patient.

  • When the scan has finished, click on
    Export To

  • Save the file as
    Activescan.txt
    to your Desktop

  • Close the Activescan window then go to your Desktop

  • Double-click on
    Activescan.txt
    and it will open in Notepad

  • In Notepad, click
    Edit
    >
    Select all
    , then
    Edit
    >
    Copy

  • Reply to this thread and click
    Ctrl+V
    to paste the log in your reply

STEP 5

Run HJT and do a Scan Only and save the log file.

STEP 6

Return here and post the log files from Spybot, MB, PANDA, HJT

.

Link to post
Share on other sites

Okay you can keep it. Just make sure you disable it as it will prevent us from properly scanning your system.
Return here and post the log files from Spybot, MB, PANDA, HJT

.

I followed these steps and posted them above. An admin had directed me to do so in a different post on the forum. I could not post the full Spybot log because it the forum indicated it was too long even if I broke it into several posts.

Thanks.

Link to post
Share on other sites

  • Root Admin

MAKE SURE McAfee is disabled so that ComboFix and DSS can both run properly

We need these programs to run properly and not be stopped by McAfee. IF you have ComboFix or DSS already please delete them and download a new version and follow the instructions below.

Start HJT and do a Scan Only

Then place a check mark on the following items.

O4 - HKLM\..\RunOnce: [spybotDeletingA2451] command /c del "C:\WINDOWS\wt\webdriver.dll"

O4 - HKLM\..\RunOnce: [spybotDeletingC5495] cmd /c del "C:\WINDOWS\wt\webdriver.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingB9260] command /c del "C:\WINDOWS\wt\webdriver.dll"

O4 - HKCU\..\RunOnce: [spybotDeletingD3167] cmd /c del "C:\WINDOWS\wt\webdriver.dll"

Quit any open browsers and then click on "Fix checked"

Please start Malwarebytes and go to the UPDATE tab and update the program. Then run a
Quick Scan
and post back the log

Then go to the
More Tools
tab and click on the
Run Tool
button for
FileASSASSIN
and browse to these files and force delete them if they're still on your system.

C:\Documents and Settings\Katie Pierce\Local Settings\Application Data\Wildtangent\Cdacache\00\00\1D.dat

C:\Documents and Settings\Katie Pierce\Local Settings\Application Data\Wildtangent\Cdacache\00\00\17.dat

Download
The Avenger by Swandog469
, and save it to your Desktop.
  • Extract avenger.exe from the Zip file and save it to your desktop
  • Run avenger.exe by double-clicking on it.

  • Check the 'Input script manually' box.

  • Click on the magnifying glass icon.

  • Copy everything in the code box below, and paste it in the box that opens:

    Folders to delete:

    C:\WINDOWS\wt


  • Now click the 'Done' button.

  • Click on the traffic light icon and OK the prompt.

  • You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.

  • A log file from Avenger will be produced at C:\avenger.txt

Download and Run ComboFix

from your DESKTOP (It must be run from the Desktop)

If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.

If it does, open
Task Manager
then
Processes
tab (press ctrl, alt and del at the same time) and end any processes of
findstr, find, sed or swreg
, then combofix should continue.

If that happened we want to know, and also what process you had to end

Then run this tool

Download
Deckard's System Scanner (DSS)
to your
Desktop
.

Note: You must be logged onto an account with administrator privileges.

  1. Close
    all applications and windows.
  2. Double-click
    on
    dss.exe
    to run it, and follow the prompts.

  3. When the scan is complete, two text files will open -
    main.txt
    <- this one will be maximized
    and
    extra.txt
    <-this one will be minimized

  4. Copy
    (Ctrl+A then Ctrl+C)
    and paste
    (Ctrl+V)
    the contents of
    main.txt
    and the extra.txt to your post in your reply

What DSS will do:

  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.

  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Notes:

The first time that the Deckard scanner is run, the extra.txt is generated in a minimized window. The second time you will not obtain the extra.txt. You must go to
Start
=>
Run
and copy the following
"%userprofile%\desktop\dss.exe" /config
in the line and click OK You will receive a pop-up box with options to check for the Main log and Extra Log and Options.

Post back the logs from these applications on your next reply.

.

Link to post
Share on other sites

Hi researchvet,

If you can please post the requested information. I'm going to be leaving for vacation next week and I don't want to have to leave this with someone else if I can prevent it.

Thanks

I apologize for the delay. I have been dealing with some health problems and was away from home. I just ran HJT and this time the files you told me to remove did not come up on the scan. Here is the latest log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:14:33 PM, on 7/14/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\QCONSVC.EXE

C:\WINDOWS\System32\RegSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\TpKmpSVC.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

C:\WINDOWS\Uidler.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll

O4 - HKLM\..\Run: [s3TRAY2] S3Tray2.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [storageGuard] "c:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB002" /M "Stylus C82"

O4 - HKLM\..\Run: [uidler] C:\WINDOWS\Uidler.exe /start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Gizmo Project for LJ Talk] C:\Program Files\Gizmo Project for LJ Talk\Gizmo-LJ.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab

O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 11271 bytes

Should I continue through the next steps in your post? Anything in this latest HJT that I should remove?

Thank you.

Link to post
Share on other sites

  • Root Admin

I'm sorry to hear of your health issues. Hope you're doing better now.

Yes, please step through the tasks as I posted above. For those items in the HJT log that are no longer there you can ignore, but then disable your McAfee AntiVirus and run the other tools so that we can ensure your system gets cleaned up.

Post back the results as requested. Thanks.

Link to post
Share on other sites

I'm sorry to hear of your health issues. Hope you're doing better now.

Yes, please step through the tasks as I posted above. For those items in the HJT log that are no longer there you can ignore, but then disable your McAfee AntiVirus and run the other tools so that we can ensure your system gets cleaned up.

Post back the results as requested. Thanks.

When I entered the two Wild Tangent files to be deleted using Mawarebytes File Assassin, I saw that there were other Wild Tangent files. Should I delete the entire Cdacache? The entire Wild Tangent file? Or only the two .dats specified in the original post?

Link to post
Share on other sites

Also, when I opened The Avenger, the instructions given in the post were not applicable.

These items are not there:

# Check the 'Input script manually' box.

# Click on the magnifying glass icon.

# Copy everything in the code box below, and paste it in the box that opens:

CODE

Folders to delete:

C:\WINDOWS\wt

# Now click the 'Done' button.

# Click on the traffic light icon and OK the prompt.

When it is open there is just a place that says, "input script here." The only two boxes to check are "Scan for rootkits" and "automatically disable any rootkits found."

Should I paste in

Folders to delete:

C:\WINDOWS\wt

into that field?

Link to post
Share on other sites

  • Root Admin

Let's try to check this file with some other vendors. Maybe Spybot is not accurately marking it.

Wild Tangent is a Game development studio and though in marketing it may not be an actual virus or malware.

Please visit this site and upload and test the file below

Online malware scan

C:\WINDOWS\wt\webdriver.dll

I'll download the exact version of Avenger and see what's up with it. The interface may be different now, and I'll get back to you.

Let me know what Jotti finds about that file please.

Link to post
Share on other sites

Let's try to check this file with some other vendors. Maybe Spybot is not accurately marking it.

Wild Tangent is a Game development studio and though in marketing it may not be an actual virus or malware.

Please visit this site and upload and test the file below

Online malware scan

C:\WINDOWS\wt\webdriver.dll

I'll download the exact version of Avenger and see what's up with it. The interface may be different now, and I'll get back to you.

Let me know what Jotti finds about that file please.

I don't actually see the wt file under windows. When I entered C:\WINDOWS\wt\webdriver.dll into the program this came up:

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

Also, in reference to deleting the files like

C:\Documents and Settings\Katie Pierce\Local Settings\Application Data\Wildtangent\Cdacache\00\00\1D.dat

using file assassin, I noticed that I cannot find by hand the local settings folder-- I can't see it under Katie Pierce. However, when I entered the file into the program, it was able to pull it up. Is there a way for me to access the folder, local settings?

Given that I had run into problems previously with McAfee, today I unistalled all of the spyware programs, turned off mcafeee, and have been collecting new logs from spybot, malware bytes, HJT, and Panda. Would you like me to post these new logs as well? (I am currently running Panda.)

Finally, I noticed a quarantine folder that has some files in it, should I delete them?

Link to post
Share on other sites

  • Root Admin

Yes please post the logs. No for now do not delete the quarantine files. There is a tool to remove stuff when we're all done.

You need to unhide your folders and files. Open My Computer, click on Tools, Folder Options, then the View tab, place a check mark in the following items.

Display the contents of the system folders

Show hidden files and folders

Then UNCHECK the following items

Hide extensions for known file types

Hide protected operating system files (Recommended)

Click on Apply, then OK

That should allow you to see all the hidden files and folders on the system.

Also, when you reply and you see my response in the edit window, you can delete all of my response as it's not needed.

Link to post
Share on other sites

When I ran Spybot it picked up the Wildtangent files, said it would delete them, but they still appear under local settings. Two of the files under Cdacache were deleted when I used malawarebyte's file assasin. I did not delete the others and am wondering if we should do that.

While running a new Panda scan I got the blue screen of death and my computer shut down. Do you want me to try and run another full scan? I was able to run a quick scan. The log is:

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-07-14 18:53:54

PROTECTIONS: 1

MALWARE: 6

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

McAfee VirusScan Enterprise 8.5.0.781 No Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00103551 adware/windowenhancer Adware No 0 Yes No c:\windows\system32\sbutils

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.com.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.statcounter.com/]

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[statse.webtrendslive.com/]

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.overture.com/]

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.overture.com/]

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.adultfriendfinder.com/]

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Katie Pierce\Application Data\Mozilla\Firefox\Profiles\q4ns5c86.default\cookies.txt[.adultfriendfinder.com/]

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location "

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description "

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

Combofix:

ComboFix 08-07-13.14 - Katie Pierce 2008-07-14 17:03:53.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.210 [GMT -4:00]

Running from: C:\Documents and Settings\Katie Pierce\Desktop\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))

.

2008-07-14 13:18 . 2008-07-14 14:36 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-07-14 13:18 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-07-14 13:18 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-07-11 16:38 . 2008-07-11 16:41 <DIR> d-------- C:\Documents and Settings\Katie Pierce\Application Data\CVS

2008-07-10 13:23 . 2008-07-10 13:23 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-07-07 20:06 . 2008-07-07 20:06 <DIR> d-------- C:\Program Files\Trend Micro

2008-07-07 19:37 . 2008-07-07 19:37 557,056 --a------ C:\Documents and Settings\Katie Pierce\GoToAssist_phone__317_en.exe

2008-07-07 16:35 . 2008-07-14 15:42 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-07-07 16:35 . 2008-07-14 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-07-06 23:11 . 2008-07-06 23:11 <DIR> d-------- C:\Documents and Settings\Katie Pierce\Application Data\Malwarebytes

2008-07-06 23:11 . 2008-07-06 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-07-06 21:59 . 2008-07-06 21:59 <DIR> d-------- C:\WINDOWS\ERUNT

2008-07-06 21:26 . 2008-07-06 22:26 <DIR> d-------- C:\SDFix

2008-07-01 19:05 . 2008-07-01 19:05 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard

2008-07-01 19:01 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll

2008-07-01 19:01 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll

2008-07-01 19:01 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll

2008-07-01 19:01 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe

2008-07-01 19:01 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe

2008-07-01 19:01 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll

2008-07-01 19:00 . 2008-07-01 19:01 <DIR> d-------- C:\Program Files\HP

2008-07-01 18:59 . 2008-07-01 19:05 68,294 --a------ C:\WINDOWS\hpoins05.dat

2008-07-01 18:59 . 2005-07-15 11:17 51,120 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys

2008-07-01 18:59 . 2005-07-15 11:17 21,744 --a------ C:\WINDOWS\system32\drivers\HPZius12.sys

2008-07-01 18:59 . 2005-07-15 11:17 19,696 --------- C:\WINDOWS\hpomdl05.dat

2008-07-01 18:59 . 2005-07-15 11:17 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys

2008-07-01 18:57 . 2005-07-15 11:17 708,608 --a------ C:\WINDOWS\system32\hpotiop.dll

2008-07-01 18:57 . 2005-07-15 11:17 278,528 --a------ C:\WINDOWS\system32\hpgwiamd.dll

2008-07-01 18:57 . 2005-07-15 11:17 274,432 --a------ C:\WINDOWS\system32\HPZc3212.dll

2008-07-01 18:57 . 2005-07-15 11:17 229,376 --a------ C:\WINDOWS\system32\hpovst08.dll

2008-07-01 18:56 . 2005-07-15 11:17 393,216 --a------ C:\WINDOWS\system32\hpzcon12.dll

2008-07-01 18:56 . 2005-07-15 11:17 196,608 --a------ C:\WINDOWS\system32\hpzcoi12.dll

2008-07-01 18:56 . 2005-07-15 11:17 139,345 --a------ C:\WINDOWS\system32\hpzlnt12.dll

2008-07-01 18:55 . 2008-07-01 18:59 <DIR> d-------- C:\Temp\HP_WebRelease

2008-07-01 18:55 . 2008-07-01 18:55 <DIR> d-------- C:\Temp

2008-07-01 18:35 . 2008-04-13 14:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-07-01 18:35 . 2008-04-13 14:45 32,128 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-06-30 16:07 . 2008-06-30 16:07 <DIR> d-------- C:\Program Files\CCleaner

2008-06-30 15:34 . 2008-06-30 15:49 <DIR> d-------- C:\Documents and Settings\Katie Pierce\Application Data\Uniblue

2008-06-29 00:53 . 2008-06-30 16:02 <DIR> d-------- C:\Program Files\DNA

2008-06-29 00:53 . 2008-06-30 15:52 <DIR> d-------- C:\Documents and Settings\Katie Pierce\Application Data\DNA

2008-06-29 00:47 . 2008-07-14 15:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-06-29 00:47 . 2008-06-29 00:47 1,409 --a------ C:\WINDOWS\QTFont.for

2008-06-20 13:46 . 2008-06-20 13:46 245,248 --------- C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 13:46 . 2008-06-20 13:46 147,968 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 07:51 . 2008-06-20 07:51 361,600 --------- C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 07:40 . 2008-06-20 07:40 138,496 --------- C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 07:08 . 2008-06-20 07:08 225,856 --------- C:\WINDOWS\system32\dllcache\tcpip6.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-10 19:47 --------- d-----w C:\Documents and Settings\Katie Pierce\Application Data\U3

2008-06-29 03:49 --------- d-----w C:\Program Files\DivX

2008-06-26 17:44 --------- d-----w C:\Program Files\FirstClass

2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-10 02:03 --------- d-----w C:\Program Files\Common Files\Adobe

2008-06-10 01:59 --------- d-----w C:\Documents and Settings\Katie Pierce\Application Data\AdobeUM

2008-05-27 16:40 --------- d-----w C:\Program Files\Apple Software Update

2008-05-24 22:55 --------- d-----w C:\Program Files\Semagic

2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-05-21 21:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee

2008-05-21 21:32 --------- d-----w C:\Program Files\McAfee

2008-05-21 21:31 --------- d-----w C:\Program Files\Common Files\McAfee

2008-05-21 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates

2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll

2008-05-09 10:53 90,112 ------w C:\WINDOWS\system32\dllcache\wshext.dll

2008-05-09 10:53 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll

2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll

2008-05-09 10:53 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll

2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll

2008-05-09 10:53 180,224 ------w C:\WINDOWS\system32\dllcache\scrobj.dll

2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll

2008-05-09 10:53 172,032 ------w C:\WINDOWS\system32\dllcache\scrrun.dll

2008-05-08 14:02 203,136 ------w C:\WINDOWS\system32\dllcache\rmcast.sys

2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe

2008-05-08 11:24 155,648 ------w C:\WINDOWS\system32\dllcache\wscript.exe

2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe

2008-05-07 09:07 135,168 ------w C:\WINDOWS\system32\dllcache\cscript.exe

2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-07 05:12 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll

2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll

2008-04-14 09:42 11,264 ------w C:\WINDOWS\system32\spnpinst.exe

2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll

2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll

2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll

2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll

2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll

2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll

2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll

2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll

2005-07-21 04:19 94,520 ----a-w C:\Documents and Settings\Katie Pierce\Application Data\GDIPFONTCACHEV1.DAT

2007-07-26 20:01 114,688 ----a-w C:\Program Files\internet explorer\plugins\ChimeShim.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]

"MSMSGS"="C:\Program Files\Messenger\MSMSGS.EXE" [2008-04-13 20:12 1695232]

"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2003-07-21 16:00 540672]

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-08-19 19:34 3084288]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-08-01 11:22 110592]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-08-01 11:21 618496]

"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2003-08-07 19:57 94208]

"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2003-01-17 05:32 64000]

"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [2003-01-17 05:32 20480]

"QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2003-03-27 06:06 53248]

"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2003-08-08 19:39 897024]

"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2002-12-24 06:01 204800]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-04-30 01:00 315392]

"StorageGuard"="c:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 04:01 155648]

"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2003-07-21 16:00 540672]

"EPSON Stylus C82 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE" [2002-04-25 03:00 74240]

"Uidler"="C:\WINDOWS\Uidler.exe" [2001-08-02 18:21 57344]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20 122940]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-30 13:20 185784]

"Gizmo Project for LJ Talk"="C:\Program Files\Gizmo Project for LJ Talk\Gizmo-LJ.exe" [2006-10-13 18:45 2985984]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 20:50 112216]

"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 11:27 136768]

"S3TRAY2"="S3Tray2.exe" [2001-10-12 02:32 69632 C:\WINDOWS\system32\S3Tray2.exe]

"BluetoothAuthenticationAgent"="irprops.cpl" [2008-04-13 20:12 380416 C:\WINDOWS\system32\irprops.cpl]

"TP4EX"="tp4ex.exe" [2002-09-04 05:05 53248 C:\WINDOWS\system32\TP4EX.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 09:53 88363 C:\WINDOWS\AGRSMMSG.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-13 17:49:41 113664]

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2006-02-09 14:50:10 114688]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 05:01:04 83360]

NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2004-08-14 13:19:29 118784]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"C:\\Program Files\\myTunes Redux\\mDNSResponder.exe"=

"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"C:\\StubInstaller.exe"=

"C:\\Program Files\\Gizmo Project for LJ Talk\\mDNSResponder.exe"=

"C:\\Program Files\\Gizmo Project for LJ Talk\\Gizmo-LJ.exe"=

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\AIM\\aim.exe"=

"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Support.com\\Bin\\tgcmd.exe"=

"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2003-03-27 06:06]

R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2003-01-17 05:32]

R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]

S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2003-12-15 19:22]

.

Contents of the 'Scheduled Tasks' folder

"2008-06-13 12:28:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2005-12-30 22:39:44 C:\WINDOWS\Tasks\BMMTask.job"

- C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE

"2008-07-10 19:34:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"

- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

"2008-06-30 19:34:28 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"

- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-tgcmd - (no file)

HKCU-Run-Aim6 - (no file)

HKLM-Run-UC_SMB - (no file)

HKLM-Run-tgcmd - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-14 17:09:07

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

Completion time: 2008-07-14 17:13:41

ComboFix-quarantined-files.txt 2008-07-14 21:12:37

Pre-Run: 18,611,843,072 bytes free

Post-Run: 18,601,058,304 bytes free

207 --- E O F --- 2008-07-10 17:27:30

mbam:

Malwarebytes' Anti-Malware 1.20

Database version: 949

Windows 5.1.2600 Service Pack 3

3:15:05 PM 7/14/2008

mbam-log-7-14-2008 (15-15-05).txt

Scan type: Quick Scan

Objects scanned: 40765

Time elapsed: 8 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Katie Pierce\Local Settings\Application Data\GDIPFONTCACHEV1.DAT (Rogue.SpywareDestructor) -> Quarantined and deleted successfully.

HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:14:33 PM, on 7/14/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\QCONSVC.EXE

C:\WINDOWS\System32\RegSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\TpKmpSVC.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

C:\WINDOWS\Uidler.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll

O4 - HKLM\..\Run: [s3TRAY2] S3Tray2.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [storageGuard] "c:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB002" /M "Stylus C82"

O4 - HKLM\..\Run: [uidler] C:\WINDOWS\Uidler.exe /start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Gizmo Project for LJ Talk] C:\Program Files\Gizmo Project for LJ Talk\Gizmo-LJ.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab

O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 11271 bytes

DSS main:

Deckard's System Scanner v20071014.68

Run by Katie Pierce on 2008-07-14 20:08:04

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --

66: 2008-07-15 00:08:17 UTC - RP1259 - Deckard's System Scanner Restore Point

65: 2008-07-14 21:03:12 UTC - RP1258 - ComboFix created restore point

64: 2008-07-13 23:42:20 UTC - RP1257 - System Checkpoint

63: 2008-07-12 20:17:59 UTC - RP1256 - System Checkpoint

62: 2008-07-10 17:21:34 UTC - RP1255 - Software Distribution Service 3.0

-- First Restore Point --

1: 2008-04-20 16:06:41 UTC - RP1194 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).

-- HijackThis (run as Katie Pierce.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:08:52 PM, on 7/14/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\S24EvMon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\QCONSVC.EXE

C:\WINDOWS\System32\RegSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\TpKmpSVC.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

C:\WINDOWS\Uidler.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\WINDOWS\System32\alg.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Katie Pierce\Desktop\dss.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\Katie Pierce.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll

O4 - HKLM\..\Run: [s3TRAY2] S3Tray2.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [storageGuard] "c:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB002" /M "Stylus C82"

O4 - HKLM\..\Run: [uidler] C:\WINDOWS\Uidler.exe /start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Gizmo Project for LJ Talk] C:\Program Files\Gizmo Project for LJ Talk\Gizmo-LJ.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab

O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 11513 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys

R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT Operating System>

R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys

R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>

R1 TPPWR - c:\windows\system32\drivers\tppwr.sys <Not Verified; IBM Corp.; IBM ThinkPad Utility>

R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys

R2 PMEM - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT Operating System>

R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S3 VNUSB (VN Series Device) - c:\windows\system32\drivers\vnusb.sys <Not Verified; OLYMPUS OPTICAL CO.,LTD.; VVRUSB Driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

R2 QCONSVC - system32\qconsvc.exe

R2 RegSrvc - c:\windows\system32\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>

R2 TpKmpSVC (IBM KCU Service) - c:\windows\system32\tpkmpsvc.exe

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-07-10 15:34:00 284 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job

2008-06-30 15:34:28 406 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job

2008-06-13 08:28:13 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2005-12-30 18:39:44 410 --a------ C:\WINDOWS\Tasks\BMMTask.job

-- Files created between 2008-06-14 and 2008-07-14 -----------------------------

2008-07-14 17:16:25 0 d-------- C:\Program Files\Panda Security

2008-07-14 17:02:05 68096 --a------ C:\WINDOWS\zip.exe

2008-07-14 17:02:05 49152 --a------ C:\WINDOWS\VFind.exe

2008-07-14 17:02:05 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>

2008-07-14 17:02:05 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>

2008-07-14 17:02:05 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>

2008-07-14 17:02:05 98816 --a------ C:\WINDOWS\sed.exe

2008-07-14 17:02:05 80412 --a------ C:\WINDOWS\grep.exe

2008-07-14 17:02:05 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >

2008-07-14 13:18:13 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-07-11 16:38:52 0 d-------- C:\Documents and Settings\Katie Pierce\Application Data\CVS

2008-07-07 20:06:37 0 d-------- C:\Program Files\Trend Micro

2008-07-07 19:37:51 557056 --a------ C:\Documents and Settings\Katie Pierce\GoToAssist_phone__317_en.exe <Not Verified; Citrix Online; GoToAssist>

2008-07-07 16:35:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-07-06 23:11:59 0 d-------- C:\Documents and Settings\Katie Pierce\Application Data\Malwarebytes

2008-07-06 23:11:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-07-06 21:59:23 0 d-------- C:\WINDOWS\ERUNT

2008-07-01 19:05:08 0 d-------- C:\Program Files\Common Files\Hewlett-Packard

2008-07-01 19:01:40 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll <Not Verified; HP; HP SNMP Windows>

2008-07-01 19:01:40 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll <Not Verified; HP; HP SNMP Windows>

2008-07-01 19:01:40 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll <Not Verified; HP; HP PmlRtl>

2008-07-01 19:01:40 69632 --a------ C:\WINDOWS\system32\HPZipm12.exe <Not Verified; HP; HP PML>

2008-07-01 19:01:40 61440 --a------ C:\WINDOWS\system32\HPZinw12.exe <Not Verified; HP; HP Dot4Net Windows>

2008-07-01 19:01:39 278584 --a------ C:\WINDOWS\system32\HPZidr12.dll <Not Verified; HP; HP Dot4Rtl>

2008-07-01 19:00:45 0 d-------- C:\Program Files\HP

2008-07-01 18:59:23 19696 -----n--- C:\WINDOWS\hpomdl05.dat

2008-07-01 18:59:23 68294 --a------ C:\WINDOWS\hpoins05.dat

2008-07-01 18:55:59 0 d-------- C:\Temp

2008-06-30 16:19:02 0 dr-h----- C:\Documents and Settings\Katie Pierce\Recent

2008-06-30 16:07:05 0 d-------- C:\Program Files\CCleaner

2008-06-30 15:34:42 0 d-------- C:\Documents and Settings\Katie Pierce\Application Data\Uniblue

2008-06-29 00:53:46 0 d-------- C:\Program Files\DNA

2008-06-29 00:53:46 0 d-------- C:\Documents and Settings\Katie Pierce\Application Data\DNA

-- Find3M Report ---------------------------------------------------------------

2008-07-10 15:47:44 0 d-------- C:\Documents and Settings\Katie Pierce\Application Data\U3

2008-07-01 19:05:08 0 d-------- C:\Program Files\Common Files

2008-06-28 23:49:17 6014 --a------ C:\WINDOWS\mozver.dat

2008-06-28 23:49:10 0 d-------- C:\Program Files\DivX

2008-06-26 13:44:48 0 d-------- C:\Program Files\FirstClass

2008-06-09 22:03:51 0 d-------- C:\Program Files\Common Files\Adobe

2008-06-09 21:59:23 0 d-------- C:\Documents and Settings\Katie Pierce\Application Data\AdobeUM

2008-05-27 12:40:10 0 d-------- C:\Program Files\Apple Software Update

2008-05-24 18:55:16 0 d-------- C:\Program Files\Semagic

2008-05-21 17:32:41 0 d-------- C:\Program Files\McAfee

2008-05-21 17:31:25 0 d-------- C:\Program Files\Common Files\McAfee

2008-05-21 16:47:30 0 d-------- C:\Program Files\Messenger

2008-05-21 16:46:20 0 d-------- C:\Program Files\Movie Maker

2008-05-21 16:39:08 0 d-------- C:\Program Files\Windows NT

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"S3TRAY2"="S3Tray2.exe" [10/12/2001 02:32 AM C:\WINDOWS\system32\S3Tray2.exe]

"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [08/01/2003 11:22 AM]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [08/01/2003 11:21 AM]

"BluetoothAuthenticationAgent"="irprops.cpl" [04/13/2008 08:12 PM C:\WINDOWS\system32\irprops.cpl]

"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [08/07/2003 07:57 PM]

"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [01/17/2003 05:32 AM]

"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [01/17/2003 05:32 AM]

"QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [03/27/2003 06:06 AM]

"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [08/08/2003 07:39 PM]

"TP4EX"="tp4ex.exe" [09/04/2002 05:05 AM C:\WINDOWS\system32\TP4EX.exe]

"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [12/24/2002 06:01 AM]

"AGRSMMSG"="AGRSMMSG.exe" [06/27/2003 09:53 AM C:\WINDOWS\AGRSMMSG.exe]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [04/30/2003 01:00 AM]

"StorageGuard"="c:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [06/18/2002 04:01 AM]

"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [07/21/2003 04:00 PM]

"EPSON Stylus C82 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.exe" [04/25/2002 03:00 AM]

"Uidler"="C:\WINDOWS\Uidler.exe" [08/02/2001 06:21 PM]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]

"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [10/06/2005 05:20 AM]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/30/2006 01:20 PM]

"Gizmo Project for LJ Talk"="C:\Program Files\Gizmo Project for LJ Talk\Gizmo-LJ.exe" [10/13/2006 06:45 PM]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]

"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [02/22/2007 08:50 PM]

"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [12/19/2006 11:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]

"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [04/13/2008 08:12 PM]

"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [07/21/2003 04:00 PM]

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [08/19/2005 07:34 PM]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [7/13/2006 5:49:41 PM]

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]

Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2/9/2006 2:50:10 PM]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 5:01:04 AM]

NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [8/14/2004 1:19:29 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=0 (0x0)

"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=0 (0x0)

"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]

C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

eapsvcs eaphost

dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

napagent

hkmsvc

-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

8784 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-07-14 20:09:37 ------------

DSS extra:

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0

Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1500MHz

Percentage of Memory in Use: 75%

Physical Memory (total/avail): 510.92 MiB / 127.38 MiB

Pagefile Memory (total/avail): 1249.32 MiB / 921.84 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1923.21 MiB

C: is Fixed (NTFS) - 34.26 GiB total, 17.33 GiB free.

D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IC25N040ATCS04-0 - 34.26 GiB - 1 partition

\PARTITION0 (bootable) - Installable File System - 34.26 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Katie Pierce\Application Data

CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=KPIERCE1

ComSpec=C:\WINDOWS\system32\cmd.exe

DEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Katie Pierce

LOGONSERVER=\\KPIERCE1

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\Program Files\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\PROGRAM FILES\THINKPAD\UTILITIES;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\QuickTime\QTSystem

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0905

ProgramFiles=C:\Program Files

PROMPT=$P$G

QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\KATIEP~1\LOCALS~1\Temp

TMP=C:\DOCUME~1\KATIEP~1\LOCALS~1\Temp

USERDOMAIN=KPIERCE1

USERNAME=Katie Pierce

USERPROFILE=C:\Documents and Settings\Katie Pierce

VSEDEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection

windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Katie Pierce (admin)

Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3}

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}

--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}

--> MsiExec.exe /X{31C2FBAC-67CF-4093-8F36-15A146613747}

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\SETUP.EXE"

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D1A81AA-ED90-11D6-86D3-00055DF3561E}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\SETUP.EXE"

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\SETUP.EXE"

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}

Access IBM --> MsiExec.exe /X{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}

Access IBM Message Center --> MsiExec.exe /X{710C0BB2-FE39-484E-BB23-C9B96835A14A}

Access IBM Tools --> C:\Program Files\IBM\Access IBM\IBMUINST.EXE

Ad-Aware SE Plus --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG

Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"

Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe

Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Photoshop Elements 2.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"

Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}

Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Agere Systems AC'97 Modem --> agrsmdel

AIM 6.0 --> C:\Program Files\AIM6\uninst.exe

alm --> MsiExec.exe /I{CF44C7A5-5705-41E4-BE84-A9A42977AB05}

AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=

Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}

Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}

ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE7C3A14-1D20-49F6-B903-491561076F0F}\SETUP.EXE" -l0x9

ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

ATI HydraVision --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"

Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}

Canon S530D --> C:\WINDOWS\System32\CNMCP43.EXE -@C:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S530D Installer\Inst\DeIsL1.isu" -pCanon S530D-c"C:\BJPrinter\CNMWINDOWS\Canon S530D Installer\Inst\bjinst.dll

CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"

Cipher Multimedia: Machismo Part II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC13F650-BA1A-4135-A783-6C5AB61C9969}\setup.exe" -l0x9 justdoit

DivX 5.0.2 Bundle --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\uninstal.log

DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL

EPSON Copy Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG

EPSON PERF 3170Guide --> C:\Program Files\epson\guide\perf3170_e\uninstall.exe

EPSON Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F9F3775-7E5B-4028-B5E5-DA1C042517A8}\setup.exe" -l0x9 MyUninstall

EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R

EPSON Scan --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\SETUP.EXE" -l0x9 UNINSTALL

EPSON Smart Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x9 Uninstall

FirstClass

Link to post
Share on other sites

  • Root Admin

Now that you've unhidden your files and folder please browse to this location

C:\Documents and Settings\xxx\Local Settings\TEMP\

Where xxx may be the name or it may be the user profile name. If you have more than one profile look in all of them for this file.

TEMP0.EXE

I don't think it will be there anymore though. Unless you have some program or permission preventing access to the TEMP file locations I think it has already been removed as I no longer see anything in the logs to indicate that you're still infected with anything.

If it is there please delete it and let me know.

Please go into your Control Panel - Add/Remove and remove ALL of these versions of JAVA

J2SE Runtime Environment 5.0 Update 10

J2SE Runtime Environment 5.0 Update 11

J2SE Runtime Environment 5.0 Update 4

J2SE Runtime Environment 5.0 Update 6

J2SE Runtime Environment 5.0 Update 9

Java™ 6 Update 2

Java™ 6 Update 3

Java™ 6 Update 5

Java™ SE Runtime Environment 6 Update 1

Then after removing the old versions update your
Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is:
Java Runtime Environment Version 6 Update 7
.
  • Go to
    http://java.sun.com/javase/downloads/index.jsp
  • Go to
    Java Runtime Environment (JRE) 6 Update 7
    and click on Download button.

  • In Platform box choose Windows.

  • Check the box to
    Accept License Agreement
    and click Continue.

  • Click on
    Windows Offline Installation,
    click on the link under it which says
    "jre-6u7-windows-i586-p.exe"
    and save the downloaded file to your desktop.

  • Install the new version by running the newly-downloaded file with the java icon which will be on your desktop, and follow the on-screen instructions.

  • Reboot your computer

I would also recommend removing these items, but its up to you.

Viewpoint Manager

Viewpoint Media Player

If the file version indicator in one of the logs is correct then your version of FireFox is old and I recommend that you update to the latest version

Since Panda failed

please go here and download this scanner and run it.

When done with that scan, Please click on START - RUN and then copy and paste this entry into the run box and click OK and restart your computer.

This will enable your system to run a Disk Check when it restarts to scan for bad entries on the hard drive and fix them.
CMD /K ECHO Y|CHKDSK C: /F

.

Link to post
Share on other sites

Temp0.exe isn't in the temp folder. I removed the files you recommended and dled the new Java. I am in the process of following your other recommendations. However, I wanted to ask if anything should be done about the WildTangent files that are left on my computer. Was it OK that we deleted two of the components in it and not the rest?

Also, should I try Panda again given that I've had it work in the past?

Link to post
Share on other sites

  • Root Admin

Well if you don't play those games then I would go into the Control Panel - Add/Remove and look for Wild Tangent or similar and try using their uninstaller to fully remove it.

After the disk check and CureIt 4.44 scan you can try Panda as it should work. Please run those other items first and then try the Panda again.

.

Link to post
Share on other sites

I am in the process of running a full scan with Dr. Web.

The odd thing is that I don't play any games so I have no idea why WT is on my computer. Also, WildTangent isn't listed in the add/remove program menu. It was under the local settings folder when I looked using file assassin. Should I delete that folder by hand?

Also, should I agree to everything Dr. Web scanner asks me to do? It asked me if it was ok to move a file.

Link to post
Share on other sites

  • Root Admin

Well then if Wild Tangent was under Local Settings and Temp then it does not belong there and yes DELETE the entire folder if it will let you with just normal Windows Explorer. If it won't then let me know and we can use another tool to do it.

What file does Dr Web want to move and why does it want to move it? What does it think is wrong?

.

Link to post
Share on other sites

Dr. Web is still running. So far it has picked up the following:

StubInstaller.exe

Inst.exe

ocpinst.exe\data529

ocpinst.exe ("archive contains infected object-moved")

ComboFix.exe\327882R2FWJFW\psexec.cfexe

Combofixe.exe ("archive contains infected object-moved")

WxBug.EXE

aolsetup.exe

A0096702.exe ("archive contains infected object-moved")

A0096703.exe\327882R2FWJFW\psexec.cfexe

A0096703.exe ("archive contains infected object-moved")

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.