Jump to content

Recommended Posts

cleanup one got another.. I got hit with the windows restore trojan and used unhide.exe to get my files viewable. I ran MBAM and ESET and both now run clean but I still don't have desktop icons or several files in the start menu. (programs loaded under "all users"). Right clicking on the desktop does nothing and I am out of options. Attached are appropriate files. DDS, attach and GAMER output

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by d at 14:59:56.01 on Wed 05/04/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1791.806 [GMT -4:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\windows\system32\svchost -k DcomLaunch

svchost.exe

C:\windows\System32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\windows\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\windows\system32\svchost.exe -k HPService

C:\Program Files\Java\jre6\bin\jqs.exe

C:\windows\System32\svchost.exe -k HPZ12

C:\windows\system32\nvsvc32.exe

C:\windows\System32\svchost.exe -k HPZ12

C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\windows\System32\svchost.exe -k imgsvc

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\windows\Explorer.EXE

C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\ATI\Catalyst Media Center\CMCService.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\windows\vVX3000.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\windows\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\windows\system32\ctfmon.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\Creative\MediaSource5\MtdAcqu.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\CTPdeSrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe

C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe

C:\Documents and Settings\d\Desktop\dds.com

C:\windows\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = ;;;*.local;<local>

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [sB Audigy 2 Startup Menu] /L:ENG

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"

uRun: [MtdAcqu] "c:\program files\creative\mediasource5\MtdAcqu.exe" /s

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" -s

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"

mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe

mRun: [CTDVDDet] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE

mRun: [DVDSentry] c:\windows\system32\DSentry.exe

mRun: [CMCService] "c:\program files\ati\catalyst media center\CMCService.exe"

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [VX3000] c:\windows\vVX3000.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

dRunOnce: [RunNarrator] Narrator.exe

dRunOnce: [sWHelper] "c:\windows\system32\macromed\shockwave 10\PostUpdate.exe" 1011016

uPolicies-explorer: MaxRecentDocs = 99 (0x63)

uPolicies-explorer: NoInternetIcon = 1 (0x1)

uPolicies-explorer: NoDesktop = 1 (0x1)

uPolicies-system: DisableTaskMgr =

mPolicies-system: HideShutdownScripts = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: Microsoft XML Parser for Java

DPF: Yahoo! Dominoes - hxxp://download.games.yahoo.com/games/clients/y/dot8_x.cab

DPF: Yahoo! Pool 2 - hxxp://download.games.yahoo.com/games/clients/y/pote_x.cab

DPF: Yahoo! Tic-Tac-Toe - hxxp://download.games.yahoo.com/games/clients/y/ft3_x.cab

DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB

DPF: {00000045-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/sg726acm.cab

DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB

DPF: {00000111-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/vivog723.CAB

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab

DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab

DPF: {6F766976-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/VivoH263.CAB

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - hxxp://download.abacast.com/download/files/abasetup145.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15111/CTPID.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\d\applic~1\mozilla\firefox\profiles\9auo2dc3.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm011WEUS&fl=0&ptb=RiBvg8lJegty.J6uH2nWIQ&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&si=6729&searchfor=

FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\d\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\d\application data\mozilla\plugins\npPxPlay.dll

FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg8\Firefox

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: WataCrackaz AutoSMS: {b422f337-27e5-4d5c-bb07-c189e7e7d7f2} - %profile%\extensions\{b422f337-27e5-4d5c-bb07-c189e7e7d7f2}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-15 64288]

R0 VOBID;VOBID;c:\windows\system32\drivers\vobid.sys [2003-8-1 29239]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-9 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-5 27784]

R1 vobcom;vobcom;c:\windows\system32\drivers\vobcom.sys [2001-10-4 9728]

R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [2003-8-29 187392]

R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [2002-12-13 64000]

S0 AFPAnsi;Alfa File Protector Ansi;c:\windows\system32\drivers\afpansi.sys --> c:\windows\system32\drivers\AFPAnsi.sys [?]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S3 BCORETH5;BCORETH5 NDIS Protocol Driver;c:\windows\system32\bcoreth5.sys [2003-12-10 31650]

S3 CoachVid;CoachVid;c:\windows\system32\drivers\CoachVid.sys [2009-12-30 45344]

S3 CPQDAP01;Compaq PA-1 Personal Audio Player USB Driver;c:\windows\system32\drivers\CPQDAP01.SYS [2002-8-29 11776]

S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2007-1-6 39048]

S3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2004-2-8 6400]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2003-8-28 189792]

S3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]

S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

S3 ZZZMPR5;ZZZMPR5 NDIS Protocol Driver;\??\c:\windows\system32\zzzmpr5.sys --> c:\windows\system32\ZZZMPR5.SYS [?]

.

=============== Created Last 30 ================

.

2071-07-25 14:13:30 203576 ------w- c:\program files\microsoft games\age of empires iii\autopatcher2.exe

2011-05-04 14:02:10 79872 ----a-w- c:\program files\mozilla firefox\rk_quarantine\sansadispatch.exe.vir

2011-05-04 13:29:34 -------- d-----w- c:\program files\AVAST Software

2011-05-04 13:29:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software

2011-05-01 02:00:07 -------- d-----w- c:\program files\ESET

2011-04-23 00:50:14 -------- d-----w- c:\program files\AnalogX

2011-04-22 23:04:35 -------- d-----w- c:\docume~1\d\applic~1\Windows Search

2011-04-10 23:37:09 -------- d-----w- c:\program files\Winamp Detect

2011-04-10 23:36:16 133616 ------w- c:\windows\system32\pxafs.dll

.

==================== Find3M ====================

.

2011-04-24 22:24:43 11270 --sha-w- c:\windows\system32\KGyGaAvL.sys

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 19:44:12 126448 ------w- c:\windows\system32\pxinsi64.exe

2011-03-04 19:44:12 123888 ------w- c:\windows\system32\pxcpyi64.exe

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll

2004-08-04 07:56:57 73728 --sha-w- c:\windows\registeredpackages\{dd90d410-1823-43eb-9a16-a2331bf08799}$backup$\system\wmplayer.exe

.

============= FINISH: 15:04:01.14 ===============

attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 1/24/2004 5:22:55 PM

System Uptime: 5/4/2011 12:53:38 PM (3 hours ago)

.

Motherboard: Dell Computer Corp. | | 0M2035

Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2792/800mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 190 GiB total, 54.703 GiB free.

D: is CDROM ()

F: is FIXED (FAT32) - 153 GiB total, 34.035 GiB free.

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: Photosmart C7200 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart C7200 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Cisco Systems VPN Adapter

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter

PNP Device ID: ROOT\NET\0000

Service: CVirtA

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

.

32 Bit HP CIO Components Installer

Abacast Client

Ace Utilities 2.3.1

Acrobat.com

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player ActiveX

Adobe Reader 9.4.3

Age of Empires III

Age of Empires III - The WarChiefs

Age of Mythology

Age of Mythology - The Titans Expansion

AIO_Scan

Allway Sync version 6.3.3

AOL Instant Messenger

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI - Software Uninstall Utility

ATI TV Settings

Audacity 1.2.6

AutoUpdate

Avanquest update

AVG Free 8.5

AviSynth 2.5

AVS Update Manager 1.0

AVS Video Converter 7

AVS4YOU Software Navigator 1.4

Banctec Service Agreement

Bonjour

BufferChm

Catalyst Media Center

Catalyst Media Center DVD Authoring Module

CCleaner (remove only)

Cisco Systems VPN Client 4.6.01.0019

Conexant SmartHSFi V92 56K DF PCI Modem

Creative CD Burner Drive Update

Creative Jukebox Driver

Creative MediaSource

Creative MediaSource 5

Creative MediaSource AudioSync Plugin

Creative MediaSource NOMAD Jukebox 2/3/Zen Plugin

Creative NOMAD Jukebox Zen Xtra

Critical Update for Windows Media Player 11 (KB959772)

Danger Zone!

Daniusoft Media Converter(Build 2.3.1.34)

DAO

DeepBurner v1.8.0.224

Definition update for Microsoft Office 2010 (KB982726)

Dell Digital Jukebox Driver

Dell Networking Guide

Dell Picture Studio - Dell Image Expert

Dell Solution Center

Digital Line Detect

DivX

DivX Player

DocProc

DocProcQFolder

Dragon NaturallySpeaking 10

DS21Patch

DVD Decrypter (Remove Only)

DVD Shrink 2010

DVDSentry

ECE 658 - Introduction to VLSI Design

Emperor's Mahjong

EPSON Copy Utility 3

EPSON Perf 2480 - 2580 Guide

EPSON Scan

EPSON Smart Panel

ESET Online Scanner v3

Fax

Flickr Uploadr 2.5.0.15

FLV Player

Folder Size for Windows

Garmin USB Drivers

Garmin WebUpdater

Google Earth

Google Toolbar for Internet Explorer

Help and Support Customization

HighMAT Extension to Microsoft Windows XP CD Writing Wizard

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Format SDK (KB902344)

Hotfix for Windows Media Format SDK (KB910998)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Update

HPSSupply

Image Transfer

ImageMixer for Sony

Intel® PRO Network Adapters and Drivers

Intel® PROSet

iTunes

Java 2 Runtime Environment, SE v1.4.1_02

Java 2 Runtime Environment, SE v1.4.2

Java Web Start

Java 6 Update 15

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

LiveReg (Symantec Corporation)

LiveUpdate

Macromedia Shockwave Player

Malwarebytes' Anti-Malware

MaxBlast 4

Microsoft .NET Framework 1.1

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Data Access Components KB870669

Microsoft Encarta Encyclopedia Standard 2004

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 14

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Windows Script 5.7

Modem Helper

Motorola Driver Installation

Motorola Phone Tools

Mozilla Firefox (3.6.17)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser

MSXML4 Parser

MVYRadio Broadband Player

Nero 7 Ultra Edition

neroxml

NetDeviceManager

NOMAD Explorer

NVIDIA Drivers

OCR Software by I.R.I.S. 10.0

OLYMPUS CAMEDIA Master 4.1

OpenMG Secure Module 4.2.00

OpenOffice.org Installer 1.0

Paint Shop Pro 7

Photodex Presenter

PhotoImpression 5

Pinnacle InstantCD/DVD Suite

Pinnacle PCTV

Pinnacle Systems PCI Performance Enhancer

Pinnacle TRex

PowerDVD

ProShow Gold

PS_AIO_02_Software

PS_AIO_02_Software_Min

PSP Video 9 4.04

QuickTime

RealOne Player

Roll

Rugrats Adventure Game

Safari

Sansa Media Converter

Sansa Updater

Scan

ScanToWeb

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Excel 2010 (KB2466146)

Security Update for Microsoft Office 2010 (KB2289078)

Security Update for Microsoft Office 2010 (KB2289161)

Security Update for Microsoft PowerPoint 2010 (KB2519975)

Security Update for Microsoft Publisher 2010 (KB2409055)

Security Update for Microsoft Word 2010 (KB2345000)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB911565)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows Media Player 9 Series (KB969878)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Shockwave

Shop for HP Supplies

Skype

Link to post
Share on other sites

Hi, lets see if we can clean all leftovers as well. :)

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Thank you so much for the help Elise.

I have disables resident shield in AVG and every time I run Combofix it crashes with something about C:/system32/lsnss.exe terminating. I then tried to uninstall AVG and got this error:

Local machine: installation failed

Installation:

Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....

Error 0x80070005

I was able to get the desktop back by using system tweaker "show desktop icons" but I still don't have anything in the START/Programs/... folders including Accessories/... All files are still in C:/Program Files

Whats next Elise??

Link to post
Share on other sites

Hi Elise

Combofix ran in safe mode after a couple of times. But I still don't have shortcuts in the start menu ..

ComboFix 11-05-06.03 - d 05/06/2011 18:28:55.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1791.1060 [GMT -4:00]

Running from: c:\documents and settings\d\My Documents\Downloads\ComboFix2.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\d\WINDOWS

C:\mshta.exe

c:\windows\system32\KGyGaAvL.sys

C:\zip.exe

F:\Autorun.inf

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_AFPANSI

-------\Service_AFPAnsi

.

.

((((((((((((((((((((((((( Files Created from 2011-04-06 to 2011-05-06 )))))))))))))))))))))))))))))))

.

.

2071-07-25 14:13 . 2006-11-22 01:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe

2011-05-06 22:08 . 2011-05-06 22:08 -------- d-----w- C:\ComboFix2

2011-05-06 11:13 . 2011-05-06 11:13 -------- d-----w- c:\program files\Windows Resource Kits

2011-05-06 11:10 . 2011-05-06 11:10 -------- d-----w- C:\AVGTemp

2011-05-04 14:02 . 2011-01-05 01:15 79872 ----a-w- c:\program files\Mozilla Firefox\RK_Quarantine\sansadispatch.exe.vir

2011-05-04 13:29 . 2011-05-04 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-05-04 13:29 . 2011-05-04 13:29 -------- d-----w- c:\program files\AVAST Software

2011-05-01 02:00 . 2011-05-01 02:00 -------- d-----w- c:\program files\ESET

2011-04-23 00:50 . 2011-04-23 00:50 -------- d-----w- c:\program files\AnalogX

2011-04-22 23:04 . 2011-04-22 23:04 -------- d-----w- c:\documents and settings\d\Application Data\Windows Search

2011-04-10 23:37 . 2011-04-10 23:37 -------- d-----w- c:\program files\Winamp Detect

2011-04-10 23:36 . 2011-03-04 19:44 133616 ------w- c:\windows\system32\pxafs.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-07 05:33 . 2004-06-07 18:19 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 19:44 . 2006-10-18 08:00 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys

2011-03-04 19:44 . 2005-05-30 03:50 126448 ------w- c:\windows\system32\pxinsi64.exe

2011-03-04 19:44 . 2005-05-30 03:50 123888 ------w- c:\windows\system32\pxcpyi64.exe

2011-03-04 06:37 . 2002-08-29 11:00 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2002-08-29 11:00 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06 . 2004-02-06 22:05 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2002-08-29 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06 . 2002-08-29 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2002-08-29 11:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2002-08-29 11:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:32 . 2009-04-15 12:49 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2002-08-29 11:00 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:53 . 2002-11-26 20:15 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-09 13:53 . 2002-11-26 20:15 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-08 13:33 . 2002-08-29 11:00 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33 . 2002-08-29 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2004-08-04 07:56 73728 --sha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]

"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-11-23 851968]

"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]

"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]

"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]

"CMCService"="c:\program files\ATI\Catalyst Media Center\CMCService.exe" [2006-06-29 167936]

"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-12-04 53248]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"HideShutdownScripts"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"MaxRecentDocs"= 99 (0x63)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk

backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk

backup=c:\windows\pss\ymetray.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^d^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]

path=c:\documents and settings\d\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk

backup=c:\windows\pss\Dragon NaturallySpeaking.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^d^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]

path=c:\documents and settings\d\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^d^Start Menu^Programs^Startup^PowerReg Scheduler.exe]

path=c:\documents and settings\d\Start Menu\Programs\Startup\PowerReg Scheduler.exe

backup=c:\windows\pss\PowerReg Scheduler.exeStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]

2003-10-02 18:06 98304 ----a-w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

2007-04-09 17:32 19456 ----a-w- c:\windows\SYSTEM32\CtHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]

2007-04-16 12:33 259624 ----a-w- c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

2002-01-07 20:24 401496 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-02-16 21:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-02-16 21:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 20:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2005-11-11 18:47 7311360 ----a-w- c:\windows\SYSTEM32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2005-11-11 18:47 86016 ----a-w- c:\windows\SYSTEM32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2005-11-11 18:47 1519616 ----a-w- c:\windows\SYSTEM32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-03-09 15:02 26100520 ----a-w- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-09-30 00:25 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2003-11-06 03:24 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2010-06-24 14:41 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 07:00 90112 ------w- c:\windows\Updreg.EXE

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=

"f:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Microsoft Games\\aomx.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Documents and Settings\\d\\Desktop\\Skype.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [6/15/2009 7:19 AM 64288]

R0 VOBID;VOBID;c:\windows\SYSTEM32\DRIVERS\vobid.sys [8/1/2003 3:47 PM 29239]

R1 vobcom;vobcom;c:\windows\SYSTEM32\DRIVERS\vobcom.sys [10/4/2001 12:53 PM 9728]

R1 vobiw;vobiw;c:\windows\SYSTEM32\DRIVERS\vobIW.sys [8/29/2003 2:51 PM 187392]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/24/2010 10:41 AM 92008]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 9:32 PM 24652]

R3 cdrdrv;Cdrdrv;c:\windows\SYSTEM32\DRIVERS\Cdrdrv.sys [12/13/2002 7:33 PM 64000]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S3 BCORETH5;BCORETH5 NDIS Protocol Driver;c:\windows\SYSTEM32\bcoreth5.sys [12/10/2003 9:40 AM 31650]

S3 CoachVid;CoachVid;c:\windows\SYSTEM32\DRIVERS\CoachVid.sys [12/30/2009 9:50 AM 45344]

S3 CPQDAP01;Compaq PA-1 Personal Audio Player USB Driver;c:\windows\SYSTEM32\DRIVERS\CPQDAP01.SYS [8/29/2002 7:00 AM 11776]

S3 ICDUSB2;Sony IC Recorder (P);c:\windows\SYSTEM32\DRIVERS\IcdUsb2.sys [1/6/2007 4:56 PM 39048]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 11:25 AM 30969208]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]

S3 pctvvbi;PCTVVBI;c:\windows\SYSTEM32\DRIVERS\pctvvbi.sys [2/8/2004 2:09 PM 6400]

S3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]

S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

S3 ZZZMPR5;ZZZMPR5 NDIS Protocol Driver;\??\c:\windows\system32\ZZZMPR5.SYS --> c:\windows\system32\ZZZMPR5.SYS [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

.

2011-04-30 c:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job

- c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-02-13 08:21]

.

2011-05-06 c:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job

- c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-02-13 08:21]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = ;;;*.local;<local>

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105

DPF: Microsoft XML Parser for Java

FF - ProfilePath - c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\9auo2dc3.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm011WEUS&fl=0&ptb=RiBvg8lJegty.J6uH2nWIQ&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&si=6729&searchfor=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: WataCrackaz AutoSMS: {b422f337-27e5-4d5c-bb07-c189e7e7d7f2} - %profile%\extensions\{b422f337-27e5-4d5c-bb07-c189e7e7d7f2}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-SB Audigy 2 Startup Menu - (no file)

Notify-avgrsstarter - avgrsstx.dll

MSConfigStartUp-ATI Remote Control - c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe

MSConfigStartUp-MimBoot - c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe

MSConfigStartUp-mm_server - c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-06 18:44

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1500735431-126597412-3717933138-1013\Software\Creative Tech\Component Installed\{B17F00C9-19EC-43A2-BD81-44D8E5D4D994}\Object\{00000000-0000-0000-0000-000000000000}\User Settings\

Link to post
Share on other sites

I see some rootkit leftovers here. Lets get rid of those first.

Please download HelpAsst_mebroot_fix.exe and save it to your desktop.

Close out all other open programs and windows.

Double click the file to run it and follow any prompts.

If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.

Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !

When it completes, a log will open.

Please post the contents of that log.

*In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.

mbr -f

Now, please do the Start>Run>mbr -f command a second time.

Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.

Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !

When it completes, a log will open.

Please post the contents of that log.

**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).

When done, download and run unhide.exe to make your files visible.

Link to post
Share on other sites

Well Elise ... This is a particularly stubborn SOB 8-)

still no start menu program files ... I'm starting to believe they are deleted not hidden...

C:\Documents and Settings\d\My Documents\Downloads\HelpAsst_mebroot_fix.exe

Sat 05/07/2011 at 8:17:44.40

HelpAssistant account Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

~~ Checking firewall ports ~~

backing up DomainProfile\GloballyOpenPorts\List registry key

closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list

"3389:TCP"=-

"65533:TCP"=-

"52344:TCP"=-

backing up StandardProfile\GloballyOpenPorts\List registry key

closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list

"3389:TCP"=-

"65533:TCP"=-

"52344:TCP"=-

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking mbr ~~

user & kernel MBR OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Sat 05/07/2011 at 8:54:34.50

Account active No

Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS

kernel: MBR read successfully

user & kernel MBR OK

copy of MBR has been found in sector 0x017BD52D8

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters

ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

~~ EOF ~~

Link to post
Share on other sites

Hi Elise

I haven't seen any other issues other then missing program shortcuts in the start/programs and all the windows accessories missing. I'm just hoping there is nothing hiding waiting to strike later. What in particular worries you with the logs?

Again... thank you for the help and I plan to update my security software as soon as this is stable.

ComboFix 11-05-06.05 - d 05/07/2011 11:40:05.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1791.1175 [GMT -4:00]

Running from: c:\documents and settings\d\My Documents\Downloads\ComboFix.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))

.

.

2071-07-25 14:13 . 2006-11-22 01:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe

2011-05-07 12:17 . 2011-05-07 12:17 -------- d-----w- C:\HelpAsst_backup

2011-05-06 11:13 . 2011-05-06 11:13 -------- d-----w- c:\program files\Windows Resource Kits

2011-05-06 11:10 . 2011-05-06 11:10 -------- d-----w- C:\AVGTemp

2011-05-04 14:02 . 2011-01-05 01:15 79872 ----a-w- c:\program files\Mozilla Firefox\RK_Quarantine\sansadispatch.exe.vir

2011-05-04 13:29 . 2011-05-04 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-05-04 13:29 . 2011-05-04 13:29 -------- d-----w- c:\program files\AVAST Software

2011-05-01 02:00 . 2011-05-01 02:00 -------- d-----w- c:\program files\ESET

2011-04-23 00:50 . 2011-04-23 00:50 -------- d-----w- c:\program files\AnalogX

2011-04-22 23:04 . 2011-04-22 23:04 -------- d-----w- c:\documents and settings\d\Application Data\Windows Search

2011-04-10 23:37 . 2011-04-10 23:37 -------- d-----w- c:\program files\Winamp Detect

2011-04-10 23:36 . 2011-03-04 19:44 133616 ------w- c:\windows\system32\pxafs.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-07 05:33 . 2004-06-07 18:19 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 19:44 . 2006-10-18 08:00 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys

2011-03-04 19:44 . 2005-05-30 03:50 126448 ------w- c:\windows\system32\pxinsi64.exe

2011-03-04 19:44 . 2005-05-30 03:50 123888 ------w- c:\windows\system32\pxcpyi64.exe

2011-03-04 06:37 . 2002-08-29 11:00 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2002-08-29 11:00 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06 . 2004-02-06 22:05 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2002-08-29 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06 . 2002-08-29 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2002-08-29 11:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2002-08-29 11:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:32 . 2009-04-15 12:49 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2002-08-29 11:00 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:53 . 2002-11-26 20:15 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-09 13:53 . 2002-11-26 20:15 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-08 13:33 . 2002-08-29 11:00 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33 . 2002-08-29 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2004-08-04 07:56 73728 --sha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]

"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-11-23 851968]

"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]

"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]

"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]

"CMCService"="c:\program files\ATI\Catalyst Media Center\CMCService.exe" [2006-06-29 167936]

"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-12-04 53248]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"HideShutdownScripts"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"MaxRecentDocs"= 99 (0x63)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk

backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk

backup=c:\windows\pss\ymetray.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^d^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]

path=c:\documents and settings\d\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk

backup=c:\windows\pss\Dragon NaturallySpeaking.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^d^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]

path=c:\documents and settings\d\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^d^Start Menu^Programs^Startup^PowerReg Scheduler.exe]

path=c:\documents and settings\d\Start Menu\Programs\Startup\PowerReg Scheduler.exe

backup=c:\windows\pss\PowerReg Scheduler.exeStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]

2003-10-02 18:06 98304 ----a-w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

2007-04-09 17:32 19456 ----a-w- c:\windows\SYSTEM32\CtHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]

2007-04-16 12:33 259624 ----a-w- c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

2002-01-07 20:24 401496 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-02-16 21:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-02-16 21:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 20:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2005-11-11 18:47 7311360 ----a-w- c:\windows\SYSTEM32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2005-11-11 18:47 86016 ----a-w- c:\windows\SYSTEM32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2005-11-11 18:47 1519616 ----a-w- c:\windows\SYSTEM32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-03-09 15:02 26100520 ----a-w- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-09-30 00:25 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2003-11-06 03:24 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2010-06-24 14:41 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 07:00 90112 ------w- c:\windows\Updreg.EXE

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=

"f:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Microsoft Games\\aomx.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Documents and Settings\\d\\Desktop\\Skype.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [6/15/2009 7:19 AM 64288]

R0 VOBID;VOBID;c:\windows\SYSTEM32\DRIVERS\vobid.sys [8/1/2003 3:47 PM 29239]

R1 vobcom;vobcom;c:\windows\SYSTEM32\DRIVERS\vobcom.sys [10/4/2001 12:53 PM 9728]

R1 vobiw;vobiw;c:\windows\SYSTEM32\DRIVERS\vobIW.sys [8/29/2003 2:51 PM 187392]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/24/2010 10:41 AM 92008]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 9:32 PM 24652]

R3 cdrdrv;Cdrdrv;c:\windows\SYSTEM32\DRIVERS\Cdrdrv.sys [12/13/2002 7:33 PM 64000]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S3 BCORETH5;BCORETH5 NDIS Protocol Driver;c:\windows\SYSTEM32\bcoreth5.sys [12/10/2003 9:40 AM 31650]

S3 CoachVid;CoachVid;c:\windows\SYSTEM32\DRIVERS\CoachVid.sys [12/30/2009 9:50 AM 45344]

S3 CPQDAP01;Compaq PA-1 Personal Audio Player USB Driver;c:\windows\SYSTEM32\DRIVERS\CPQDAP01.SYS [8/29/2002 7:00 AM 11776]

S3 ICDUSB2;Sony IC Recorder (P);c:\windows\SYSTEM32\DRIVERS\IcdUsb2.sys [1/6/2007 4:56 PM 39048]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 11:25 AM 30969208]

S3 pctvvbi;PCTVVBI;c:\windows\SYSTEM32\DRIVERS\pctvvbi.sys [2/8/2004 2:09 PM 6400]

S3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]

S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

S3 ZZZMPR5;ZZZMPR5 NDIS Protocol Driver;\??\c:\windows\system32\ZZZMPR5.SYS --> c:\windows\system32\ZZZMPR5.SYS [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

.

2011-05-07 c:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job

- c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-02-13 08:21]

.

2011-05-07 c:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job

- c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2009-02-13 08:21]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = ;;;*.local;<local>

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105

DPF: Microsoft XML Parser for Java

FF - ProfilePath - c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\9auo2dc3.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm011WEUS&fl=0&ptb=RiBvg8lJegty.J6uH2nWIQ&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&si=6729&searchfor=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: WataCrackaz AutoSMS: {b422f337-27e5-4d5c-bb07-c189e7e7d7f2} - %profile%\extensions\{b422f337-27e5-4d5c-bb07-c189e7e7d7f2}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-07 11:45

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1500735431-126597412-3717933138-1013\Software\Creative Tech\Component Installed\{B17F00C9-19EC-43A2-BD81-44D8E5D4D994}\Object\{00000000-0000-0000-0000-000000000000}\User Settings\

Link to post
Share on other sites

Window Restore message Popped up and files files started disappearing off the desktop. I knew it was a fake message so I did a force shutdown and when I started it back up everything was gone. I do occasionally use a reg cleanup tool. Would a reg backup file help? I know just enough to be dangerous..

Link to post
Share on other sites

I only use one account and that has the admin privs... I just remembered I ran ATF cleaner after the infection. I have now run unhide from both accounts. The other account hasn't been used in years ... still nothing... hope is fading...

Link to post
Share on other sites

Lets have a look at the file contents manually.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :dir
    c:\documents and settings\All Users\Start Menu /s


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

Just so you are not confused ... I have copied a few shortcuts back to a few folders .. (Wiley, proshow, photoshop...)

ystemLook 04.09.10 by jpshortstuff

Log created at 16:29 on 07/05/2011 by d

Administrator - Elevation successful

========== dir ==========

c:\documents and settings\All Users\Start Menu - Parameters: "/s"

---Files---

None found.

c:\documents and settings\All Users\Start Menu\Programs dr----- [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Accessories dr----- [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Accessories\Accessibility dr----- [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Accessories\Communications dr----- [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Accessories\Communications\Fax dr----- [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Accessories\Entertainment dr----- [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Accessories\Microsoft Interactive Training d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Accessories\System Tools dr----- [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Ace Utilities d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Administrative Tools dr----- [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Adobe d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Adobe\Photoshop 6.0 d------ [03:10 07/11/2007]

Shortcut to Photoshp.lnk --a---- 830 bytes [02:00 07/05/2011] [02:00 07/05/2011]

c:\documents and settings\All Users\Start Menu\Programs\Allway Sync d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\AOL Instant Messenger d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\ArcSoft PhotoImpression 5 d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\ATI Catalyst Media Center d------ [17:21 11/02/2008]

c:\documents and settings\All Users\Start Menu\Programs\AviSynth 2.5 d------ [19:44 30/11/2008]

c:\documents and settings\All Users\Start Menu\Programs\AVS4YOU d------ [12:24 25/02/2011]

c:\documents and settings\All Users\Start Menu\Programs\AVS4YOU\Video d------ [12:24 25/02/2011]

c:\documents and settings\All Users\Start Menu\Programs\Broderbund Software d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Broderbund Software\Rugrats Adventure Game d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Cisco Systems VPN Client d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Compaq d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Compaq\iPAQ Personal Audio Player d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Creative d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Creative\Creative MediaSource d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Creative\Creative MediaSource 5 d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Creative\Creative NOMAD Jukebox Zen Xtra d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Creative\NOMAD Explorer d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Creative\Sound Blaster Audigy 2 d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\CyberLink PowerDVD d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Daniusoft d------ [23:35 20/11/2008]

c:\documents and settings\All Users\Start Menu\Programs\Daniusoft\Media Converter d------ [23:35 20/11/2008]

c:\documents and settings\All Users\Start Menu\Programs\DeepBurner d------ [13:26 02/02/2008]

c:\documents and settings\All Users\Start Menu\Programs\Dell d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Dell\Service Agreement d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Dell Accessories d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Dell Picture Studio d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Dell Picture Studio\Dell Image Expert - Standard d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Dell Picture Studio\Paint Shop Pro d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Digital Line Detect d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\DivX d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\DivX\DivX Codec d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\DivX\DivX Codec\Links d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\DivX\DivX Player d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Dragon NaturallySpeaking 10.0 d------ [03:38 26/12/2008]

c:\documents and settings\All Users\Start Menu\Programs\DVD Shrink 2010 d------ [01:59 21/12/2010]

c:\documents and settings\All Users\Start Menu\Programs\Epson d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Epson\Perfection 2480 - 2580 Guide d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\EPSON Scan d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\EPSON Scan to Web d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\EPSON Smart Panel d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\EPSON Utility Suite d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\EPSON Utility Suite\Copy Utility d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\FLV Player d------ [12:17 25/02/2011]

c:\documents and settings\All Users\Start Menu\Programs\Games dr----- [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Garmin d------ [19:44 25/07/2010]

c:\documents and settings\All Users\Start Menu\Programs\Google Earth d------ [15:34 01/12/2007]

c:\documents and settings\All Users\Start Menu\Programs\Hasbro Interactive d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Hasbro Interactive\RollerCoaster Tycoon d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Homeworkhelp.com d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\HP d------ [18:43 01/06/2008]

c:\documents and settings\All Users\Start Menu\Programs\ImageTransfer d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\InstantCD+DVD d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\InstantCD+DVD\Backup d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\InstantCD+DVD\Duplication d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\InstantCD+DVD\InstantDrive d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\InstantCD+DVD\InstantWrite d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\InstantCD+DVD\Mastering d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\InstantCD+DVD\Music d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\InstantCD+DVD\Tools d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\InstantCD+DVD\Video d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Intel Network Adapters d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\iTunes d------ [20:22 23/12/2010]

c:\documents and settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware d------ [15:36 03/12/2010]

Malwarebytes' Anti-Malware Help.lnk --a---- 805 bytes [12:40 04/05/2011] [13:06 04/05/2011]

Malwarebytes' Anti-Malware.lnk --a---- 805 bytes [12:40 04/05/2011] [13:06 04/05/2011]

Uninstall Malwarebytes' Anti-Malware.lnk --a---- 829 bytes [12:40 04/05/2011] [13:06 04/05/2011]

c:\documents and settings\All Users\Start Menu\Programs\Maxtor MaxBlast 4 d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Microsoft Encarta d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Microsoft Games d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Microsoft Games\Age of Empires III d------ [23:39 11/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Microsoft Games\Age of Empires III\Diagnostics d------ [23:39 11/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Microsoft Games\Age of Empires III\History Channel Trailers d------ [23:39 11/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Microsoft Games\Age of Empires III - The WarChiefs d------ [00:02 12/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Microsoft Games\Age of Empires III - The WarChiefs\Diagnostics d------ [00:02 12/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Microsoft Games\Age of Mythology - The Titans Expansion d------ [01:52 09/07/2008]

c:\documents and settings\All Users\Start Menu\Programs\Microsoft Games\Age of Mythology - The Titans Expansion\Age of Mythology - The Titans Expansion Docs d------ [01:52 09/07/2008]

c:\documents and settings\All Users\Start Menu\Programs\Microsoft Games\Age of Mythology - The Titans Expansion\Diagnostics d------ [01:52 09/07/2008]

c:\documents and settings\All Users\Start Menu\Programs\Microsoft Games\Age of Mythology - The Titans Expansion\Web Links d------ [01:52 09/07/2008]

c:\documents and settings\All Users\Start Menu\Programs\Microsoft Games\Zoo Tycoon 2 d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Microsoft Games\Zoo Tycoon 2\Web Links d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Microsoft Office d------ [20:42 01/02/2011]

c:\documents and settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools d------ [20:42 01/02/2011]

c:\documents and settings\All Users\Start Menu\Programs\Microsoft Silverlight d------ [00:40 24/10/2010]

c:\documents and settings\All Users\Start Menu\Programs\Microsoft SQL Server 2005 d------ [16:29 02/02/2011]

c:\documents and settings\All Users\Start Menu\Programs\Microsoft SQL Server 2005\Configuration Tools d------ [16:29 02/02/2011]

c:\documents and settings\All Users\Start Menu\Programs\Modem Helper d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Motorola Driver Installer d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Motorola Driver Installer\Release Notes d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Motorola Phone Tools d------ [21:04 24/05/2008]

c:\documents and settings\All Users\Start Menu\Programs\Mozilla Firefox d------ [16:51 03/12/2010]

c:\documents and settings\All Users\Start Menu\Programs\Nero 7 Ultra Edition d------ [18:14 30/11/2008]

c:\documents and settings\All Users\Start Menu\Programs\Nero 7 Ultra Edition\Audio d------ [18:14 30/11/2008]

c:\documents and settings\All Users\Start Menu\Programs\Nero 7 Ultra Edition\Data d------ [18:14 30/11/2008]

c:\documents and settings\All Users\Start Menu\Programs\Nero 7 Ultra Edition\Labels d------ [18:14 30/11/2008]

c:\documents and settings\All Users\Start Menu\Programs\Nero 7 Ultra Edition\Manuals d------ [18:14 30/11/2008]

c:\documents and settings\All Users\Start Menu\Programs\Nero 7 Ultra Edition\Photo and Video d------ [18:14 30/11/2008]

c:\documents and settings\All Users\Start Menu\Programs\Nero 7 Ultra Edition\Play d------ [18:14 30/11/2008]

c:\documents and settings\All Users\Start Menu\Programs\Nero 7 Ultra Edition\Share d------ [18:14 30/11/2008]

c:\documents and settings\All Users\Start Menu\Programs\Nero 7 Ultra Edition\Tools d------ [18:14 30/11/2008]

c:\documents and settings\All Users\Start Menu\Programs\Norton SystemWorks d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Norton SystemWorks\Norton AntiVirus d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Norton SystemWorks\Norton CleanSweep d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\OLYMPUS CAMEDIA d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Pinnacle TRex d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\PIXELA d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\PIXELA\ImageMixer d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Powertoys for Windows XP d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\ProShow Gold d------ [03:10 07/11/2007]

Proshow.lnk --a---- 826 bytes [02:59 07/05/2011] [02:59 07/05/2011]

c:\documents and settings\All Users\Start Menu\Programs\PSP Video 9 d------ [19:43 30/11/2008]

c:\documents and settings\All Users\Start Menu\Programs\QuickTime d------ [20:18 23/12/2010]

c:\documents and settings\All Users\Start Menu\Programs\Real d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Real\RealOne Player d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\RealVNC d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\RealVNC\VNC Server 4 (Service-Mode) d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\RealVNC\VNC Server 4 (User-Mode) d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\RealVNC\VNC Viewer 4 d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Red Kawa d------ [19:43 30/11/2008]

c:\documents and settings\All Users\Start Menu\Programs\Red Kawa\YouTube Downloader App d------ [19:44 30/11/2008]

c:\documents and settings\All Users\Start Menu\Programs\Registry Booster d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Sansa Media Converter d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\SharePoint d------ [20:42 01/02/2011]

c:\documents and settings\All Users\Start Menu\Programs\Skype d------ [05:08 05/01/2010]

c:\documents and settings\All Users\Start Menu\Programs\Sonic d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Sonic\RecordNow! d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Sony Digital Voice Editor 2 d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Spybot - Search & Destroy d------ [21:01 22/01/2011]

c:\documents and settings\All Users\Start Menu\Programs\Startup dr----- [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Studio 8 d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Studio 8\Help d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Studio 8\Tools d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\System Tweaker d------ [22:15 12/12/2007]

c:\documents and settings\All Users\Start Menu\Programs\The Learning Company d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\Wiley CPA Desktop 2011 d------ [17:25 02/02/2011]

dwebpro.lnk --a---- 924 bytes [13:18 07/05/2011] [13:18 07/05/2011]

c:\documents and settings\All Users\Start Menu\Programs\Winamp d------ [17:44 16/02/2008]

c:\documents and settings\All Users\Start Menu\Programs\WinZip d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\WordPerfect Office 11 d------ [03:10 07/11/2007]

c:\documents and settings\All Users\Start Menu\Programs\WordPerfect Office 11\Technical Support d------ [03:10 07/11/2007]

-= EOF =-

Link to post
Share on other sites

Unfortunately it looks like they are really gone. The folders are all there, but nothing in them. Thsi means you'll have to put back the shortcut to the program in each folder. This is not very difficult, but an annoying job to say the very least.

Do you have any other problems left?

Link to post
Share on other sites

I'm glad to hear things are running so well. :) Lets make sure that everything stays fine. Once confirmed clean, I'll give you some final prevention information.

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 6.
  • Look for "JDK 6 Update 25 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-6u25-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

C:\Documents and Settings\d\My Documents\Downloads\winamp561_full_emusic-7plus_en-us.exe Win32/OpenCandy application deleted - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\Process.exe.vir Win32/PrcView application cleaned by deleting - quarantined

Link to post
Share on other sites

These were only leftovers, which means you're good to go! :)

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS and GMER (this is a random named file)

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.