Random Sound Clips, Malware. Help![RESOLVED]

ericagm · August 4, 2008

Hi,

I've recently been hearing sound clips that pop up at random times. I hear anything from music bits, to movie previews, etc. Spyware Doctor detects Trojan.Dowloader but cannot remove it. I don't know how to clean my computer of this malware. Someone, please help!

sarahw · August 5, 2008

Hi,

Please read this topic on how to post a Hijack This log:

http://www.besttechie.net/forums/How-To-Po...Log-t12175.html

Post a Hijack this log in a reply to this thread.

ericagm · August 6, 2008

Thank you for replying to me!!

Please let me know what the next steps are. I really appreciate your help in this.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:24:59 PM, on 8/6/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\afinding.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\Nobicyt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\routing.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Trend Micro\Antivirus\pccguide.exe

C:\Program Files\Trend Micro\Antivirus\PCClient.exe

C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe

C:\Program Files\TrojanHunter 5.0\THGuard.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe

C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wserving.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe

C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe

O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing)

O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe

--

End of file - 12080 bytes

sarahw · August 7, 2008

1.

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.

Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

2.

Click HERE and run an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
  - Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
  - Scan Options:
    Scan Archives
    Scan Mail Bases
[*]Click OK
[*]Now under select a target to scan:
- Select My Computer
[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
[*]Save the file to your desktop.
[*]Copy and paste that information into your next post.

3.

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform full scan (Full scan is optional. According to the program's creator Quick Scan will do just fine.).

Click Scan.

When the scan is complete, click OK, then Show Results to view the results.

If Malware is found...

Be sure that everything is checked, and click Remove Selected.

When completed, a log will open in Notepad.

Please save it to your desktop.

NOTE: Logs can be retrieved at a later date from the Malwarebytes' Anti-Malware main screen:

Launch Malwarebytes' Anti-Malware.

Click the Logs tab.

Double-click log-mm.dd.yyyy [xxxxxx].txt.

In your next reply post the Malwarebytes' Anti-Malware log.

ericagm · August 7, 2008

Thank you for the detailed steps. :thumbsup: Easy to follow.

Here are both logs,

Kaspersky first:

Thursday, August 7, 2008

Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Thursday, August 07, 2008 18:37:50

Records in database: 1067337

Scan settings

Scan using the following database extended

Scan archives yes

Scan mail databases yes

Scan area My Computer

C:\

D:\

E:\

Scan statistics

Files scanned 90765

Threat name 52

Infected objects 91

Suspicious objects 0

Duration of the scan 02:48:53

File name Threat name Threats count

C:\WINDOWS\system32\afinding.exe/C:\WINDOWS\system32\afinding.exe Infected: Trojan-Downloader.Win32.Delf.kyy 1

C:\WINDOWS\system32\Nobicyt.exe/C:\WINDOWS\system32\Nobicyt.exe Infected: Trojan-Downloader.Win32.Delf.llt 1

C:\WINDOWS\system32\routing.exe/C:\WINDOWS\system32\routing.exe Infected: Trojan.Win32.Agent.xuh 1

C:\WINDOWS\system32\wserving.exe/C:\WINDOWS\system32\wserving.exe Infected: Trojan-Downloader.Win32.Delf.lmf 1

C:\WINDOWS\system32\otaxyzd.sys/C:\WINDOWS\system32\otaxyzd.sys Infected: Trojan.Win32.DNSChanger.gyk 1

C:\WINDOWS\system32\sobicyt.exe/C:\WINDOWS\system32\sobicyt.exe Infected: Trojan-Downloader.Win32.Delf.lmw 1

C:\Documents and Settings\EricaGM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-526d3b9d.zip Infected: Exploit.Java.Gimsh.b 1

C:\Documents and Settings\EricaGM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-6a9bb2f0.zip Infected: Exploit.Java.Gimsh.b 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0087153.exe Infected: Trojan.Win32.Agent.rtf 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0087539.exe Infected: Trojan.Win32.Agent.rwl 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0087762.exe Infected: Trojan.Win32.Agent.vwd 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0090156.exe Infected: Trojan.Win32.Agent.suv 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0090218.exe Infected: Trojan.Win32.Agent.tgz 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0090775.exe Infected: Trojan.Win32.Agent.uvf 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0090928.exe Infected: Trojan.Win32.Agent.thb 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0091076.exe Infected: Trojan.Win32.Agent.vtw 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0091149.exe Infected: Trojan.Win32.Agent.vne 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0091313.exe Infected: Trojan.Win32.Agent.vum 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0091540.exe Infected: Trojan.Win32.Agent.vum 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\A0091782.exe Infected: Trojan.Win32.Agent.wgz 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\routing.exe Infected: Trojan.Win32.Agent.vne 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\routing.exe.vir Infected: Trojan.Win32.Agent.thb 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\routing0.exe Infected: Trojan.Win32.Agent.vum 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\routing1.exe Infected: Trojan.Win32.Agent.vum 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_162080289190.bk Infected: Trojan.Win32.Agent.vvx 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_177826118969.bk Infected: Trojan.Win32.Agent.ush 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_185308604937.bk Infected: Trojan.Win32.Agent.vly 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_323673469076.bk Infected: Trojan.Win32.Agent.vsv 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_32884366636.bk Infected: Trojan.Win32.Agent.tgz 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_368766403046.bk Infected: Trojan.Win32.Agent.scr 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_485723151761.bk Infected: Trojan.Win32.Agent.tgz 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_548726853151.bk Infected: Trojan.Win32.Agent.scr 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_616401712926.bk Infected: Trojan.Win32.Agent.vjk 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_666809771912.bk Infected: Trojan.Win32.Agent.tsn 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_6697375516.bk Infected: Trojan.Win32.Agent.tsn 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_673823582822.bk Infected: Trojan.Win32.Agent.tsn 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_684588680440.bk Infected: Trojan.Win32.Agent.swk 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_705336224.bk Infected: Trojan.Win32.Agent.tsn 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_716600111440.bk Infected: Trojan.Win32.Agent.tgz 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_748426144549.bk Infected: Trojan.Win32.Agent.vly 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_762229506482.bk Infected: Trojan.Win32.Agent.scr 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_810606324587.bk Infected: Trojan.Win32.Agent.tgz 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_824540124483.bk Infected: Trojan.Win32.Agent.vsv 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_83711657254.bk Infected: Trojan.Win32.Agent.whl 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_881388776618.bk Infected: Trojan.Win32.Agent.rxi 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_882246224734.bk Infected: Trojan.Win32.Agent.tsn 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_89503817837.bk Infected: Trojan.Win32.Agent.swk 1

C:\Documents and Settings\EricaGM\DoctorWeb\Quarantine\tmpxr_91309707072.bk Infected: Trojan.Win32.Agent.whl 1

C:\Program Files\Trend Micro\Antivirus\QUARANTINE\4.tmp Infected: Email-Worm.Win32.Brontok.q 1

C:\Program Files\Trend Micro\Antivirus\QUARANTINE\6.tmp Infected: Email-Worm.Win32.Brontok.q 1

C:\Program Files\Trend Micro\Antivirus\QUARANTINE\B6.tmp Infected: Trojan.BAT.Regger.b 1

C:\Program Files\Trend Micro\Antivirus\QUARANTINE\B8.tmp Infected: Trojan.BAT.Regger.b 1

C:\Program Files\Trend Micro\Antivirus\QUARANTINE\Backup\WINUPDATE.RB0 Infected: Virus.Win32.Parite.b 1

C:\Program Files\Trend Micro\Antivirus\QUARANTINE\Backup\WINUPDATE.RB1 Infected: Virus.Win32.Parite.b 1

C:\Program Files\Trend Micro\Antivirus\QUARANTINE\BB.tmp Infected: Trojan.BAT.Regger.b 1

C:\RECYCLER\S-1-5-21-3368643098-3026558534-63294331-1006\Dc170.9+Crack-HeartBug_May08\spyhunterS.exe Infected: Trojan-Downloader.Win32.Zlob.odg 1

C:\WINDOWS\system32\afinding.exe Infected: Trojan-Downloader.Win32.Delf.kyy 1

C:\WINDOWS\system32\atsxyzd.sys Infected: Trojan.Win32.DNSChanger.gtg 1

C:\WINDOWS\system32\ceswxfst.sys Infected: Trojan-Clicker.Win32.VB.bka 1

C:\WINDOWS\system32\cexwxfst.sys Infected: Trojan-Clicker.Win32.VB.bgz 1

C:\WINDOWS\system32\cfexfst.sys Infected: Trojan-Clicker.Win32.VB.blp 1

C:\WINDOWS\system32\nftscpd.sys Infected: Trojan.Win32.Delf.dbc 1

C:\WINDOWS\system32\Nobicyt.exe Infected: Trojan-Downloader.Win32.Delf.llt 1

C:\WINDOWS\system32\ntscpd.sys Infected: Trojan.Win32.Delf.daj 1

C:\WINDOWS\system32\nxtscpd.sys Infected: Trojan.Win32.Delf.dbc 1

C:\WINDOWS\system32\otaxyzd.sys Infected: Trojan.Win32.DNSChanger.gyk 1

C:\WINDOWS\system32\routing.exe Infected: Trojan.Win32.Agent.xuh 1

C:\WINDOWS\system32\sobicyt.exe Infected: Trojan-Downloader.Win32.Delf.lmw 1

C:\WINDOWS\system32\stsycod.sys Infected: Trojan.Win32.Delf.dsw 1

C:\WINDOWS\system32\swand.sys Infected: Trojan.Win32.DNSChanger.ewt 1

C:\WINDOWS\system32\sxtsyctd.sys Infected: Trojan.Win32.Delf.dsu 1

C:\WINDOWS\system32\sxwand.sys Infected: Trojan.Win32.DNSChanger.fgv 1

C:\WINDOWS\system32\tcexfst.sys Infected: Trojan-Clicker.Win32.VB.blo 1

C:\WINDOWS\system32\tmp0_838768684858.bk Infected: Trojan.Win32.DNSChanger.gtg 1

C:\WINDOWS\system32\tmpxr_135723629943.bk Infected: Trojan.Win32.Agent.xja 1

C:\WINDOWS\system32\tmpxr_146316840469.bk Infected: Trojan.Win32.Agent.xmg 1

C:\WINDOWS\system32\tmpxr_365256454975.bk Infected: Trojan.Win32.Agent.wra 1

C:\WINDOWS\system32\tmpxr_461242361512.bk Infected: Trojan.Win32.Agent.xaq 1

C:\WINDOWS\system32\tmpxr_47710669729.bk Infected: Trojan.Win32.Agent.xmg 1

C:\WINDOWS\system32\tmpxr_490105611594.bk Infected: Trojan.Win32.Agent.xji 1

C:\WINDOWS\system32\tmpxr_508099311156.bk Infected: Trojan.Win32.Agent.xfr 1

C:\WINDOWS\system32\tmpxr_541910523306.bk Infected: Trojan.Win32.Agent.xdd 1

C:\WINDOWS\system32\tmpxr_57936884060.bk Infected: Trojan.Win32.Agent.wra 1

C:\WINDOWS\system32\tmpxr_58739352092.bk Infected: Trojan.Win32.Agent.xmg 1

C:\WINDOWS\system32\tmpxr_774865809987.bk Infected: Trojan.Win32.Agent.xji 1

C:\WINDOWS\system32\tmpxr_791517120265.bk Infected: Trojan.Win32.Agent.xja 1

C:\WINDOWS\system32\tmpxr_795747295548.bk Infected: Trojan.Win32.Agent.xmg 1

C:\WINDOWS\system32\tmpxr_93281561791.bk Infected: Trojan.Win32.Agent.xja 1

C:\WINDOWS\system32\wserving.exe Infected: Trojan-Downloader.Win32.Delf.lmf 1

C:\WINDOWS\system32\xwxfst.sys Infected: Trojan-Clicker.Win32.VB.bbn 1

C:\WINDOWS\system32\yaxcnxd.sys Infected: Trojan.Win32.DNSChanger.fwj 1

The selected area was scanned.

Malwarebytes log:

Malwarebytes' Anti-Malware 1.24

Database version: 1031

Windows 5.1.2600 Service Pack 2

6:09:32 PM 8/7/2008

mbam-log-8-7-2008 (18-09-32).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)

Objects scanned: 131269

Time elapsed: 1 hour(s), 23 minute(s), 4 second(s)

Memory Processes Infected: 3

Memory Modules Infected: 0

Registry Keys Infected: 10

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

C:\WINDOWS\system32\afinding.exe (Trojan.Agent) -> Unloaded process successfully.

C:\WINDOWS\system32\wserving.exe (Trojan.Agent) -> Unloaded process successfully.

C:\WINDOWS\system32\routing.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFinding (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Routing (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WServing (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\afinding (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\afinding (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wserving (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wserving (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\routing (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\routing (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\perfmons (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\afinding.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wserving.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\routing.exe (Trojan.Agent) -> Quarantined and deleted successfully.

sarahw · August 7, 2008

1.

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\Documents and Settings\EricaGM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-526d3b9d.zip
C:\Documents and Settings\EricaGM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-6a9bb2f0.zip
C:\WINDOWS\system32\afinding.exe
C:\WINDOWS\system32\atsxyzd.sys
C:\WINDOWS\system32\ceswxfst.sys
C:\WINDOWS\system32\cexwxfst.sys
C:\WINDOWS\system32\cfexfst.sys
C:\WINDOWS\system32\nftscpd.sys
C:\WINDOWS\system32\Nobicyt.exe
C:\WINDOWS\system32\ntscpd.sys
C:\WINDOWS\system32\nxtscpd.sys
C:\WINDOWS\system32\otaxyzd.sys
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\sobicyt.exe
C:\WINDOWS\system32\stsycod.sys
C:\WINDOWS\system32\swand.sys
C:\WINDOWS\system32\sxtsyctd.sys
C:\WINDOWS\system32\sxwand.sys
C:\WINDOWS\system32\tcexfst.sys
C:\WINDOWS\system32\tmp0_838768684858.bk
C:\WINDOWS\system32\tmpxr_135723629943.bk
C:\WINDOWS\system32\tmpxr_146316840469.bk
C:\WINDOWS\system32\tmpxr_365256454975.bk
C:\WINDOWS\system32\tmpxr_461242361512.bk
C:\WINDOWS\system32\tmpxr_47710669729.bk
C:\WINDOWS\system32\tmpxr_490105611594.bk
C:\WINDOWS\system32\tmpxr_508099311156.bk
C:\WINDOWS\system32\tmpxr_541910523306.bk
C:\WINDOWS\system32\tmpxr_57936884060.bk
C:\WINDOWS\system32\tmpxr_58739352092.bk
C:\WINDOWS\system32\tmpxr_774865809987.bk
C:\WINDOWS\system32\tmpxr_791517120265.bk
C:\WINDOWS\system32\tmpxr_795747295548.bk
C:\WINDOWS\system32\tmpxr_93281561791.bk
C:\WINDOWS\system32\wserving.exe
C:\WINDOWS\system32\xwxfst.sys
C:\WINDOWS\system32\yaxcnxd.sys

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

2.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

ericagm · August 7, 2008

OTMoveIt2

C:\Documents and Settings\EricaGM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-526d3b9d.zip moved successfully.

C:\Documents and Settings\EricaGM\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-6a9bb2f0.zip moved successfully.

File/Folder C:\WINDOWS\system32\afinding.exe not found.

C:\WINDOWS\system32\atsxyzd.sys moved successfully.

C:\WINDOWS\system32\ceswxfst.sys moved successfully.

C:\WINDOWS\system32\cexwxfst.sys moved successfully.

C:\WINDOWS\system32\cfexfst.sys moved successfully.

C:\WINDOWS\system32\nftscpd.sys moved successfully.

C:\WINDOWS\system32\Nobicyt.exe moved successfully.

C:\WINDOWS\system32\ntscpd.sys moved successfully.

C:\WINDOWS\system32\nxtscpd.sys moved successfully.

C:\WINDOWS\system32\otaxyzd.sys moved successfully.

File/Folder C:\WINDOWS\system32\routing.exe not found.

C:\WINDOWS\system32\sobicyt.exe moved successfully.

C:\WINDOWS\system32\stsycod.sys moved successfully.

C:\WINDOWS\system32\swand.sys moved successfully.

C:\WINDOWS\system32\sxtsyctd.sys moved successfully.

C:\WINDOWS\system32\sxwand.sys moved successfully.

C:\WINDOWS\system32\tcexfst.sys moved successfully.

C:\WINDOWS\system32\tmp0_838768684858.bk moved successfully.

C:\WINDOWS\system32\tmpxr_135723629943.bk moved successfully.

C:\WINDOWS\system32\tmpxr_146316840469.bk moved successfully.

C:\WINDOWS\system32\tmpxr_365256454975.bk moved successfully.

C:\WINDOWS\system32\tmpxr_461242361512.bk moved successfully.

C:\WINDOWS\system32\tmpxr_47710669729.bk moved successfully.

C:\WINDOWS\system32\tmpxr_490105611594.bk moved successfully.

C:\WINDOWS\system32\tmpxr_508099311156.bk moved successfully.

C:\WINDOWS\system32\tmpxr_541910523306.bk moved successfully.

C:\WINDOWS\system32\tmpxr_57936884060.bk moved successfully.

C:\WINDOWS\system32\tmpxr_58739352092.bk moved successfully.

C:\WINDOWS\system32\tmpxr_774865809987.bk moved successfully.

C:\WINDOWS\system32\tmpxr_791517120265.bk moved successfully.

C:\WINDOWS\system32\tmpxr_795747295548.bk moved successfully.

C:\WINDOWS\system32\tmpxr_93281561791.bk moved successfully.

File/Folder C:\WINDOWS\system32\wserving.exe not found.

C:\WINDOWS\system32\xwxfst.sys moved successfully.

C:\WINDOWS\system32\yaxcnxd.sys moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08072008_183844

Deckard's Log:

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0

Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2300 @ 1.66GHz

CPU 1: Genuine Intel® CPU T2300 @ 1.66GHz

Percentage of Memory in Use: 53%

Physical Memory (total/avail): 1013.98 MiB / 467.48 MiB

Pagefile Memory (total/avail): 2439.68 MiB / 2036.46 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1928.03 MiB

C: is Fixed (NTFS) - 65.69 GiB total, 2.15 GiB free.

D: is Fixed (FAT32) - 7.82 GiB total, 0.63 GiB free.

E: is CDROM (No Media)

F: is Removable (FAT)

\\.\PHYSICALDRIVE0 - HTS541080G9SA00 - 74.53 GiB - 3 partitions

\PARTITION0 (bootable) - Installable File System - 65.69 GiB - C:

\PARTITION1 - Unknown - 7.84 GiB - D:

\PARTITION2 - Unknown - 1027.6 MiB

\\.\PHYSICALDRIVE1 - - 7.84 MiB - partitions

\PARTITION0 - MS-DOS V4 Huge - 483.76 MiB

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Norton Internet Security 2006 v2006 (Symantec Corporation)

AV: Norton Internet Security 2006 v2006 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Documents and Settings\\EricaGM\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\EricaGM\\Desktop\\utorrent.exe:*:Enabled:ÂµTorrent"

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Disabled:Firefox"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"C:\\kav\\kis\\setup.exe"="C:\\kav\\kis\\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup"

"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ÂµTorrent"

"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe:*:Enabled:Java Platform SE binary"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\EricaGM\Application Data

CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=YOUR-4105E587B6

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\EricaGM

LOGONSERVER=\\YOUR-4105E587B6

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\PROGRA~1\Java\JRE16~1.0_0\bin;C:\PROGRA~1\Java\JRE16~1.0_0\bin;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;.

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PCTYPE=PAVILION

PLATFORM=MCD

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0e08

ProgramFiles=C:\Program Files

PROMPT=$P$G

QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\EricaGM\LOCALS~1\Temp

TMP=C:\DOCUME~1\EricaGM\LOCALS~1\Temp

USERDOMAIN=YOUR-4105E587B6

USERNAME=EricaGM

USERPROFILE=C:\Documents and Settings\EricaGM

windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

EricaGM (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

ÂµTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL

Adobe Acrobat 8.1.2 Professional --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}

Adobe Acrobat 8.1.2 Security Update 1 (KB403742) -->

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}

Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}

Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q

Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}

Adobe Reader 8.1.2 Security Update 1 (KB403742) -->

Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe

Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}

Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -Iqta30a0a.INF

Creative WebCam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9 /remove

Creative WebCam Live! Ultra Driver (1.01.03.0127) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0060.uns -unsext NT -plugin V0060Pin.dll -pluginres CtCamPin.crl -filelog

Creative WebCam Live! Ultra User's Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Live! Ultra\Creative WebCam Live! Ultra User's Guide\English\CTManual.isu"

DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER

DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER

DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

Google Earth --> MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}

Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall

Google Web Accelerator --> MsiExec.exe /X{6A1975EB-27E6-491D-94BC-6355FA25F40F}

Gre Bible --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Gre Bible\ST6UNST.LOG"

HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_qta30a0k\HXFSETUP.EXE -U -IQTA30A0K.INF

Hello (remove only) --> "C:\Program Files\Hello\Uninstall.exe"

HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly

HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat

HP QuickPlay 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall

HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}

HP User Guides--System Recovery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC96BBA7-C634-460E-AD18-A0A994213F80}\setup.exe" -l0x9 -removeonly

HP User Guides 0009 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58C62A8E-E628-4822-A0F2-BBE10329D53F}\Setup.exe" -l0x9 -removeonly

HP Wireless Assistant 2.00 B3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst

I/OMagic DataBank --> C:\PROGRA~1\IOMagic\DataBank\UNWISE.EXE C:\PROGRA~1\IOMagic\DataBank\INSTALL.LOG

Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2

Intel® PRO Network Connections Drivers --> Prounstl.exe

iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}

Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG

Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}

Microsoft Office Access MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0015-0C0A-0000-0000000FF1CE}

Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}

Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office Excel MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0016-0C0A-0000-0000000FF1CE}

Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}

Microsoft Office Groove MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-00BA-0C0A-0000-0000000FF1CE}

Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0044-0C0A-0000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office OneNote MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-00A1-0C0A-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}

Microsoft Office Outlook MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-001A-0C0A-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0018-0C0A-0000-0000000FF1CE}

Microsoft Office Proof (Basque) 2007 --> MsiExec.exe /X{90120000-001F-042D-0000-0000000FF1CE}

Microsoft Office Proof (Catalan) 2007 --> MsiExec.exe /X{90120000-001F-0403-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Galician) 2007 --> MsiExec.exe /X{90120000-001F-0456-0000-0000000FF1CE}

Microsoft Office Proof (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Proofing (Spanish) 2007 --> MsiExec.exe /X{90120000-002C-0C0A-0000-0000000FF1CE}

Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}

Microsoft Office Publisher MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0019-0C0A-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-006E-0C0A-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-001B-0C0A-0000-0000000FF1CE}

Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}

Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}

Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"

Quick Launch Buttons 5.20 F2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst

QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}

River Past Video Cleaner Pro --> C:\WINDOWS\Video Cleaner Pro Uninstaller.exe

Samsung USB Driver (MCCI 4.24 WHQL) --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{439E56F4-F8CC-4886-B7A4-E8024ED39C6C}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}

Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}

Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}

Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}

Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}

Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}

Security Update for Step By Step Interactive Training (KB898458) -->

Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"

Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}

Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}

Skypeâ„¢ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

SmartAudio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}\setup.exe" -l0x9 -removeonly

Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"

Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG

Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

The Rosetta Stone --> C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log

Trend Micro Antivirus --> MsiExec.exe /X{3ACF3AF1-8DBC-4EFB-AF03-37E212DDA83C}

TrojanHunter 5.0 --> "C:\Program Files\TrojanHunter 5.0\unins000.exe"

Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}

Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}

Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}

Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}

VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409

Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u

Windows Desktop Search 3.01 --> "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"

Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}

Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}

Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

Wireless Home Network Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\setup.exe" -l0x9 -removeonly

-- Application Event Log -------------------------------------------------------

Event Record #/Type7975 / Error

Event Submitted/Written: 08/04/2008 06:53:41 PM

Event ID/Source: 1000 / Application Error

Event Description:

Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Processing media-specific event for [drwtsn32.exe!ws!]

Event Record #/Type7931 / Error

Event Submitted/Written: 08/04/2008 00:10:45 AM

Event ID/Source: 1000 / Application Error

Event Description:

Faulting application sxtsyctd.sys, version 1.0.0.4, faulting module sxtsyctd.sys, version 1.0.0.4, fault address 0x00001ced.

Processing media-specific event for [sxtsyctd.sys!ws!]

Event Record #/Type7929 / Error

Event Submitted/Written: 08/04/2008 00:06:10 AM

Event ID/Source: 1000 / Application Error

Event Description:

Faulting application sxtsyctd.sys, version 1.0.0.4, faulting module sxtsyctd.sys, version 1.0.0.4, fault address 0x000022b2.

Processing media-specific event for [sxtsyctd.sys!ws!]

Event Record #/Type7918 / Error

Event Submitted/Written: 08/03/2008 00:33:43 PM

Event ID/Source: 1000 / Application Error

Event Description:

Faulting application sxtsyctd.sys, version 1.0.0.4, faulting module sxtsyctd.sys, version 1.0.0.4, fault address 0x00001ced.

Processing media-specific event for [sxtsyctd.sys!ws!]

Event Record #/Type7861 / Success

Event Submitted/Written: 08/01/2008 04:36:19 PM

Event ID/Source: 12001 / usnjsvc

Event Description:

The Messenger Sharing USN Journal Reader service started successfully.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type79469 / Error

Event Submitted/Written: 08/07/2008 06:12:27 PM / 08/07/2008 06:12:51 PM

Event ID/Source: 4 / sptd

Event Description:

Driver detected an internal error in its data structures for .

Event Record #/Type79467 / Error

Event Submitted/Written: 08/07/2008 06:12:06 PM / 08/07/2008 06:12:51 PM

Event ID/Source: 4 / sptd

Event Description:

Driver detected an internal error in its data structures for .

Event Record #/Type79466 / Error

Event Submitted/Written: 08/07/2008 06:12:06 PM / 08/07/2008 06:12:51 PM

Event ID/Source: 4 / sptd

Event Description:

Driver detected an internal error in its data structures for .

Event Record #/Type79465 / Error

Event Submitted/Written: 08/07/2008 06:12:06 PM / 08/07/2008 06:12:51 PM

Event ID/Source: 4 / sptd

Event Description:

Driver detected an internal error in its data structures for .

Event Record #/Type79464 / Error

Event Submitted/Written: 08/07/2008 06:12:05 PM / 08/07/2008 06:12:51 PM

Event ID/Source: 4 / sptd

Event Description:

Driver detected an internal error in its data structures for .

-- End of Deckard's System Scanner: finished at 2008-08-07 18:43:07 ------------

sarahw · August 8, 2008

There is a log missong, can you please post main.txt from the DSS scan you did.

ericagm · August 8, 2008

I posted the only log that came up on a notepad. Where can I find this missing log on my computer?

Thanks

ericagm · August 8, 2008

I found it:

Deckard's System Scanner v20071014.68

Run by EricaGM on 2008-08-07 18:40:09

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --

87: 2008-08-07 22:40:27 UTC - RP468 - Deckard's System Scanner Restore Point

86: 2008-08-06 21:21:38 UTC - RP467 - Spyware Doctor: Cleaning Threats

85: 2008-08-06 21:20:53 UTC - RP466 - Spyware Doctor: Cleaning Threats

84: 2008-08-06 03:33:10 UTC - RP465 - System Checkpoint

83: 2008-08-04 16:02:38 UTC - RP464 - Spyware Doctor: Cleaning Threats

-- First Restore Point --

1: 2008-05-10 16:43:43 UTC - RP382 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

System Drive C: has 2.15 GiB (less than 15%) free.

-- HijackThis (run as EricaGM.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:42:17 PM, on 8/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Trend Micro\Antivirus\PCClient.exe

C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\macidwe.exe

C:\WINDOWS\system32\Nobicyt.exe

C:\WINDOWS\system32\sobicyt.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\system32\tdxdowkc.exe

C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe

C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\EricaGM\Desktop\dss.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\EricaGM.exe