Skip to main content

bamajim

10.4K Posts

September 8th, 2009 19:00

 

jeffhaines

You have a few problems there. And it will take a couple of runs at this to completely remove, so please be patient

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop (How to extract (decompress) zipped or compressed files, help in the link here: )

2. Copy all the text contained in the bold below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to Delete:
AntipPro2009_100

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Select Load Script
  • Select Paste from Clipboard
  • The information should now appear in the Open window
  • Select Execute
  • Answer Yes When prompted "Are you sure you want to execute the current script?"

4. The Avenger will automatically do the following:
  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply

 

jeffhaines

5 Posts

September 8th, 2009 23:00

HI Bamajim, Thank you for your clear directions. Here's the content of the Avenger Logfile:

 

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "AntipPro2009_100" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

bamajim

10.4K Posts

September 9th, 2009 07:00

jeffhaines

You are welcome.


1. Go HERE and download File Lister.
  • Save it to your Desktop
  • Rt Click ->> Extract all ->> And extract it to your Desktop
  • Additional help on extracting zip files can be found HERE
  • Open the File Lister Folder.
  • Note: Leave the FileLister.vbe file in the folder and run it from there.
  • Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
  • When the program is fnished it will produce a log for you C:\Files.txt

Copy and paste the contents of that log in your reply.

jeffhaines

5 Posts

September 9th, 2009 11:00

Hi Bamajim,

When I copied and was about to paste theC:\Files.txt into this reply my computer went blank and rebooted requiring me to run File Lister again to generate the log. What also happened was another file ("Hidded -Notepad") was generated and wound up in the same folder. I'm including that as well for what it's worth.

This is the second time my computer went blank and rebooted. I don't know what's going on with this. Anyway here's the File Lister Log:


+++++++++++++++++++++++++++++++++
+ File Lister  Version 1.1.1                                 +
+                                                                    +
+  By bamajim / SpywareHammer.com                 +
+++++++++++++++++++++++++++++++++

Report ran on --->>>  9/9/2009 10:28:54 AM


====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\WScript.exe

====== BHO's ======

BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll

BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL

BHO: (NO NAME) - {76DC0B63-1533-4ba9-8BE8-D59EB676FA02} -

BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL

====== HKLM\~\Run Keys ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

[IgfxTray] = C:\WINDOWS\system32\igfxtray.exe
[HotKeysCmds] = C:\WINDOWS\system32\hkcmd.exe
[Persistence] = C:\WINDOWS\system32\igfxpers.exe
[SoundMAXPnP] = C:\Program Files\Analog Devices\Core\smax4pnp.exe
[NeroFilterCheck] = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HP Software Update] = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[type32] = "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
[POINTER] = point32.exe
[SunJavaUpdateSched] = C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
[Gfuqize] = rundll32.exe "C:\WINDOWS\uguwafonutulivih.dll",e
[KernelFaultCheck] = %systemroot%\system32\dumprep 0 -k

====== HKCU\~\Run Keys ======

[BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
[H/PC Connection Agent] = "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
[ctfmon.exe] = C:\WINDOWS\system32\ctfmon.exe
[DownloadAccelerator] = "C:\Program Files\DAP\DAP.EXE" /STARTUP

====== DNS Info (List may be empty) ======

HKEY_LOCAL_MACHINE\CCS\~\{89A30CC8-94F9-46FC-84A7-D5FCFB1496E0}\  NameServer=

HKEY_LOCAL_MACHINE\CS001\~\{89A30CC8-94F9-46FC-84A7-D5FCFB1496E0}\  NameServer=


HKEY_LOCAL_MACHINE\CS003\~\{89A30CC8-94F9-46FC-84A7-D5FCFB1496E0}\  NameServer=

====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

8/27/2009 12:07:17 AM    1100736    C:\312475cfcb24b523b0b3
8/27/2009 12:07:18 AM    1100736    C:\312475cfcb24b523b0b3\update
9/8/2009 10:32:42 PM    4026863    C:\Avenger
8/4/2009 7:33:17 PM    17033    C:\avlog
8/27/2009 12:07:59 AM    1087424    C:\d227cc771989214b1f007b
8/27/2009 12:08:00 AM    1087424    C:\d227cc771989214b1f007b\update
8/27/2009 12:06:47 AM    800560    C:\eeccac017a279eedadd2678c750f7f
8/27/2009 12:06:47 AM    800560    C:\eeccac017a279eedadd2678c750f7f\update
9/8/2009 10:32:42 PM    984    32    C:\avenger.txt
9/9/2009 10:20:45 AM    0    32    C:\Files.txt
8/27/2009 7:30:18 PM    1006454    C:\WINDOWS\$NtUninstallKB929399$
8/27/2009 7:30:18 PM    592246    C:\WINDOWS\$NtUninstallKB929399$\spuninst
8/29/2009 11:30:37 AM    907927    C:\WINDOWS\$NtUninstallKB939683$
8/29/2009 11:30:37 AM    592023    C:\WINDOWS\$NtUninstallKB939683$\spuninst
8/27/2009 7:29:51 PM    916991    C:\WINDOWS\$NtUninstallKB954154_WM11$
8/27/2009 7:29:51 PM    621055    C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst
8/12/2009 1:48:20 AM    3342496    C:\WINDOWS\$NtUninstallKB956744$
8/12/2009 1:48:20 AM    625312    C:\WINDOWS\$NtUninstallKB956744$\spuninst
8/12/2009 1:48:31 AM    775989    C:\WINDOWS\$NtUninstallKB960859$
8/12/2009 1:48:31 AM    621877    C:\WINDOWS\$NtUninstallKB960859$\spuninst
7/16/2009 8:01:07 AM    819749    C:\WINDOWS\$NtUninstallKB961371$
7/16/2009 8:01:07 AM    621093    C:\WINDOWS\$NtUninstallKB961371$\spuninst
9/7/2009 1:40:38 PM    2129832    C:\WINDOWS\$NtUninstallKB968389$
9/7/2009 1:40:38 PM    625448    C:\WINDOWS\$NtUninstallKB968389$\spuninst
8/25/2009 2:04:12 PM    696667    C:\WINDOWS\$NtUninstallKB970653-v3$
8/25/2009 2:04:12 PM    636251    C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst
8/12/2009 1:48:24 AM    706290    C:\WINDOWS\$NtUninstallKB971557$
8/12/2009 1:48:24 AM    621298    C:\WINDOWS\$NtUninstallKB971557$\spuninst
7/16/2009 8:02:48 AM    1908894    C:\WINDOWS\$NtUninstallKB971633$
7/16/2009 8:02:48 AM    620702    C:\WINDOWS\$NtUninstallKB971633$\spuninst
8/12/2009 1:48:27 AM    753445    C:\WINDOWS\$NtUninstallKB971657$
8/12/2009 1:48:27 AM    621349    C:\WINDOWS\$NtUninstallKB971657$\spuninst
7/16/2009 8:02:54 AM    734830    C:\WINDOWS\$NtUninstallKB973346$
7/16/2009 8:02:54 AM    620142    C:\WINDOWS\$NtUninstallKB973346$\spuninst
8/12/2009 1:48:07 AM    1935982    C:\WINDOWS\$NtUninstallKB973354$
8/12/2009 1:48:07 AM    621166    C:\WINDOWS\$NtUninstallKB973354$\spuninst
8/12/2009 1:48:12 AM    679993    C:\WINDOWS\$NtUninstallKB973507$
8/12/2009 1:48:12 AM    621113    C:\WINDOWS\$NtUninstallKB973507$\spuninst
8/12/2009 1:48:02 AM    5729654    C:\WINDOWS\$NtUninstallKB973540_WM9$
8/12/2009 1:48:02 AM    621942    C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst
8/12/2009 1:47:17 AM    825135    C:\WINDOWS\$NtUninstallKB973815$
8/12/2009 1:47:17 AM    621359    C:\WINDOWS\$NtUninstallKB973815$\spuninst
8/12/2009 1:48:16 AM    749930    C:\WINDOWS\$NtUninstallKB973869$
8/12/2009 1:48:16 AM    621418    C:\WINDOWS\$NtUninstallKB973869$\spuninst
8/27/2009 12:08:37 AM    607429    C:\WINDOWS\$NtUninstallMSCompPackV1$
8/27/2009 12:08:37 AM    607429    C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst
8/27/2009 12:07:36 AM    20042172    C:\WINDOWS\$NtUninstallWMFDist11$
8/27/2009 12:07:36 AM    632089    C:\WINDOWS\$NtUninstallWMFDist11$\spuninst
8/27/2009 12:08:17 AM    10649998    C:\WINDOWS\$NtUninstallwmp11$
8/27/2009 12:08:17 AM    616544    C:\WINDOWS\$NtUninstallwmp11$\spuninst
8/27/2009 12:07:08 AM    666924    C:\WINDOWS\$NtUninstallWudf01000$
8/27/2009 12:07:08 AM    666924    C:\WINDOWS\$NtUninstallWudf01000$\spuninst
9/7/2009 1:07:37 PM    21866163    C:\WINDOWS\ie7
9/7/2009 1:07:37 PM    1044309    C:\WINDOWS\ie7\spuninst
9/9/2009 10:27:16 AM    36400    C:\WINDOWS\LastGood
9/9/2009 10:27:17 AM    0    C:\WINDOWS\LastGood\INF
9/9/2009 10:27:16 AM    36400    C:\WINDOWS\LastGood\system32
9/9/2009 10:27:16 AM    36400    C:\WINDOWS\LastGood\system32\DRIVERS
8/22/2009 12:01:12 AM    434176    C:\WINDOWS\Minidump
7/28/2009 1:01:48 AM    0    C:\WINDOWS\Sun
7/28/2009 1:01:48 AM    0    C:\WINDOWS\Sun\Java
7/28/2009 1:01:48 AM    0    C:\WINDOWS\Sun\Java\Deployment
8/20/2009 12:12:48 AM    678    32    C:\WINDOWS\AWSInstall.log
9/6/2009 3:21:00 PM    450    32    C:\WINDOWS\DHCPUPG.LOG
8/28/2009 6:57:07 AM    120    32    C:\WINDOWS\Gqohileyocozofu.dat
9/6/2009 3:33:54 PM    21569    32    C:\WINDOWS\ie7Uninst.log
8/25/2009 2:04:23 PM    1847    32    C:\WINDOWS\ie8_main.log
9/6/2009 3:36:28 PM    413    32    C:\WINDOWS\iereseticons.log
8/27/2009 7:30:00 PM    7234    32    C:\WINDOWS\KB929399.log
8/29/2009 11:30:18 AM    6964    32    C:\WINDOWS\KB939683.log
8/27/2009 7:29:49 PM    4628    32    C:\WINDOWS\KB954154.log
8/12/2009 1:48:19 AM    8399    32    C:\WINDOWS\KB956744.log
8/11/2009 3:32:38 PM    13043    32    C:\WINDOWS\KB960859.log
7/16/2009 7:58:23 AM    10960    32    C:\WINDOWS\KB961371.log
8/28/2009 12:24:35 AM    15182    32    C:\WINDOWS\KB968389.log
8/25/2009 2:04:11 PM    4260    32    C:\WINDOWS\KB970653-v3.log
8/11/2009 3:32:33 PM    12577    32    C:\WINDOWS\KB971557.log
7/16/2009 7:58:14 AM    10576    32    C:\WINDOWS\KB971633.log
8/11/2009 3:32:46 PM    13241    32    C:\WINDOWS\KB971657.log
7/28/2009 9:36:21 PM    161320    32    C:\WINDOWS\KB972260-IE7.log
9/7/2009 12:57:03 PM    4145    32    C:\WINDOWS\KB972260.log
7/16/2009 8:02:53 AM    17718    32    C:\WINDOWS\KB973346.log
8/12/2009 1:48:07 AM    7750    32    C:\WINDOWS\KB973354.log
8/11/2009 3:32:41 PM    13470    32    C:\WINDOWS\KB973507.log
8/12/2009 1:48:01 AM    14531    32    C:\WINDOWS\KB973540.log
8/11/2009 3:28:41 PM    11826    32    C:\WINDOWS\KB973815.log
8/12/2009 1:48:15 AM    8003    32    C:\WINDOWS\KB973869.log
9/9/2009 10:25:24 AM    65536    34    C:\WINDOWS\MEMORY.DMP
8/27/2009 12:08:37 AM    8098    32    C:\WINDOWS\MSCompPackV1.log
8/21/2009 4:49:06 PM    551410    32    C:\WINDOWS\ntbtlog.txt
8/28/2009 2:48:14 AM    3    32    C:\WINDOWS\ppp3.dat
8/28/2009 2:48:14 AM    64    32    C:\WINDOWS\ppp4.dat
8/9/2009 12:58:09 AM    10    32    C:\WINDOWS\run.log
8/9/2009 12:57:21 AM    12    32    C:\WINDOWS\srun.log
8/21/2009 4:26:05 PM    6773    32    C:\WINDOWS\WgaNotify.log
9/6/2009 3:20:59 PM    414    32    C:\WINDOWS\WINNT32.LOG
8/27/2009 12:07:19 AM    25460    32    C:\WINDOWS\WMFDist11.log
8/27/2009 12:08:01 AM    18614    32    C:\WINDOWS\wmp11.log
8/26/2009 11:58:59 PM    395    32    C:\WINDOWS\wmsetup10.log
8/27/2009 12:06:48 AM    9571    32    C:\WINDOWS\Wudf01000Inst.log
9/7/2009 1:40:45 PM    49152    C:\WINDOWS\system32\ar-SA
9/7/2009 1:40:45 PM    49152    C:\WINDOWS\system32\da-DK
9/7/2009 1:40:45 PM    53248    C:\WINDOWS\system32\de-DE
9/7/2009 1:40:45 PM    53248    C:\WINDOWS\system32\el-GR
9/7/2009 1:40:45 PM    53248    C:\WINDOWS\system32\es-ES
9/7/2009 1:40:45 PM    49152    C:\WINDOWS\system32\fi-FI
9/7/2009 1:40:45 PM    53248    C:\WINDOWS\system32\fr-FR
9/7/2009 1:40:45 PM    49152    C:\WINDOWS\system32\he-IL
9/7/2009 1:40:45 PM    53248    C:\WINDOWS\system32\it-IT
9/7/2009 1:40:45 PM    49152    C:\WINDOWS\system32\ko-KR
8/27/2009 12:07:12 AM    0    C:\WINDOWS\system32\LogFiles
8/27/2009 12:07:12 AM    0    C:\WINDOWS\system32\LogFiles\WUDF
9/6/2009 2:31:40 AM    0    C:\WINDOWS\system32\N360_BACKUP
9/7/2009 1:40:45 PM    49152    C:\WINDOWS\system32\nb-NO
9/7/2009 1:40:45 PM    53248    C:\WINDOWS\system32\nl-NL
9/7/2009 1:40:45 PM    53248    C:\WINDOWS\system32\pt-BR
9/7/2009 1:40:45 PM    49152    C:\WINDOWS\system32\sv-SE
9/7/2009 1:40:45 PM    53248    C:\WINDOWS\system32\tr-TR
9/7/2009 1:40:45 PM    49152    C:\WINDOWS\system32\zh-HK
9/7/2009 1:40:45 PM    49152    C:\WINDOWS\system32\zh-TW
9/5/2009 3:50:20 PM    172032    32    C:\WINDOWS\system32\AniGIF.ocx
8/21/2009 3:59:50 PM    9    32    C:\WINDOWS\system32\bennuar.old
8/21/2009 4:02:59 PM    4    32    C:\WINDOWS\system32\bincd32.dat
9/6/2009 12:00:14 AM    107368    33    C:\WINDOWS\system32\GEARAspi.dll
7/19/2009 9:33:26 PM    49248    32    C:\WINDOWS\system32\java.exe
7/19/2009 9:33:26 PM    49250    32    C:\WINDOWS\system32\javaw.exe
7/19/2009 9:33:26 PM    127078    32    C:\WINDOWS\system32\javaws.exe
7/19/2009 9:33:26 PM    49265    32    C:\WINDOWS\system32\jpicpl32.cpl
7/19/2009 9:33:11 PM    3460    32    C:\WINDOWS\system32\jupdate-1.5.0_03-b07.log
7/20/2009 7:41:20 AM    268648    32    C:\WINDOWS\system32\mucltui.dll
7/20/2009 7:41:21 AM    27496    32    C:\WINDOWS\system32\mucltui.dll.mui
7/20/2009 7:41:21 AM    208744    32    C:\WINDOWS\system32\muweb.dll
8/3/2009 3:07:42 PM    322928    32    C:\WINDOWS\system32\OGAAddin.dll
8/3/2009 3:07:42 PM    403816    32    C:\WINDOWS\system32\OGACheckControl.dll
8/3/2009 3:07:42 PM    230768    32    C:\WINDOWS\system32\OGAEXEC.exe
9/5/2009 11:59:53 PM    60808    32    C:\WINDOWS\system32\S32EVNT1.DLL
9/5/2009 7:11:25 PM    43    32    C:\WINDOWS\system32\SKYNETddhgqvng.dat
8/9/2009 12:48:36 AM    395485    32    C:\WINDOWS\system32\SKYNETxbfmlygh.dat
8/21/2009 3:59:36 PM    87    32    C:\WINDOWS\system32\sonhelp.htm
8/27/2009 12:08:38 AM    17272    0    C:\WINDOWS\system32\spmsg.dll
8/21/2009 3:59:37 PM    36    32    C:\WINDOWS\system32\sysnet.dat
8/9/2009 12:58:56 AM    6611    32    C:\WINDOWS\system32\uacinit.dll
8/9/2009 12:59:03 AM    310    32    C:\WINDOWS\system32\UACiujhttvjyv.dat
8/9/2009 12:59:17 AM    1110399    32    C:\WINDOWS\system32\UACqdtnqhgoyj.db
8/12/2009 1:48:06 AM    221184    32    C:\WINDOWS\system32\wmpns.dll

====== Files under "\Administrator\Startup" Last 60 Days======

8/21/2009 4:49:38 PM    84    38    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini

====== Files under "\All Users\Startup" Last 60 Days======


====== Files and Folders under "\Program Files" Last 60 Days======

9/5/2009 3:50:20 PM    15579689    C:\Program Files\DAP
8/4/2009 5:48:38 PM    0    C:\Program Files\hvhswb
7/19/2009 9:32:53 PM    59707956    C:\Program Files\Java
7/20/2009 8:18:20 AM    800662    C:\Program Files\Microsoft CAPICOM 2.1.0.2
7/25/2009 9:22:56 AM    34979336    C:\Program Files\Microsoft Office
7/19/2009 10:38:31 PM    15457363    C:\Program Files\Microsoft Silverlight
7/25/2009 9:22:39 AM    29643597    C:\Program Files\MSECache
9/5/2009 11:59:27 PM    150316701    C:\Program Files\Norton 360
9/5/2009 9:24:07 PM    13854197    C:\Program Files\NortonInstaller
9/5/2009 11:59:52 PM    194046    C:\Program Files\Symantec
9/6/2009 2:29:51 PM    10648494    C:\Program Files\Uniblue
8/27/2009 12:08:24 AM    3581070    C:\Program Files\Windows Media Connect 2
9/5/2009 11:59:27 PM    93783    C:\Program Files\Windows Sidebar

====== Files under "\System32\Drivers" Last 60 Days======

9/6/2009 12:00:14 AM    26600    33    C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
9/5/2009 11:59:53 PM    7456    32    C:\WINDOWS\system32\drivers\SYMEVENT.CAT
9/5/2009 11:59:53 PM    806    32    C:\WINDOWS\system32\drivers\SYMEVENT.INF
9/5/2009 11:59:53 PM    124976    32    C:\WINDOWS\system32\drivers\SYMEVENT.SYS
9/5/2009 11:59:57 PM    36400    33    C:\WINDOWS\system32\drivers\SymIM.sys

====== Files Deleted under "%Temp%" ======


11 Files deleted

====== Files and Folders under "All Users\Application Data" Last 60 Days======

8/9/2009 11:04:32 PM    56    C:\Documents and Settings\All Users\Application Data\10649844
8/20/2009 12:34:13 AM    752    C:\Documents and Settings\All Users\Application Data\Adobe
8/20/2009 12:38:51 AM    479    C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat
8/20/2009 12:38:51 AM    479    C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\9.0
8/20/2009 12:38:51 AM    479    C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\9.0\Replicate
8/20/2009 12:38:51 AM    479    C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\9.0\Replicate\Security
8/20/2009 12:34:13 AM    0    C:\Documents and Settings\All Users\Application Data\Adobe\AIR
8/20/2009 12:34:13 AM    0    C:\Documents and Settings\All Users\Application Data\Adobe\AIR\Updater
8/20/2009 12:39:17 AM    273    C:\Documents and Settings\All Users\Application Data\Adobe\Updater6
9/5/2009 11:59:26 PM   
====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\

====== Services ( Services that are Whitelisted are not shown) ======

ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service)- C:\WINDOWS\system32\drivers\ADIHdAud.sys - Manual/Running
BHDrvx86 (Symantec Heuristics Driver)- C:\WINDOWS\system32\Drivers\N360\0305020.00B\BHDrvx86.sys - System/Running
ccHP (Symantec Hash Provider)- C:\WINDOWS\system32\Drivers\N360\0305020.00B\ccHPx86.sys - System/Running
eeCtrl (Symantec Eraser Control driver)- \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys - System/Running
EraserUtilRebootDrv (EraserUtilRebootDrv)- \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys - Manual/Running
IDSxpx86 (IDSxpx86)- \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090904.002\IDSxpx86.sys - System/Running
NuidFltr (NUID filter driver)- C:\WINDOWS\system32\DRIVERS\NuidFltr.sys - Manual/Running
SenFiltService (SenFilt Service)- C:\WINDOWS\system32\drivers\Senfilt.sys - Manual/Running
SRTSP (Symantec Real Time Storage Protection)- C:\WINDOWS\system32\Drivers\N360\0305020.00B\SRTSP.SYS - System/Running
SRTSPX (Symantec Real Time Storage Protection (PEL))- C:\WINDOWS\system32\drivers\N360\0305020.00B\SRTSPX.SYS - System/Running
SymEFA (Symantec Extended File Attributes)- C:\WINDOWS\system32\drivers\N360\0305020.00B\SYMEFA.SYS - Boot/Running
SYMNDIS (Symantec Network Filter Driver)- C:\WINDOWS\system32\Drivers\N360\0305020.00B\SYMNDIS.SYS - Manual/Running
wceusbsh (Windows CE USB Serial Host Driver)- C:\WINDOWS\system32\DRIVERS\wceusbsh.sys - Manual/Stopped
Wdf01000 (Wdf01000)- C:\WINDOWS\system32\DRIVERS\Wdf01000.sys - Manual/Running
SymIM (Symantec Network Security Intermediate Filter Service)- C:\WINDOWS\system32\DRIVERS\SymIM.sys - Manual/Stopped
SymIMMP (SymIMMP)- C:\WINDOWS\system32\DRIVERS\SymIM.sys - Manual/Running

====== Uninstall List ======

Adobe Acrobat 4.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Download Accelerator Plus (DAP)
EPSON Photo Print
Intel(R) Graphics Media Accelerator Driver
HijackThis 2.0.2
HP Imaging Device Functions 5.0
HP Solution Center & Imaging Support Tools 5.0
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
ImageConverter Plus 7.1
High Definition Audio Driver Package - KB835221
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows XP (KB938464-v2)
Hotfix for Windows Media Player 11 (KB939683)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Update for Windows XP (KB951978)
Security Update for Windows XP (KB952004)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Hotfix for Windows XP (KB970653-v3)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows Media Player (KB973540)
Update for Windows XP (KB973815)
Security Update for Windows XP (KB973869)
Microsoft Compression Client Pack 1.0 for Windows XP
Norton 360
Advertisement Service
Microsoft National Language Support Downlevel APIs
EPSON Scanner Reference Guide
Verizon Online DSL
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Windows Genuine Advantage Notifications (KB905474)
Microsoft ActiveSync 3.7
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft IntelliPoint 4.0
Destinations
Security Update for CAPICOM (KB931906)
HP Software Update
Unload
TrayApp
J2SE Runtime Environment 5.0 Update 3
WebFldrs XP
Nero 7 Essentials
Dell Resource CD
Microsoft IntelliType Pro 5.3
WebReg
Dell Driver Reset Tool
DeviceFunctionQFolder
eSupportQFolder
EPSON Smart Panel
Acrobat.com
Microsoft Visual C++ 2005 Redistributable
Adobe Product/Adobe Studio Update 10/2001
HP Deskjet 5900 series
Microsoft Silverlight
Compatibility Pack for the 2007 Office system
Microsoft Office XP Small Business
Microsoft Outlook 2002
e-Sword
EPSON TWAIN 5
Adobe AIR
HPDeskjet5900Series
DeviceManagementQFolder
Adobe Reader 9.1
OGA Notifier 2.0.0048.0
ViewSonic Monitor Drivers
EPSON Copy Utility
BufferChm
iPAQ Web Registration
Ad-Aware
HPProductAssistant
Uniblue RegistryBooster 2009
SolutionCenter
ScanToWeb
SoundMAX
Status
HP Image Zone Express

======== Other Info ========

TOTAL PHYSICAL RAM: 2137 MB

Boot Info

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect


OS Type:  Microsoft Windows XP Professional
Build:  5.1.2600
Service Pack:  3.0


====== Files with Hidden Attributes======

C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\NTDETECT.COM
C:\Documents and Settings\Administrator\NTUSER.DAT
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\index.dat
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\Default User\NTUSER.DAT
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\MSHist012009082120090822\index.dat
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\MSHist012009082820090829\index.dat
C:\Documents and Settings\NetworkService\Cookies\index.dat
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat

==End of Report==

And here's is the content of the Hidden - Notepad Log:

C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\NTDETECT.COM
C:\Documents and Settings\Administrator\NTUSER.DAT
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\index.dat
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\Default User\NTUSER.DAT
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\MSHist012009082120090822\index.dat
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\MSHist012009082820090829\index.dat
C:\Documents and Settings\NetworkService\Cookies\index.dat
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
C:\Documents and Settings\user\Application Data\Microsoft\Office\Recent\index.dat
C:\Documents and Settings\user\Application Data\U3\temp\Launchpad Removal.exe
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\user\Local Settings\History\History.IE5\MSHist012009090720090908\index.dat
C:\Documents and Settings\user\Local Settings\History\History.IE5\MSHist012009090820090909\index.dat
C:\Documents and Settings\user\Local Settings\History\History.IE5\MSHist012009090920090910\index.dat

Again thank you Bamajim.  Jeff

bamajim

10.4K Posts

September 9th, 2009 15:00


jeffhaines

Good work. The hidden.txt file that FileLister created is part of the program

1. Rerun Avenger

2. Copy all the text contained in the bold below to your Clipboard by highlighting it and pressing (Ctrl+C):


Registry values to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Gfuqize

Files to Delete:
C:\WINDOWS\uguwafonutulivih.dll
C:\WINDOWS\Gqohileyocozofu.dat
C:\WINDOWS\ppp3.dat
C:\WINDOWS\ppp4.dat
C:\WINDOWS\system32\bennuar.old
C:\WINDOWS\system32\bincd32.dat
C:\WINDOWS\system32\SKYNETddhgqvng.dat
C:\WINDOWS\system32\SKYNETxbfmlygh.dat
C:\WINDOWS\system32\sonhelp.htm
C:\WINDOWS\system32\sysnet.dat
C:\WINDOWS\system32\uacinit.dll
C:\WINDOWS\system32\UACiujhttvjyv.dat
C:\WINDOWS\system32\UACqdtnqhgoyj.db

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Select Load Script
  • Select Paste from Clipboard
  • The information should now appear in the Open window
  • Select Execute
  • Answer Yes When prompted "Are you sure you want to execute the current script?"

4. The Avenger will automatically do the following:
  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply

jeffhaines

5 Posts

September 10th, 2009 14:00

Hi Bamajim,

Here's the c:\avenger.txt Avenger generated.  Again thanks alot.  Jeff

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\uguwafonutulivih.dll" deleted successfully.
File "C:\WINDOWS\Gqohileyocozofu.dat" deleted successfully.
File "C:\WINDOWS\ppp3.dat" deleted successfully.
File "C:\WINDOWS\ppp4.dat" deleted successfully.
File "C:\WINDOWS\system32\bennuar.old" deleted successfully.
File "C:\WINDOWS\system32\bincd32.dat" deleted successfully.
File "C:\WINDOWS\system32\SKYNETddhgqvng.dat" deleted successfully.
File "C:\WINDOWS\system32\SKYNETxbfmlygh.dat" deleted successfully.
File "C:\WINDOWS\system32\sonhelp.htm" deleted successfully.
File "C:\WINDOWS\system32\sysnet.dat" deleted successfully.
File "C:\WINDOWS\system32\uacinit.dll" deleted successfully.
File "C:\WINDOWS\system32\UACiujhttvjyv.dat" deleted successfully.
File "C:\WINDOWS\system32\UACqdtnqhgoyj.db" deleted successfully.
Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Gfuqize" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

bamajim

10.4K Posts

September 11th, 2009 07:00

jeffhaines

You are most welcome.

Now rerun Hijackthis and post a fresh Hijackthis log

jeffhaines

5 Posts

September 11th, 2009 17:00

 

Hi Bamajim,

Here's the log.

Jeff

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:43 PM, on 9/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Uniblue\RegistryBooster 2009\registrybooster.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\New Downloads\Registry\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.live.com/default.aspx?wa=wsignin1.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: ::1 localhost
O1 - Hosts: 208.43.47.212 a1.review.zdnet.com
O1 - Hosts: 208.43.47.212 reviews.riverstreams.co.uk
O1 - Hosts: 208.43.47.212 d1.reviews.cnet.com
O1 - Hosts: 208.43.47.212 review.2009softwarereviews.com
O1 - Hosts: 208.43.47.212 reviews.download.com
O1 - Hosts: 208.43.47.212 reviews.pcadvisor.co.uk
O1 - Hosts: 208.43.47.212 reviews.pcmag.com
O1 - Hosts: 208.43.47.212 reviews.pcpro.co.uk
O1 - Hosts: 208.43.47.212 reviews.techradar.com
O1 - Hosts: 208.43.47.212 toptenreviews.com
O1 - Hosts: 208.43.47.212 www.reevoo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: ICQSys (IE PlugIn) - {76DC0B63-1533-4ba9-8BE8-D59EB676FA02} - (no file)
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Documents and Settings\user\Desktop\New Downloads\iPAQ\Outlook 2002\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7637 bytes

Was this post helpful?

View All

No Events found!

Top