Karl`s PC Help Forums

Hijack this please-Can't access any AV sites
JumptoConclusions - 19-11-2008 at 16:17

I have WIN XP SP2 with IE7. I'm infected with some sort of virus and/or malware. The problem is I can't access any AV web sites to update my AV definitions, or downaload any new AV or SPyware software. (this includes HiJack This, so I can't even provide a log file.) IE will redirect me to elsewhere.

How can I update my PC so I can scan and eliminate this virus? Any help would be greatly appreciated.


Quaver - 19-11-2008 at 16:29

How about another browser?
Firefox or Opera?

Or can't you download anything? How about if someone sent you the Hijackthis file as an attachment by email?


Quaver - 19-11-2008 at 16:42

Perhaps you could open a throwaway email account, so one of us could email you? Hotmail or something?

I have to go now, but since Hijackthis is only 300k, it should be easywaveysmiley


Daz - 19-11-2008 at 21:42

Download, update and run MalwareBytes (A Direct Link Here) (Direct link meaning it should just start to download, no visiting web pages required)

A direct link for Firefox

A direct link for Opera

Then see if you can post a log for Pancake here...


JumptoConclusions - 20-11-2008 at 03:00

Thanks for the advice. I was able to install Opera, but had the same result. I am able to reach many different web sites, but can not get onto any AV or security software site. I was able to get to Panda and Trend Micro but when i tried to download, the "virus" stopped the download.

I'm really stuck. I emailed malwarebytes from my other PC, but I can't run it on my infected PC. If I can't download any updates to mysecurity software, or download any new programs...what do I do? Very frustrating...they really got me.


Daz - 20-11-2008 at 09:51

Quote:
Originally posted by JumptoConclusions
Thanks for the advice. I was able to install Opera, but had the same result. I am able to reach many different web sites, but can not get onto any AV or security software site. I was able to get to Panda and Trend Micro but when i tried to download, the "virus" stopped the download.

I'm really stuck. I emailed malwarebytes from my other PC, but I can't run it on my infected PC. If I can't download any updates to mysecurity software, or download any new programs...what do I do? Very frustrating...they really got me.


Download Malwarebytes from your other PC, and remember to get the latest updates for it, reboot the infected PC, press F8 during startup to get into "Safe Mode", install and run Malwarebytes.

You'll have to transfer the file/s from the good PC to the infected one, but in safe mode, everything should be ok, so you'll be able to install the bits you need to.

In fact, thinking about it, just download Hijack This* (Direct link) and run this in "Safe Mode", then you should be able to post a full log in here...

* Hijack This, but in a zip file, not as an .exe (Just in case you need it)


JumptoConclusions - 21-11-2008 at 01:02

Ok, finally able to run Hijack This. Won't allow me to run Malwarebytes. Hope this helps....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:12 PM, on 11/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesLavasoftAd-Awareaawservice.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Documents and SettingsCompaq_OwnerDesktopmbam-setup.exe
C:Documents and SettingsCompaq_OwnerDesktopmbam-setup.exe
C:DOCUME~1COMPAQ~1LOCALS~1TempTemporary Directory 1 for HiJackThis.zipHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:WINDOWSpchealthhelpctrVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USpluginWebHelper.dll
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [Recguard] C:WINDOWSSMINSTRECGUARD.EXE
O4 - HKLM..Run: [HPBootOp] "C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe" /run
O4 - HKLM..Run: [Lexmark X6100 Series] "C:Program FilesLexmark X6100 Serieslxbfbmgr.exe"
O4 - HKLM..Run: [HP Software Update] C:Program FilesHpHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 - HKLM..Run: [cctray] "C:Program FilesCACA Internet Security Suitecctraycctray.exe"
O4 - HKLM..Run: [QOELOADER] "C:Program FilesCACA Internet Security SuiteCA Anti-SpamQSP-5.1.18.0QOELoader.exe"
O4 - HKLM..Run: [CAVRID] "C:Program FilesCACA Internet Security SuiteCA Anti-VirusCAVRID.exe"
O4 - HKLM..Run: [cafwc] C:Program FilesCACA Internet Security SuiteCA Personal Firewallcafw.exe -cl
O4 - HKLM..Run: [capfasem] C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfasem.exe
O4 - HKLM..Run: [capfupgrade] C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfupgrade.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07binjusched.exe"
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [94642759789530726332763078619483] C:Program FilesAntivirus 2009av2009.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:hpbinCLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~4OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~4OFFICE11REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG8avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Awareaawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:Program FilesCACA Internet Security Suiteccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:Program FilesCACA Internet Security SuiteCA Anti-VirusISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:Program FilesCASharedComponentsPPRTbinITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: PPCtlPriv - CA, Inc. - C:Program FilesCACA Internet Security SuiteCA Anti-SpywarePPCtlPriv.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:Program FilesCommon Filessupportsoftbinssrc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:Program FilesCASharedComponentsHIPSEngineUmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:Program FilesCASharedComponentsHIPSEngineUmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:Program FilesCASharedComponentsHIPSEngineUmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:Program FilesCASharedComponentsHIPSEngineUmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:Program FilesCACA Internet Security SuiteCA Anti-VirusVetMsg.exe

--
End of file - 8342 bytes


LSemmens - 21-11-2008 at 10:53

Hopefully Pancake will see this, I'm no expert, but there are a couple of unfamiliar lines there.


JumptoConclusions - 21-11-2008 at 14:17

Can I modify the subject line to ask for Pancake's help?

Yes, I noticed some "redirect" lines in there that are probably causing at least part of the problem. The other thing I notice is that while running in safe mode my runniing processes list is very small. When in normal mode, the list is a lot longer. Aren't we missing some useful data by runing the report in safe mode?

Pancake, please understand I could not follow the steps exactly as posted. This is because I could not run the apps you listed in "Steps prior to posting logs."

I do know this. The original infection was the Antivirus 2009 virus or malware...not sure what it is technically. I removed most of it manually, but I don't think I got it all. I also have a suspicion this launched addl malware, spyware, etc.

My PC works ok for the most part. Able to connect to the internet. Still can't update any AV or scanning software, or launch any new AV or scanning programs. Otherwise, it's been relatively "stable" but I know if this isn't corrected it's only a matter of time before further damage occurs.


Dreamweaver - 21-11-2008 at 18:46

Have edited your title to help Pancake see it. :)


Pancake - 21-11-2008 at 23:28

Run both these programs.


Please download Malwarebytes' Anti-Malware from one of these places:

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


=====================================================================================

=====================================================================================


Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.

Double-click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


[bad img]http://i254.photobucket.com/albums/hh103/velta911/RcAuto1.gif[/bad img]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


[bad img]http://i254.photobucket.com/albums/hh103/velta911/whatnext.png[/bad img]


Click on Yes to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:ComboFix.txt in your next reply.


JumptoConclusions - 22-11-2008 at 02:13

Thank you Pancake, but as I explained above I can't run Malwarebytes. I have tried insafe and normal mode and it will not launch. Same thing cor combofix. This virus will not let me run any av or anti-malware software, and redirects me when I attempt to access these web sites.


Pancake - 22-11-2008 at 08:42

I suggest you download them on another computer,transfer them to yours and then run them.That should fix the main culprits.


Dreamweaver - 22-11-2008 at 09:04

Quote:
Originally posted by Pancake
I suggest you download them on another computer,transfer them to yours and then run them.That should fix the main culprits.


Purely for information Pancake, Jump has already tried that( I have taken advantage of seeing you online :) )

Quote:
Originally posted by JumptoConclusions
Thanks for the advice. I was able to install Opera, but had the same result. I am able to reach many different web sites, but can not get onto any AV or security software site. I was able to get to Panda and Trend Micro but when i tried to download, the "virus" stopped the download.

I'm really stuck. I emailed malwarebytes from my other PC, but I can't run it on my infected PC. If I can't download any updates to mysecurity software, or download any new programs...what do I do? Very frustrating...they really got me.


Pancake - 22-11-2008 at 21:15

Ok..Can you run this:?

Download Random's System Information Tool http://images.malwareremoval.com/random/RSIT.exe and save it to your desktop. Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log called log.txt and a log called info.txt .
Copy and paste the contents of log.txt here.

Please attach info.txt to your post.


JumptoConclusions - 22-11-2008 at 22:47

It worked, but only produced one log as far as I can tell. I will scan again, but here's what I have..

info.txt logfile of random's system information tool 1.04 2008-11-22 16:44:50

======Uninstall list======

-->C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
-->C:WINDOWSIsUninst.exe -fC:WINDOWSorun32.isu
-->c:WINDOWSsystem32\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:WINDOWSsystem32\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:WINDOWSsystem32\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
ABBYY FineReader 5.0 Sprint Plus-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player-->C:WINDOWSsystem32AdobeSHOCKW~1UNWISE.EXE C:WINDOWSsystem32AdobeSHOCKW~1Install.log
Agere Systems PCI-SV92PP Soft Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Control Panel-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{0BEDBD4E-2D34-47B5-9973-57E62B29307C}setup.exe"
ATI Display Driver-->rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.0-->C:Program FilesAVGAVG8setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CA Internet Security Suite-->"C:Program FilesCACA Internet Security Suitecaunst.exe" /u
Compaq Connections (remove only)-->C:WINDOWSHPCPCUninstall-5577497HPBWSetup.exe -appid 5577497 -uninstall
Compaq Organize-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{D0122362-6333-4DE4-93F6-A5A2F3CC101A}Setup.exe" UNINSTALL
Deer Drive 1.51T-->C:Program FilesDeer Driveuninst.exe
High Definition Audio Driver Package - KB888111-->"C:WINDOWS$NtUninstallKB888111WXPSP2$spuninstspuninst.exe"
HijackThis 2.0.2-->"C:DOCUME~1COMPAQ~1LOCALS~1TempTemporary Directory 1 for HiJackThis.zipHijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:WINDOWSie7updatesKB947864-IE7spuninstspuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe"
Hotfix for Windows XP (KB893357)-->"C:WINDOWS$NtUninstallKB893357$spuninstspuninst.exe"
Hotfix for Windows XP (KB906569)-->"C:WINDOWS$NtUninstallKB906569$spuninstspuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:WINDOWS$NtUninstallKB915865$spuninstspuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:WINDOWS$NtUninstallKB926239$spuninstspuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:WINDOWS$NtUninstallKB935448$spuninstspuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe"
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP DVD Play 2.1-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{45D707E9-F3C4-11D9-A373-0050BAE317E1}Setup.exe" -uninstall
HP Imaging Device Functions 7.0-->C:Program FilesHPDigital ImagingDeviceManagementhpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5-->C:Program FilesHPDigital Imaginguninstallhpzscr01.exe -datfile hpqscr01.dat
HP Rhapsody-->C:PROGRA~1HPRHAP~1Unwise32.exe /A C:PROGRA~1HPRHAP~1install.log
HP Support Overview-->"C:WINDOWSunins000.exe"
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP Web Helper-->regsvr32 /u /s "C:WINDOWSpchealthhelpctrVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USpluginWebHelper.dll"
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lexmark X6100 Series-->C:WINDOWSsystem32spooldriversw32x863LXBFUN5C.EXE -dLexmark X6100 Series
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:WINDOWSMicrosoft.NETFrameworkv1.1.4322Updateshotfix.exe" "C:WINDOWSMicrosoft.NETFrameworkv1.1.4322UpdatesM928366M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:WINDOWS$NtServicePackUninstallIDNMitigationAPIs$spuninstspuninst.exe"
Microsoft Money 2006-->"C:Program FilesMicrosoft Money 2006MNYCoreFilesSetupuninst.exe" /s:120
Microsoft National Language Support Downlevel APIs-->"C:WINDOWS$NtServicePackUninstallNLSDownlevelMapping$spuninstspuninst.exe"
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher 2007-->"C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe" /uninstall PUBLISHERR /dll OSETUP.DLL
Microsoft Office Publisher 2007-->MsiExec.exe /X{91120000-0019-0000-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Opera 9.62-->MsiExec.exe /X{8318FEFD-F467-44D6-82B8-129374BFE9B1}
Panda ActiveScan 2.0-->C:Program FilesPanda SecurityActiveScan 2.0as2uninst.exe
Print to Fax-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{5BF2B19D-9C79-492A-8969-F059F06A627F}setup.exe" -l0x9 ControlPanel
Python 2.2 pywin32 extensions (build 203)-->"C:Python22Removepywin32.exe" -u "C:Python22pywin32-wininst.log"
Python 2.2.3-->C:Python22UNWISE.EXE C:Python22INSTALL.LOG
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer-->C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:PROGRA~1RhapsodyUnwise32.exe /A C:PROGRA~1RhapsodyINSTALL.LOG
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Step By Step Interactive Training (KB923723)-->"C:WINDOWS$NtUninstallKB923723$spuninstspuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:WINDOWSie7updatesKB938127-IE7spuninstspuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:WINDOWSie7updatesKB944533-IE7spuninstspuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:WINDOWSie7updatesKB950759-IE7spuninstspuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:WINDOWSie7updatesKB953838-IE7spuninstspuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:WINDOWSie7updatesKB956390-IE7spuninstspuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:WINDOWS$NtUninstallKB911564$spuninstspuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:WINDOWS$NtUninstallKB911565$spuninstspuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:WINDOWS$NtUninstallKB936782_WMP10$spuninstspuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:WINDOWS$NtUninstallKB925398_WMP64$spuninstspuninst.exe"
Security Update for Windows XP (KB890046)-->"C:WINDOWS$NtUninstallKB890046$spuninstspuninst.exe"
Security Update for Windows XP (KB893756)-->"C:WINDOWS$NtUninstallKB893756$spuninstspuninst.exe"
Security Update for Windows XP (KB896358)-->"C:WINDOWS$NtUninstallKB896358$spuninstspuninst.exe"
Security Update for Windows XP (KB896422)-->"C:WINDOWS$NtUninstallKB896422$spuninstspuninst.exe"
Security Update for Windows XP (KB896423)-->"C:WINDOWS$NtUninstallKB896423$spuninstspuninst.exe"
Security Update for Windows XP (KB896424)-->"C:WINDOWS$NtUninstallKB896424$spuninstspuninst.exe"
Security Update for Windows XP (KB896428)-->"C:WINDOWS$NtUninstallKB896428$spuninstspuninst.exe"
Security Update for Windows XP (KB899587)-->"C:WINDOWS$NtUninstallKB899587$spuninstspuninst.exe"
Security Update for Windows XP (KB899591)-->"C:WINDOWS$NtUninstallKB899591$spuninstspuninst.exe"
Security Update for Windows XP (KB900725)-->"C:WINDOWS$NtUninstallKB900725$spuninstspuninst.exe"
Security Update for Windows XP (KB901017)-->"C:WINDOWS$NtUninstallKB901017$spuninstspuninst.exe"
Security Update for Windows XP (KB901214)-->"C:WINDOWS$NtUninstallKB901214$spuninstspuninst.exe"
Security Update for Windows XP (KB902400)-->"C:WINDOWS$NtUninstallKB902400$spuninstspuninst.exe"
Security Update for Windows XP (KB904706)-->"C:WINDOWS$NtUninstallKB904706$spuninstspuninst.exe"
Security Update for Windows XP (KB905414)-->"C:WINDOWS$NtUninstallKB905414$spuninstspuninst.exe"
Security Update for Windows XP (KB905749)-->"C:WINDOWS$NtUninstallKB905749$spuninstspuninst.exe"
Security Update for Windows XP (KB905915)-->"C:WINDOWS$NtUninstallKB905915$spuninstspuninst.exe"
Security Update for Windows XP (KB908519)-->"C:WINDOWS$NtUninstallKB908519$spuninstspuninst.exe"
Security Update for Windows XP (KB911562)-->"C:WINDOWS$NtUninstallKB911562$spuninstspuninst.exe"
Security Update for Windows XP (KB911927)-->"C:WINDOWS$NtUninstallKB911927$spuninstspuninst.exe"
Security Update for Windows XP (KB912919)-->"C:WINDOWS$NtUninstallKB912919$spuninstspuninst.exe"
Security Update for Windows XP (KB913580)-->"C:WINDOWS$NtUninstallKB913580$spuninstspuninst.exe"
Security Update for Windows XP (KB914388)-->"C:WINDOWS$NtUninstallKB914388$spuninstspuninst.exe"
Security Update for Windows XP (KB914389)-->"C:WINDOWS$NtUninstallKB914389$spuninstspuninst.exe"
Security Update for Windows XP (KB918118)-->"C:WINDOWS$NtUninstallKB918118$spuninstspuninst.exe"
Security Update for Windows XP (KB918439)-->"C:WINDOWS$NtUninstallKB918439$spuninstspuninst.exe"
Security Update for Windows XP (KB919007)-->"C:WINDOWS$NtUninstallKB919007$spuninstspuninst.exe"
Security Update for Windows XP (KB920213)-->"C:WINDOWS$NtUninstallKB920213$spuninstspuninst.exe"
Security Update for Windows XP (KB920670)-->"C:WINDOWS$NtUninstallKB920670$spuninstspuninst.exe"
Security Update for Windows XP (KB920683)-->"C:WINDOWS$NtUninstallKB920683$spuninstspuninst.exe"
Security Update for Windows XP (KB920685)-->"C:WINDOWS$NtUninstallKB920685$spuninstspuninst.exe"
Security Update for Windows XP (KB922819)-->"C:WINDOWS$NtUninstallKB922819$spuninstspuninst.exe"
Security Update for Windows XP (KB923191)-->"C:WINDOWS$NtUninstallKB923191$spuninstspuninst.exe"
Security Update for Windows XP (KB923414)-->"C:WINDOWS$NtUninstallKB923414$spuninstspuninst.exe"
Security Update for Windows XP (KB923689)-->"C:WINDOWS$NtUninstallKB923689$spuninstspuninst.exe"
Security Update for Windows XP (KB923980)-->"C:WINDOWS$NtUninstallKB923980$spuninstspuninst.exe"
Security Update for Windows XP (KB924270)-->"C:WINDOWS$NtUninstallKB924270$spuninstspuninst.exe"
Security Update for Windows XP (KB924496)-->"C:WINDOWS$NtUninstallKB924496$spuninstspuninst.exe"
Security Update for Windows XP (KB924667)-->"C:WINDOWS$NtUninstallKB924667$spuninstspuninst.exe"
Security Update for Windows XP (KB925902)-->"C:WINDOWS$NtUninstallKB925902$spuninstspuninst.exe"
Security Update for Windows XP (KB926255)-->"C:WINDOWS$NtUninstallKB926255$spuninstspuninst.exe"
Security Update for Windows XP (KB926436)-->"C:WINDOWS$NtUninstallKB926436$spuninstspuninst.exe"
Security Update for Windows XP (KB927779)-->"C:WINDOWS$NtUninstallKB927779$spuninstspuninst.exe"
Security Update for Windows XP (KB927802)-->"C:WINDOWS$NtUninstallKB927802$spuninstspuninst.exe"
Security Update for Windows XP (KB928255)-->"C:WINDOWS$NtUninstallKB928255$spuninstspuninst.exe"
Security Update for Windows XP (KB928843)-->"C:WINDOWS$NtUninstallKB928843$spuninstspuninst.exe"
Security Update for Windows XP (KB929123)-->"C:WINDOWS$NtUninstallKB929123$spuninstspuninst.exe"
Security Update for Windows XP (KB930178)-->"C:WINDOWS$NtUninstallKB930178$spuninstspuninst.exe"
Security Update for Windows XP (KB931261)-->"C:WINDOWS$NtUninstallKB931261$spuninstspuninst.exe"
Security Update for Windows XP (KB931784)-->"C:WINDOWS$NtUninstallKB931784$spuninstspuninst.exe"
Security Update for Windows XP (KB932168)-->"C:WINDOWS$NtUninstallKB932168$spuninstspuninst.exe"
Security Update for Windows XP (KB933729)-->"C:WINDOWS$NtUninstallKB933729$spuninstspuninst.exe"
Security Update for Windows XP (KB935839)-->"C:WINDOWS$NtUninstallKB935839$spuninstspuninst.exe"
Security Update for Windows XP (KB935840)-->"C:WINDOWS$NtUninstallKB935840$spuninstspuninst.exe"
Security Update for Windows XP (KB936021)-->"C:WINDOWS$NtUninstallKB936021$spuninstspuninst.exe"
Security Update for Windows XP (KB938127)-->"C:WINDOWS$NtUninstallKB938127$spuninstspuninst.exe"
Security Update for Windows XP (KB938464)-->"C:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe"
Security Update for Windows XP (KB941202)-->"C:WINDOWS$NtUninstallKB941202$spuninstspuninst.exe"
Security Update for Windows XP (KB941568)-->"C:WINDOWS$NtUninstallKB941568$spuninstspuninst.exe"
Security Update for Windows XP (KB941569)-->"C:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe"
Security Update for Windows XP (KB941644)-->"C:WINDOWS$NtUninstallKB941644$spuninstspuninst.exe"
Security Update for Windows XP (KB941693)-->"C:WINDOWS$NtUninstallKB941693$spuninstspuninst.exe"
Security Update for Windows XP (KB943055)-->"C:WINDOWS$NtUninstallKB943055$spuninstspuninst.exe"
Security Update for Windows XP (KB943460)-->"C:WINDOWS$NtUninstallKB943460$spuninstspuninst.exe"
Security Update for Windows XP (KB943485)-->"C:WINDOWS$NtUninstallKB943485$spuninstspuninst.exe"
Security Update for Windows XP (KB944338)-->"C:WINDOWS$NtUninstallKB944338$spuninstspuninst.exe"
Security Update for Windows XP (KB944653)-->"C:WINDOWS$NtUninstallKB944653$spuninstspuninst.exe"
Security Update for Windows XP (KB945553)-->"C:WINDOWS$NtUninstallKB945553$spuninstspuninst.exe"
Security Update for Windows XP (KB946026)-->"C:WINDOWS$NtUninstallKB946026$spuninstspuninst.exe"
Security Update for Windows XP (KB946648)-->"C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe"
Security Update for Windows XP (KB947864)-->"C:WINDOWS$NtUninstallKB947864$spuninstspuninst.exe"
Security Update for Windows XP (KB948590)-->"C:WINDOWS$NtUninstallKB948590$spuninstspuninst.exe"
Security Update for Windows XP (KB948881)-->"C:WINDOWS$NtUninstallKB948881$spuninstspuninst.exe"
Security Update for Windows XP (KB950749)-->"C:WINDOWS$NtUninstallKB950749$spuninstspuninst.exe"
Security Update for Windows XP (KB950760)-->"C:WINDOWS$NtUninstallKB950760$spuninstspuninst.exe"
Security Update for Windows XP (KB950762)-->"C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe"
Security Update for Windows XP (KB950974)-->"C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe"
Security Update for Windows XP (KB951066)-->"C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe"
Security Update for Windows XP (KB951376)-->"C:WINDOWS$NtUninstallKB951376$spuninstspuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe"
Security Update for Windows XP (KB951698)-->"C:WINDOWS$NtUninstallKB951698$spuninstspuninst.exe"
Security Update for Windows XP (KB951748)-->"C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe"
Security Update for Windows XP (KB952954)-->"C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe"
Security Update for Windows XP (KB953839)-->"C:WINDOWS$NtUninstallKB953839$spuninstspuninst.exe"
Security Update for Windows XP (KB954211)-->"C:WINDOWS$NtUninstallKB954211$spuninstspuninst.exe"
Security Update for Windows XP (KB955069)-->"C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe"
Security Update for Windows XP (KB956391)-->"C:WINDOWS$NtUninstallKB956391$spuninstspuninst.exe"
Security Update for Windows XP (KB956803)-->"C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe"
Security Update for Windows XP (KB956841)-->"C:WINDOWS$NtUninstallKB956841$spuninstspuninst.exe"
Security Update for Windows XP (KB957095)-->"C:WINDOWS$NtUninstallKB957095$spuninstspuninst.exe"
Security Update for Windows XP (KB957097)-->"C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe"
Security Update for Windows XP (KB958644)-->"C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe"
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
The Print Shop Premier Edition 5.0-->C:WINDOWSuninst.exe -f"C:The Print Shop ProductsThe Print Shop Premier Edition 5.0DeIsL2.isu" -c"C:The Print Shop ProductsThe Print Shop Premier Edition 5.0psfinst.dll"
TWC User Controls-->MsiExec.exe /I{DCC72248-D3D2-4846-8499-A400053A430E}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Windows XP (KB898461)-->"C:WINDOWS$NtUninstallKB898461$spuninstspuninst.exe"
Update for Windows XP (KB900485)-->"C:WINDOWS$NtUninstallKB900485$spuninstspuninst.exe"
Update for Windows XP (KB904942)-->"C:WINDOWS$NtUninstallKB904942$spuninstspuninst.exe"
Update for Windows XP (KB908531)-->"C:WINDOWS$NtUninstallKB908531$spuninstspuninst.exe"
Update for Windows XP (KB910437)-->"C:WINDOWS$NtUninstallKB910437$spuninstspuninst.exe"
Update for Windows XP (KB911280)-->"C:WINDOWS$NtUninstallKB911280$spuninstspuninst.exe"
Update for Windows XP (KB912945)-->"C:WINDOWS$NtUninstallKB912945$spuninstspuninst.exe"
Update for Windows XP (KB916595)-->"C:WINDOWS$NtUninstallKB916595$spuninstspuninst.exe"
Update for Windows XP (KB920872)-->"C:WINDOWS$NtUninstallKB920872$spuninstspuninst.exe"
Update for Windows XP (KB922582)-->"C:WINDOWS$NtUninstallKB922582$spuninstspuninst.exe"
Update for Windows XP (KB927891)-->"C:WINDOWS$NtUninstallKB927891$spuninstspuninst.exe"
Update for Windows XP (KB930916)-->"C:WINDOWS$NtUninstallKB930916$spuninstspuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:WINDOWS$NtUninstallKB932823-v3$spuninstspuninst.exe"
Update for Windows XP (KB936357)-->"C:WINDOWS$NtUninstallKB936357$spuninstspuninst.exe"
Update for Windows XP (KB938828)-->"C:WINDOWS$NtUninstallKB938828$spuninstspuninst.exe"
Update for Windows XP (KB942763)-->"C:WINDOWS$NtUninstallKB942763$spuninstspuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:WINDOWS$NtUninstallKB951072-v2$spuninstspuninst.exe"
Update for Windows XP (KB951978)-->"C:WINDOWS$NtUninstallKB951978$spuninstspuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:WINDOWS$MSI31Uninstall_KB893803v2$spuninstspuninst.exe"
Windows Internet Explorer 7-->"C:WINDOWSie7spuninstspuninst.exe"
Windows Media Format 11 runtime-->"C:Program FilesWindows Media Playerwmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe"
Windows Media Player 10-->"C:Program FilesWindows Media PlayerSetup_wm.exe" /Uninstall
Windows XP Hotfix - KB873339-->C:WINDOWS$NtUninstallKB873339$spuninstspuninst.exe
Windows XP Hotfix - KB883667-->C:WINDOWS$NtUninstallKB883667$spuninstspuninst.exe
Windows XP Hotfix - KB885250-->C:WINDOWS$NtUninstallKB885250$spuninstspuninst.exe
Windows XP Hotfix - KB885835-->C:WINDOWS$NtUninstallKB885835$spuninstspuninst.exe
Windows XP Hotfix - KB885836-->C:WINDOWS$NtUninstallKB885836$spuninstspuninst.exe
Windows XP Hotfix - KB886185-->C:WINDOWS$NtUninstallKB886185$spuninstspuninst.exe
Windows XP Hotfix - KB887472-->C:WINDOWS$NtUninstallKB887472$spuninstspuninst.exe
Windows XP Hotfix - KB887742-->C:WINDOWS$NtUninstallKB887742$spuninstspuninst.exe
Windows XP Hotfix - KB888113-->C:WINDOWS$NtUninstallKB888113$spuninstspuninst.exe
Windows XP Hotfix - KB888239-->C:WINDOWS$NtUninstallKB888239$spuninstspuninst.exe
Windows XP Hotfix - KB888302-->C:WINDOWS$NtUninstallKB888302$spuninstspuninst.exe
Windows XP Hotfix - KB890175-->C:WINDOWS$NtUninstallKB890175$spuninstspuninst.exe
Windows XP Hotfix - KB890859-->"C:WINDOWS$NtUninstallKB890859$spuninstspuninst.exe"
Windows XP Hotfix - KB891781-->C:WINDOWS$NtUninstallKB891781$spuninstspuninst.exe
Windows XP Hotfix - KB892050-->"C:WINDOWS$NtUninstallKB892050$spuninstspuninst.exe"
Windows XP Hotfix - KB893066-->"C:WINDOWS$NtUninstallKB893066$spuninstspuninst.exe"

======Security center information======

AV: AVG Anti-Virus Free (outdated)
AV: CA Anti-Virus (disabled) (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%system32cmd.exe
"Path"=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;c:Python22;C:Program FilesATI TechnologiesATI Control Panel;C:Program FilesQuickTimeQTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0604
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%TEMP
"TMP"=%SystemRoot%TEMP
"SonicCentral"=c:Program FilesCommon FilesSonic SharedSonic Central
"CLASSPATH"=.;C:Program FilesJavajre1.6.0_05libextQTJava.zip
"QTJAVA"=C:Program FilesJavajre1.6.0_05libextQTJava.zip
"SAFEBOOT_OPTION"=MINIMAL

-----------------EOF-----------------


JumptoConclusions - 22-11-2008 at 23:04

Ok, I ran it again and prodiced the logfile, sorry for the info file above.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-11-22 17:02:12
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 83 GB (77%) free of 107 GB
Total RAM: 446 MB (17% free)

HijackThis download failed

======Scheduled tasks folder======

C:WINDOWStasksAppleSoftwareUpdate.job
C:WINDOWStasksCAAntiSpywareScan_Daily as Compaq_Owner at 8 01 PM.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:Program FilesAVGAVG8avgssie.dll [2008-08-30 455960]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:Program FilesJavajre1.6.0_07binssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:WINDOWSpchealthhelpctrVendorsCN=Hewlett-Packard []

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
"RTHDCPL"=C:WINDOWSRTHDCPL.EXE [2006-03-08 16010240]
"Recguard"=C:WINDOWSSMINSTRECGUARD.EXE [2005-07-22 237568]
"PCDrProfiler"= []
"HPBootOp"=C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe [2006-02-15 249856]
"Lexmark X6100 Series"=C:Program FilesLexmark X6100 Serieslxbfbmgr.exe [2003-09-23 57344]
"HP Software Update"=C:Program FilesHpHP Software UpdateHPWuSchd2.exe [2007-05-08 54840]
"QuickTime Task"=C:Program FilesQuickTimeqttask.exe [2008-03-28 413696]
"AVG8_TRAY"=C:PROGRA~1AVGAVG8avgtray.exe [2008-10-04 1234712]
"cctray"=C:Program FilesCACA Internet Security Suitecctraycctray.exe [2007-08-16 177416]
"QOELOADER"=C:Program FilesCACA Internet Security SuiteCA Anti-SpamQSP-5.1.18.0QOELoader.exe [2008-11-18 14088]
"CAVRID"=C:Program FilesCACA Internet Security SuiteCA Anti-VirusCAVRID.exe [2007-08-20 230664]
"cafwc"=C:Program FilesCACA Internet Security SuiteCA Personal Firewallcafw.exe [2008-02-05 1193224]
"capfasem"=C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfasem.exe [2008-02-05 173320]
""= []
"capfupgrade"=C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfupgrade.exe [2008-02-05 259336]
"SunJavaUpdateSched"=C:Program FilesJavajre1.6.0_07binjusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
"ctfmon.exe"=C:WINDOWSsystem32ctfmon.exe [2004-08-04 15360]
"MSMSGS"=C:Program FilesMessengermsmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^CompaqConnections.lnk]
C:PROGRA~1COMPAQ~15577497ProgramCOMPAQ~1.EXE [2006-05-19 36903]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
Adobe Reader Speed Launch.lnk - C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
Google Updater.lnk - C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe

C:Documents and SettingsAdministratorStart MenuProgramsStartup
Pin.lnk - C:hpbinCLOAKER.EXE

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2006-02-07 61440]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyPFW]
C:WINDOWSsystem32UmxWnp.Dll [2007-05-18 79368]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
"notification packages"=
scecli
scecli
scecli

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaawservice]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkaawservice]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesCompaq Connections5577497ProgramCompaq Connections.exe"="C:Program FilesCompaq Connections5577497ProgramCompaq Connections.exe:*:Enabled:Compaq Connections"
"C:Program FilesEarthLink TotalAccessTaskPanl.exe"="C:Program FilesEarthLink TotalAccessTaskPanl.exe:*:Enabled:Earthlink"
"C:Program FilesYahoo!MessengerYahooMessenger.exe"="C:Program FilesYahoo!MessengerYahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:Program FilesYahoo!MessengerYServer.exe"="C:Program FilesYahoo!MessengerYServer.exe:*:Enabled:Yahoo! FT Server"
"C:Program FilesBonjourmDNSResponder.exe"="C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour"
"C:Program FilesiTunesiTunes.exe"="C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes"
"C:Program FilesAVGAVG8avgupd.exe"="C:Program FilesAVGAVG8avgupd.exe:*:Enabled:avgupd.exe"
"C:Program FilesAVGAVG8avgemc.exe"="C:Program FilesAVGAVG8avgemc.exe:*:Enabled:avgemc.exe"

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesCompaq Connections5577497ProgramCompaq Connections.exe"="C:Program FilesCompaq Connections5577497ProgramCompaq Connections.exe:*:Enabled:Compaq Connections"

======List of files/folders created in the last 1 months======

2008-11-22 16:44:45 ----D---- C:Program Filestrend micro
2008-11-22 16:44:38 ----D---- C:rsit
2008-11-22 15:55:24 ----ASH---- C:Documents and SettingsAdministratorApplication Datadesktop.ini
2008-11-22 15:54:57 ----D---- C:Documents and SettingsAdministratorApplication DataIdentities
2008-11-22 15:54:56 ----SD---- C:Documents and SettingsAdministratorApplication DataMicrosoft
2008-11-22 15:54:56 ----D---- C:Documents and SettingsAdministratorApplication DataReal
2008-11-22 15:54:56 ----D---- C:Documents and SettingsAdministratorApplication DataIntuit
2008-11-19 20:47:02 ----D---- C:Program FilesPanda Security
2008-11-19 18:39:21 ----A---- C:WINDOWSntbtlog.txt
2008-11-19 18:16:11 ----D---- C:Program FilesOpera
2008-11-18 20:01:52 ----A---- C:WINDOWSsystem32vetredir.dll
2008-11-18 20:01:52 ----A---- C:WINDOWSsystem32isafprod.dll
2008-11-18 20:01:52 ----A---- C:WINDOWSsystem32isafeif.dll
2008-11-18 20:01:30 ----D---- C:Program FilesCommon FilesScanner
2008-11-18 20:00:58 ----D---- C:Program FilesCA
2008-11-16 16:08:47 ----HDC---- C:WINDOWS$NtUninstallKB957097$
2008-11-16 16:06:13 ----HDC---- C:WINDOWS$NtUninstallKB955069$
2008-11-02 15:20:00 ----A---- C:WINDOWSsystem32GEAR32SD.DLL
2008-10-25 00:22:31 ----HDC---- C:WINDOWS$NtUninstallKB958644$
2008-10-24 17:18:38 ----D---- C:Documents and SettingsAll UsersApplication DataTrymedia
2008-10-24 16:32:11 ----D---- C:Program FilesDeer Drive

======List of files/folders modified in the last 1 months======

2008-11-22 16:44:45 ----D---- C:Program Files
2008-11-22 15:54:52 ----D---- C:Documents and Settings
2008-11-22 15:51:32 ----A---- C:WINDOWSSchedLgU.Txt
2008-11-22 15:50:12 ----D---- C:WINDOWSTemp
2008-11-22 15:46:19 ----D---- C:WINDOWSsystem32
2008-11-22 15:46:19 ----AD---- C:WINDOWS
2008-11-22 13:34:58 ----D---- C:WINDOWSPrefetch
2008-11-22 11:43:43 ----D---- C:WINDOWSsystem32Lang
2008-11-21 17:05:45 ----A---- C:WINDOWSlexstat.ini
2008-11-20 18:45:29 ----HD---- C:WINDOWSinf
2008-11-20 18:45:25 ----D---- C:WINDOWSsystem32CatRoot2
2008-11-20 06:42:29 ----D---- C:Program FilesWebIQ
2008-11-19 21:55:59 ----SHD---- C:WINDOWSInstaller
2008-11-19 21:53:45 ----SD---- C:WINDOWSDownloaded Program Files
2008-11-19 20:47:11 ----D---- C:WINDOWSsystem32drivers
2008-11-19 18:58:35 ----HD---- C:$AVG8.VAULT$
2008-11-19 18:26:55 ----SHD---- C:System Volume Information
2008-11-19 18:26:55 ----D---- C:WINDOWSsystem32Restore
2008-11-18 21:46:37 ----D---- C:WINDOWSsecurity
2008-11-18 20:15:23 ----D---- C:Documents and SettingsAll UsersApplication DataCA
2008-11-18 20:14:21 ----A---- C:caisslog.txt
2008-11-18 20:02:42 ----D---- C:WINDOWSWinSxS
2008-11-18 20:01:56 ----A---- C:caavsetupLog.txt
2008-11-18 20:01:38 ----SD---- C:WINDOWSTasks
2008-11-18 20:01:30 ----D---- C:Program FilesCommon Files
2008-11-16 20:41:06 ----D---- C:Program FilesGoogle
2008-11-16 20:41:05 ----D---- C:Documents and SettingsAll UsersApplication DataGoogle
2008-11-16 20:17:59 ----D---- C:Documents and SettingsAll UsersApplication Dataavg8
2008-11-16 16:12:47 ----D---- C:Documents and SettingsAll UsersApplication DataMicrosoft Help
2008-11-16 16:08:49 ----RSHD---- C:WINDOWSsystem32dllcache
2008-11-16 16:08:37 ----HD---- C:WINDOWS$hf_mig$
2008-11-16 16:06:26 ----A---- C:WINDOWSimsins.BAK
2008-11-12 20:00:50 ----D---- C:Program FilesLexmark X6100 Series
2008-11-03 18:10:25 ----A---- C:WINDOWSsystem32MRT.exe
2008-11-02 17:14:26 ----D---- C:WINDOWSsystem32FxsTmp
2008-11-02 15:47:05 ----A---- C:WINDOWSsystem32PerfStringBackup.INI
2008-11-02 11:40:56 ----D---- C:WINDOWSHelp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:WINDOWSsystem32driversVETFDDNT.sys [2007-08-20 21512]
R3 GEARAspiWDM;GEARAspiWDM; C:WINDOWSSystem32DriversGEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-08 138752]
R3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2005-03-31 27008]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbohci.sys [2004-08-04 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-04 25856]
S1 AvgLdx86;AVG AVI Loader Driver x86; C:WINDOWSSystem32Driversavgldx86.sys [2008-08-30 97928]
S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:WINDOWSSystem32Driversavgmfx86.sys [2008-07-04 26824]
S1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-04 36096]
S1 KmxAgent;KmxAgent; C:WINDOWSSystem32DRIVERSkmxagent.sys [2007-05-18 61960]
S1 KmxFile;KmxFile; C:WINDOWSSystem32DRIVERSKmxFile.sys [2007-05-18 45064]
S1 KmxFw;KmxFw; C:WINDOWSSystem32DRIVERSkmxfw.sys [2007-10-18 114704]
S1 VETEFILE;VET File Scan Engine; C:WINDOWSsystem32driversVETEFILE.sys [2007-08-20 879784]
S1 VET-FILT;VET File System Filter; C:WINDOWSsystem32driversVET-FILT.sys [2007-08-20 26376]
S1 VETMONNT;VET File Monitor; C:WINDOWSsystem32driversVETMONNT.sys [2007-08-20 32264]
S1 VET-REC;VET File System Recognizer; C:WINDOWSsystem32driversVET-REC.sys [2007-08-20 21128]
S2 AvgTdiX;AVG8 Network Redirector; C:WINDOWSSystem32Driversavgtdix.sys [2008-07-04 76040]
S2 KmxCF;KmxCF; C:WINDOWSSystem32DRIVERSKmxCF.sys [2007-10-18 134672]
S2 KmxSbx;KmxSbx; C:WINDOWSSystem32DRIVERSKmxSbx.sys [2007-11-02 65552]
S2 MCSTRM;MCSTRM; C:WINDOWSsystem32driversMCSTRM.sys []
S3 AgereSoftModem;Agere Systems Soft Modem; C:WINDOWSsystem32DRIVERSAGRSM.sys [2006-01-25 1149888]
S3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2006-02-07 1480704]
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 ICAM3NT5;Intel USB Video Camera III; C:WINDOWSSystem32DriversIcam3.sys [2001-08-17 141056]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2006-03-08 4246016]
S3 IPN2120;Instant Wireless-B PCI Adapter Driver; C:WINDOWSsystem32DRIVERSLSIPNDS.sys [2003-06-24 95232]
S3 KmxCfg;KmxCfg; C:WINDOWSSystem32DRIVERSkmxcfg.sys [2007-09-13 88840]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtnicxp.sys [2006-01-18 80512]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:WINDOWSSystem32Driversusbaapl.sys [2007-10-31 30464]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 usbstor;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-04 20480]
S3 VETEBOOT;VET Boot Scan Engine; C:WINDOWSsystem32driversVETEBOOT.sys [2007-08-20 108312]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:Program FilesLavasoftAd-Awareaawservice.exe [2008-10-04 611664]
S2 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe [2007-09-06110592]
S2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2006-02-07 405504]
S2 avg8emc;AVG8 E-mail Scanner; C:PROGRA~1AVGAVG8avgemc.exe [2008-08-30 875288]
S2 avg8wd;AVG8 WatchDog; C:PROGRA~1AVGAVG8avgwdsvc.exe [2008-08-30 231704]
S2 Bonjour Service;Bonjour Service; C:Program FilesBonjourmDNSResponder.exe [2007-07-24 229376]
S2 CAISafe;CAISafe; C:Program FilesCACA Internet Security SuiteCA Anti-VirusISafe.exe [2007-08-20 144960]
S2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:Program FilesCASharedComponentsPPRTbinITMRTSVC.exe [2007-01-04 280080]
S2 LexBceS;LexBce Server; C:WINDOWSsystem32LEXBCES.EXE [2003-09-22 303104]
S2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-20 322120]
S2 UmxAgent;HIPS Event Manager; C:Program FilesCASharedComponentsHIPSEngineUmxAgent.exe [2007-10-18 1010192]
S2 UmxCfg;HIPS Configuration Interpreter; C:Program FilesCASharedComponentsHIPSEngineUmxCfg.exe [2007-10-18 801296]
S2 UmxFwHlp;HIPS Firewall Helper; C:Program FilesCASharedComponentsHIPSEngineUmxFwHlp.exe [2007-10-18 145936]
S2 UmxPol;HIPS Policy Manager; C:Program FilesCASharedComponentsHIPSEngineUmxPol.exe [2007-05-18 275976]
S2 VETMSGNT;VET Message Service; C:Program FilesCACA Internet Security SuiteCA Anti-VirusVetMsg.exe [2007-08-20 242952]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_state.exe [2004-07-15 32768]
S3 CaCCProvSP;CaCCProvSP; C:Program FilesCACA Internet Security Suiteccprovsp.exe [2007-08-16 214280]
S3 Fax;Fax; C:WINDOWSsystem32fxssvc.exe [2004-08-04 267776]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:Program FilesiPodbiniPodService.exe [2008-03-30 504104]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 PPCtlPriv;PPCtlPriv; C:Program FilesCACA Internet Security SuiteCA Anti-SpywarePPCtlPriv.exe [2007-08-16 189704]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:Program FilesCommon Filessupportsoftbinssrc.exe [2007-12-11 382320]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-04 14336]

-----------------EOF-----------------


Pancake - 22-11-2008 at 23:04

I cant read it while its scrolling.Can you make sure your BBcode is turned off.


JumptoConclusions - 22-11-2008 at 23:07

Ok, I posted the remainder...very strange. The text is rolling across the screen.


JumptoConclusions - 22-11-2008 at 23:08

Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-11-22 17:02:12
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 83 GB (77%) free of 107 GB
Total RAM: 446 MB (17% free)

HijackThis download failed

======Scheduled tasks folder======

C:WINDOWStasksAppleSoftwareUpdate.job
C:WINDOWStasksCAAntiSpywareScan_Daily as Compaq_Owner at 8 01 PM.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:Program FilesAVGAVG8avgssie.dll [2008-08-30 455960]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:Program FilesJavajre1.6.0_07binssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:WINDOWSpchealthhelpctrVendorsCN=Hewlett-Packard []

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
"RTHDCPL"=C:WINDOWSRTHDCPL.EXE [2006-03-08 16010240]
"Recguard"=C:WINDOWSSMINSTRECGUARD.EXE [2005-07-22 237568]
"PCDrProfiler"= []
"HPBootOp"=C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe [2006-02-15 249856]
"Lexmark X6100 Series"=C:Program FilesLexmark X6100 Serieslxbfbmgr.exe [2003-09-23 57344]
"HP Software Update"=C:Program FilesHpHP Software UpdateHPWuSchd2.exe [2007-05-08 54840]
"QuickTime Task"=C:Program FilesQuickTimeqttask.exe [2008-03-28 413696]
"AVG8_TRAY"=C:PROGRA~1AVGAVG8avgtray.exe [2008-10-04 1234712]
"cctray"=C:Program FilesCACA Internet Security Suitecctraycctray.exe [2007-08-16 177416]
"QOELOADER"=C:Program FilesCACA Internet Security SuiteCA Anti-SpamQSP-5.1.18.0QOELoader.exe [2008-11-18 14088]
"CAVRID"=C:Program FilesCACA Internet Security SuiteCA Anti-VirusCAVRID.exe [2007-08-20 230664]
"cafwc"=C:Program FilesCACA Internet Security SuiteCA Personal Firewallcafw.exe [2008-02-05 1193224]
"capfasem"=C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfasem.exe [2008-02-05 173320]
""= []
"capfupgrade"=C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfupgrade.exe [2008-02-05 259336]
"SunJavaUpdateSched"=C:Program FilesJavajre1.6.0_07binjusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
"ctfmon.exe"=C:WINDOWSsystem32ctfmon.exe [2004-08-04 15360]
"MSMSGS"=C:Program FilesMessengermsmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^CompaqConnections.lnk]
C:PROGRA~1COMPAQ~15577497ProgramCOMPAQ~1.EXE [2006-05-19 36903]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
Adobe Reader Speed Launch.lnk - C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
Google Updater.lnk - C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe

C:Documents and SettingsAdministratorStart MenuProgramsStartup
Pin.lnk - C:hpbinCLOAKER.EXE

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2006-02-07 61440]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyPFW]
C:WINDOWSsystem32UmxWnp.Dll [2007-05-18 79368]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
"notification packages"=
scecli
scecli
scecli

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaawservice]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkaawservice]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesCompaq Connections5577497ProgramCompaq Connections.exe"="C:Program FilesCompaq Connections5577497ProgramCompaq Connections.exe:*:Enabled:Compaq Connections"
"C:Program FilesEarthLink TotalAccessTaskPanl.exe"="C:Program FilesEarthLink TotalAccessTaskPanl.exe:*:Enabled:Earthlink"
"C:Program FilesYahoo!MessengerYahooMessenger.exe"="C:Program FilesYahoo!MessengerYahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:Program FilesYahoo!MessengerYServer.exe"="C:Program FilesYahoo!MessengerYServer.exe:*:Enabled:Yahoo! FT Server"
"C:Program FilesBonjourmDNSResponder.exe"="C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour"
"C:Program FilesiTunesiTunes.exe"="C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes"
"C:Program FilesAVGAVG8avgupd.exe"="C:Program FilesAVGAVG8avgupd.exe:*:Enabled:avgupd.exe"
"C:Program FilesAVGAVG8avgemc.exe"="C:Program FilesAVGAVG8avgemc.exe:*:Enabled:avgemc.exe"

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesCompaq Connections5577497ProgramCompaq Connections.exe"="C:Program FilesCompaq Connections5577497ProgramCompaq Connections.exe:*:Enabled:Compaq Connections"

======List of files/folders created in the last 1 months======

2008-11-22 16:44:45 ----D---- C:Program Filestrend micro
2008-11-22 16:44:38 ----D---- C:rsit
2008-11-22 15:55:24 ----ASH---- C:Documents and SettingsAdministratorApplication Datadesktop.ini
2008-11-22 15:54:57 ----D---- C:Documents and SettingsAdministratorApplication DataIdentities
2008-11-22 15:54:56 ----SD---- C:Documents and SettingsAdministratorApplication DataMicrosoft
2008-11-22 15:54:56 ----D---- C:Documents and SettingsAdministratorApplication DataReal
2008-11-22 15:54:56 ----D---- C:Documents and SettingsAdministratorApplication DataIntuit
2008-11-19 20:47:02 ----D---- C:Program FilesPanda Security
2008-11-19 18:39:21 ----A---- C:WINDOWSntbtlog.txt
2008-11-19 18:16:11 ----D---- C:Program FilesOpera
2008-11-18 20:01:52 ----A---- C:WINDOWSsystem32vetredir.dll
2008-11-18 20:01:52 ----A---- C:WINDOWSsystem32isafprod.dll
2008-11-18 20:01:52 ----A---- C:WINDOWSsystem32isafeif.dll
2008-11-18 20:01:30 ----D---- C:Program FilesCommon FilesScanner
2008-11-18 20:00:58 ----D---- C:Program FilesCA
2008-11-16 16:08:47 ----HDC---- C:WINDOWS$NtUninstallKB957097$
2008-11-16 16:06:13 ----HDC---- C:WINDOWS$NtUninstallKB955069$
2008-11-02 15:20:00 ----A---- C:WINDOWSsystem32GEAR32SD.DLL
2008-10-25 00:22:31 ----HDC---- C:WINDOWS$NtUninstallKB958644$
2008-10-24 17:18:38 ----D---- C:Documents and SettingsAll UsersApplication DataTrymedia
2008-10-24 16:32:11 ----D---- C:Program FilesDeer Drive

======List of files/folders modified in the last 1 months======

2008-11-22 16:44:45 ----D---- C:Program Files
2008-11-22 15:54:52 ----D---- C:Documents and Settings
2008-11-22 15:51:32 ----A---- C:WINDOWSSchedLgU.Txt
2008-11-22 15:50:12 ----D---- C:WINDOWSTemp
2008-11-22 15:46:19 ----D---- C:WINDOWSsystem32
2008-11-22 15:46:19 ----AD---- C:WINDOWS
2008-11-22 13:34:58 ----D---- C:WINDOWSPrefetch
2008-11-22 11:43:43 ----D---- C:WINDOWSsystem32Lang
2008-11-21 17:05:45 ----A---- C:WINDOWSlexstat.ini
2008-11-20 18:45:29 ----HD---- C:WINDOWSinf
2008-11-20 18:45:25 ----D---- C:WINDOWSsystem32CatRoot2
2008-11-20 06:42:29 ----D---- C:Program FilesWebIQ
2008-11-19 21:55:59 ----SHD---- C:WINDOWSInstaller
2008-11-19 21:53:45 ----SD---- C:WINDOWSDownloaded Program Files
2008-11-19 20:47:11 ----D---- C:WINDOWSsystem32drivers
2008-11-19 18:58:35 ----HD---- C:$AVG8.VAULT$
2008-11-19 18:26:55 ----SHD---- C:System Volume Information
2008-11-19 18:26:55 ----D---- C:WINDOWSsystem32Restore
2008-11-18 21:46:37 ----D---- C:WINDOWSsecurity
2008-11-18 20:15:23 ----D---- C:Documents and SettingsAll UsersApplication DataCA
2008-11-18 20:14:21 ----A---- C:caisslog.txt
2008-11-18 20:02:42 ----D---- C:WINDOWSWinSxS
2008-11-18 20:01:56 ----A---- C:caavsetupLog.txt
2008-11-18 20:01:38 ----SD---- C:WINDOWSTasks
2008-11-18 20:01:30 ----D---- C:Program FilesCommon Files
2008-11-16 20:41:06 ----D---- C:Program FilesGoogle
2008-11-16 20:41:05 ----D---- C:Documents and SettingsAll UsersApplication DataGoogle
2008-11-16 20:17:59 ----D---- C:Documents and SettingsAll UsersApplication Dataavg8
2008-11-16 16:12:47 ----D---- C:Documents and SettingsAll UsersApplication DataMicrosoft Help
2008-11-16 16:08:49 ----RSHD---- C:WINDOWSsystem32dllcache
2008-11-16 16:08:37 ----HD---- C:WINDOWS$hf_mig$
2008-11-16 16:06:26 ----A---- C:WINDOWSimsins.BAK
2008-11-12 20:00:50 ----D---- C:Program FilesLexmark X6100 Series
2008-11-03 18:10:25 ----A---- C:WINDOWSsystem32MRT.exe
2008-11-02 17:14:26 ----D---- C:WINDOWSsystem32FxsTmp
2008-11-02 15:47:05 ----A---- C:WINDOWSsystem32PerfStringBackup.INI
2008-11-02 11:40:56 ----D---- C:WINDOWSHelp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:WINDOWSsystem32driversVETFDDNT.sys [2007-08-20 21512]
R3 GEARAspiWDM;GEARAspiWDM; C:WINDOWSSystem32DriversGEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-08 138752]
R3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2005-03-31 27008]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbohci.sys [2004-08-04 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-04 25856]
S1 AvgLdx86;AVG AVI Loader Driver x86; C:WINDOWSSystem32Driversavgldx86.sys [2008-08-30 97928]
S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:WINDOWSSystem32Driversavgmfx86.sys [2008-07-04 26824]
S1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-04 36096]
S1 KmxAgent;KmxAgent; C:WINDOWSSystem32DRIVERSkmxagent.sys [2007-05-18 61960]
S1 KmxFile;KmxFile; C:WINDOWSSystem32DRIVERSKmxFile.sys [2007-05-18 45064]
S1 KmxFw;KmxFw; C:WINDOWSSystem32DRIVERSkmxfw.sys [2007-10-18 114704]
S1 VETEFILE;VET File Scan Engine; C:WINDOWSsystem32driversVETEFILE.sys [2007-08-20 879784]
S1 VET-FILT;VET File System Filter; C:WINDOWSsystem32driversVET-FILT.sys [2007-08-20 26376]
S1 VETMONNT;VET File Monitor; C:WINDOWSsystem32driversVETMONNT.sys [2007-08-20 32264]
S1 VET-REC;VET File System Recognizer; C:WINDOWSsystem32driversVET-REC.sys [2007-08-20 21128]
S2 AvgTdiX;AVG8 Network Redirector; C:WINDOWSSystem32Driversavgtdix.sys [2008-07-04 76040]
S2 KmxCF;KmxCF; C:WINDOWSSystem32DRIVERSKmxCF.sys [2007-10-18 134672]
S2 KmxSbx;KmxSbx; C:WINDOWSSystem32DRIVERSKmxSbx.sys [2007-11-02 65552]
S2 MCSTRM;MCSTRM; C:WINDOWSsystem32driversMCSTRM.sys []
S3 AgereSoftModem;Agere Systems Soft Modem; C:WINDOWSsystem32DRIVERSAGRSM.sys [2006-01-25 1149888]
S3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2006-02-07 1480704]
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 ICAM3NT5;Intel USB Video Camera III; C:WINDOWSSystem32DriversIcam3.sys [2001-08-17 141056]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2006-03-08 4246016]
S3 IPN2120;Instant Wireless-B PCI Adapter Driver; C:WINDOWSsystem32DRIVERSLSIPNDS.sys [2003-06-24 95232]
S3 KmxCfg;KmxCfg; C:WINDOWSSystem32DRIVERSkmxcfg.sys [2007-09-13 88840]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtnicxp.sys [2006-01-18 80512]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:WINDOWSSystem32Driversusbaapl.sys [2007-10-31 30464]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 usbstor;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-04 20480]
S3 VETEBOOT;VET Boot Scan Engine; C:WINDOWSsystem32driversVETEBOOT.sys [2007-08-20 108312]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:Program FilesLavasoftAd-Awareaawservice.exe [2008-10-04 611664]
S2 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe [2007-09-06110592]
S2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2006-02-07 405504]
S2 avg8emc;AVG8 E-mail Scanner; C:PROGRA~1AVGAVG8avgemc.exe [2008-08-30 875288]
S2 avg8wd;AVG8 WatchDog; C:PROGRA~1AVGAVG8avgwdsvc.exe [2008-08-30 231704]
S2 Bonjour Service;Bonjour Service; C:Program FilesBonjourmDNSResponder.exe [2007-07-24 229376]
S2 CAISafe;CAISafe; C:Program FilesCACA Internet Security SuiteCA Anti-VirusISafe.exe [2007-08-20 144960]
S2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:Program FilesCASharedComponentsPPRTbinITMRTSVC.exe [2007-01-04 280080]
S2 LexBceS;LexBce Server; C:WINDOWSsystem32LEXBCES.EXE [2003-09-22 303104]
S2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-20 322120]
S2 UmxAgent;HIPS Event Manager; C:Program FilesCASharedComponentsHIPSEngineUmxAgent.exe [2007-10-18 1010192]
S2 UmxCfg;HIPS Configuration Interpreter; C:Program FilesCASharedComponentsHIPSEngineUmxCfg.exe [2007-10-18 801296]
S2 UmxFwHlp;HIPS Firewall Helper; C:Program FilesCASharedComponentsHIPSEngineUmxFwHlp.exe [2007-10-18 145936]
S2 UmxPol;HIPS Policy Manager; C:Program FilesCASharedComponentsHIPSEngineUmxPol.exe [2007-05-18 275976]
S2 VETMSGNT;VET Message Service; C:Program FilesCACA Internet Security SuiteCA Anti-VirusVetMsg.exe [2007-08-20 242952]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_state.exe [2004-07-15 32768]
S3 CaCCProvSP;CaCCProvSP; C:Program FilesCACA Internet Security Suiteccprovsp.exe [2007-08-16 214280]
S3 Fax;Fax; C:WINDOWSsystem32fxssvc.exe [2004-08-04 267776]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:Program FilesiPodbiniPodService.exe [2008-03-30 504104]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 PPCtlPriv;PPCtlPriv; C:Program FilesCACA Internet Security SuiteCA Anti-SpywarePPCtlPriv.exe [2007-08-16 189704]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:Program FilesCommon Filessupportsoftbinssrc.exe [2007-12-11 382320]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-04 14336]

-----------------EOF-----------------


Pancake - 22-11-2008 at 23:30

Well if there was any malware to be found,that would show up in there.Its clean.Not a thing.So you problem must be elsewhere.


JumptoConclusions - 22-11-2008 at 23:33

Ok, so is it a virus or something else? Where do I go from here?


Daz - 23-11-2008 at 00:54

Can you confirm you only have one anti-virus program running...?

I'm seeing AVG v8 and I'm also seeing mention of CA Security Suite. Although I'm wondering if CA hasn't uninstalled properly...? Does this sound like a possibility at all JtC...?


JumptoConclusions - 24-11-2008 at 00:28

Fair question. No, I was having these problems when I was running AVG only. I installed CA just to see if that would update.

Thing is, I can't access any AV or similar web site. This tells me I'm being redirected somehow, and it happens regardless of ehat browser I use.


Daz - 24-11-2008 at 00:57

Where are you being redirected to...?


JumptoConclusions - 24-11-2008 at 03:58

To be more precise, usually I get "page not found." When I started fighting the AV 2009, I was able to delete many of the files. At first when I typed in avg, symantec, majorgeeks, etc. another window would pop up and it would be different every time. Usually it looked like a MSN search page clone that listed AV products I never heard of.

Quick update. A friend suggested I change the name of an executable file and it just may run. Well, I tried it with AVG and it's running as we speak. I will try it next with Malwarebytes, combofix, and spybot.

This friend also walked me through how to show hidden files. Seems odd this infection is so sophisticated, but I can change the name of a file to "pizza" and it will launch.

Anyhow, everything else SEEMS to be stable, other than not being able to update AV, etc. or access Windows Update. I'll keep you posted. Thanks for your help and interest.


Pancake - 24-11-2008 at 05:41

If its the same virus I am thinking of you may also have to save it as Combo-Fix when you download it and not ComboFix.


JumptoConclusions - 26-11-2008 at 04:20

Wow, it was that easy. Thank you! Very long log, so I attached the file. If you want me to post the text, let me know. I was able to update AVG 8.0, and next I will run Malwarebytes.

Quick questions. I have turned system restore OFF, should I turn it back ON I assume? I also checked show hidden files, etc. Should I keep the hidden files open? Finally, it looks like Comboscan changed my clock setting. I don't want to touch that until I hear from you.


Pancake - 26-11-2008 at 05:07

Ok.That looks like its got rid of the problem.You should be fine now.

Quote:

Quick questions. I have turned system restore OFF, should I turn it back ON I assume? I also checked show hidden files, etc. Should I keep the hidden files open? Finally, it looks like Comboscan changed my clock setting. I don't want to touch that until I hear from you.


The clock will be reset back to normal when you do a reboot,also Combofix will also turn back on your Restore but just check after this.....

This will clear away any of the files and folders that were created by ComboFix.

Go to :
Start > Run then copy and paste the following highlighted text below into the box and click OK.



ComboFix /u


JumptoConclusions - 26-11-2008 at 14:26

Thanks again Pancake. Most infections have taken me an hour or so to eliminate. This one was creative, and I spent many hours trying to remove it. You are very, very good at what you do!!


Pancake - 26-11-2008 at 21:03

Your welcome.Glad to help.