Jump to content

Kiwi~AL

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks Maurice. I have followed the last set of instructions, uninstalled the programmes, tidied up the files, and am ready to go. This topic can now be closed. I really appreciate your assistance, and hope I never have to use it again... Cheers, Al
  2. Good afternoon Maurice. I have followed your latest post. Norton Antivirus - I downloaded the removal tool and ran it. No problems. TweakUI - all drives were already disabled. Flash Drive Disinfector - I plugged in my wife's USB Music player (the only USB device connected to the PC) and ran the programme. DrWeb-CureIt - ran the programme in Safe mode. Log file attached below =================CureIt Log file============================ CouponPrinter.exe\data012;C:\Documents and Settings\HP_Administrator\My Documents\My Received Files\CouponPrinter.exe;Adware.Coupons.34;; CouponPrinter.exe\data013;C:\Documents and Settings\HP_Administrator\My Documents\My Received Files\CouponPrinter.exe;Adware.Coupons.34;; CouponPrinter.exe\data015;C:\Documents and Settings\HP_Administrator\My Documents\My Received Files\CouponPrinter.exe;Adware.Coupons.34;; CouponPrinter.exe\data016;C:\Documents and Settings\HP_Administrator\My Documents\My Received Files\CouponPrinter.exe;Adware.Coupons.34;; CouponPrinter.exe;C:\Documents and Settings\HP_Administrator\My Documents\My Received Files;Container contains infected objects;Moved.; KillWind.exe;C:\hp\bin;Tool.ProcessKill;Incurable.Moved.; popcaploader.dll;C:\WINDOWS\Downloaded Program Files;Program.PopcapLoader;Incurable.Moved.; ============EOF================= Virustotal and Threatexpert - unable to load the identified file as it was not located in the directory as stated. My virus scanner located an infected file (_geyekrdcvnliyy_.sys.zip, infected with BKDR_TDSS.Z, located in C:\Qoobox\quarantine\..) I have attached the catchme.log located in C:\Qoobox\quarantine ================Catchme log file================= -------- 2009-07-23 - 16:44:15 ------------- file zipped: C:\WINDOWS\system32\drivers\geyekrdcvnliyy.sys -> _geyekrdcvnliyy_.sys.zip -> geyekrdcvnliyy.sys ( 65536 bytes ) file "C:\WINDOWS\system32\drivers\geyekrdcvnliyy.sys" replaced successfully File "C:\WINDOWS\system32\drivers\geyekrdcvnliyy.sys" added successfully file "C:\WINDOWS\system32\drivers\geyekrdcvnliyy.sys" deleted successfully file zipped: C:\WINDOWS\system32\drivers\str.sys -> _str_.sys.zip -> str.sys ( 213024 bytes ) file "C:\WINDOWS\system32\drivers\str.sys" replaced successfully file zipped: C:\WINDOWS\system32\drivers\str.sys -> _str_.sys.zip -> str.sys.1 ( 213024 bytes ) file "C:\WINDOWS\system32\drivers\str.sys" replaced successfully file zipped: C:\WINDOWS\system32\drivers\str.sys -> _str_.sys.zip -> str.sys.2 ( 213024 bytes ) file "C:\WINDOWS\system32\drivers\str.sys" replaced successfully ==========EOF=================== MBAM - updated the programme and ran it. Two infections identified as per the log file attached below: ============MBAM Log File======================= Malwarebytes' Anti-Malware 1.39 Database version: 2494 Windows 5.1.2600 Service Pack 3 7/24/2009 5:41:30 PM mbam-log-2009-07-24 (17-41-30).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 222794 Time elapsed: 1 hour(s), 44 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\hp_administrator\Desktop\avenger\avenger.exe (Trojan.Agnet) -> Quarantined and deleted successfully. c:\qoobox\quarantine\c\windows\system32\geyekrsppqxvnb.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully. ================EOF===================== My system appears to be running OK now, thank you. I have searched using Google and are not getting any misdirections at this time. What do I need to do now to tidy up all the programmes /files /quarantined files etc still on my PC? I have already cleared the TrendMicro quarantine (which contained the geyerk...dll.vir and _geyek...sys.zip files identified previously). Are there directories I need to delete, programmes I need to uninstall? Should I delete my System Restore Points? Cheers, Al
  3. Thanks Maurice. OTL - ran programme. Received error message "Exception processing message c0000013 parameters 75b6bf7c 4 75b6bf7c 75b6bf7c" I pressed continue five times before the error message disappeared. ComboFix - ran programme. Received error message warning about Norton Antivirus running; however as far as I am aware the computer is using TrendMicro and that had been switched off The programme came up with a Rootkit warning. The files listed were: c:\windows\system32\drivers\geyekrdcvnliyy.sys c:\windows\system32\geyekrteyeupxb.dll c:\windows\system32\geyekrwyrjuubn.dat c:\windows\system32\geyekrsppqxvnb.dll c:\windows\system32\geyekrwespwsrn.dat The programme then continued upon it's merry way. When it finally booted back into Windows again, the Trend INternet Security automatically restarted and downloaded the latest virus updates. I exited from the programme after it reported a number of programmes being run from the ComboFix directory. Everything then finished, and I opened IE to report back Al ========================OTL Log======================== All processes killed ========== FILES ========== File move failed. C:\WINDOWS\system32\drivers\str.sys scheduled to be moved on reboot. File\Folder C:\WINDOWS\system32\geyekrsppqxvnb.dll not found. C:\RECYCLER\S-1-5-21-3391927887-3703448293-1221114721-1008 moved successfully. C:\RECYCLER moved successfully. File\Folder D:\recycler not found. File\Folder e:\recycler not found. File\Folder f:\recycler not found. File\Folder g:\recycler not found. File\Folder h:\recycler not found. File\Folder L:\recycler not found. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d1d2d79-625c-11de-b7b2-00112fa1c7d9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d1d2d79-625c-11de-b7b2-00112fa1c7d9}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: HP_Administrator ->Temp folder emptied: 226810 bytes ->Temporary Internet Files folder emptied: 7508708 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 3272265 bytes User: LocalService File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot. ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes %systemdrive% .tmp files removed: 0 bytes C:\WINDOWS\msdownld.tmp folder deleted successfully. %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 1165 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 10.61 mb OTL by OldTimer - Version 3.0.10.0 log created on 07232009_162915 Files\Folders moved on Reboot... File move failed. C:\WINDOWS\system32\drivers\str.sys scheduled to be moved on reboot. Registry entries deleted on Reboot... ===================ComboFix Log======================== ComboFix 09-07-23.02 - HP_Administrator 07/23/2009 16:56.1.1 - NTFSx86 Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe AV: Norton AntiVirus *On-access scanning enabled* (Updated) {B5510F6F-87E1-47F7-A411-360BC453007C} AV: Trend Micro PC-cillin Internet Security 2007 *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5} FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} FW: Norton Internet Security *enabled* {825036E0-9F94-4752-8789-8B92454AF49B} FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\ALLUSE~1\STARTM~1\Programs\Internet Explorer.lnk c:\windows\Installer\108f9f71.msp c:\windows\Installer\11087599.msp c:\windows\Installer\148d6c9f.msp c:\windows\Installer\15b6b6b3.msp c:\windows\Installer\1add31a5.msp c:\windows\Installer\20036741.msp c:\windows\Installer\252a8ac7.msp c:\windows\Installer\2a4f3658.msp c:\windows\Installer\2f756fbc.msp c:\windows\Installer\349cb031.msp c:\windows\Installer\3678b3.msp c:\windows\Installer\39c40381.msp c:\windows\Installer\3eea3564.msp c:\windows\Installer\4e97107.msp c:\windows\Installer\5121294.msp c:\windows\Installer\6a1a9ff.msp c:\windows\Installer\87c504.msp c:\windows\Installer\a105ce3.msp c:\windows\Installer\a1e3b.msp c:\windows\Installer\a3934f1.msp c:\windows\Installer\ARTSP3.msp c:\windows\Installer\c90f0a2.msp c:\windows\Installer\f63e76a.msp c:\windows\kb913800.exe c:\windows\system32\drivers\aniorcpiah.sys c:\windows\system32\drivers\geyekrdcvnliyy.sys c:\windows\system32\drivers\str.sys c:\windows\system32\Drivers\zzzzzmlqn.sys c:\windows\system32\geyekrsppqxvnb.dll c:\windows\system32\geyekrteyeupxb.dll c:\windows\system32\geyekrwespwsrn.dat c:\windows\system32\geyekrwyrjuubn.dat c:\windows\system32\Mswrkdmk.dll D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_geyekrvxfeenhr -------\Legacy_JNZJOOYHNHX ((((((((((((((((((((((((( Files Created from 2009-06-23 to 2009-07-23 ))))))))))))))))))))))))))))))) . 2009-07-23 21:29 . 2009-07-23 21:29 -------- d-----w- C:\_OTL 2009-07-23 14:59 . 2009-07-23 14:59 1636 ----a-w- C:\avexport.bat 2009-07-23 14:55 . 2009-07-23 14:55 -------- d-----w- C:\rsit 2009-07-23 14:12 . 2009-07-23 14:13 -------- d-----w- c:\program files\ERUNT 2009-07-22 04:21 . 2009-07-22 04:21 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-07-22 03:42 . 2009-07-22 03:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes 2009-07-22 03:42 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-22 03:42 . 2009-07-22 15:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-22 03:42 . 2009-07-22 03:42 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes 2009-07-22 03:42 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-22 01:42 . 2009-07-22 01:42 -------- d-----w- c:\windows\Cache 2009-07-22 00:53 . 2009-07-22 00:57 -------- d-----w- c:\program files\EVEREST Home Edition 2009-07-18 13:31 . 2009-07-18 13:31 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-07-09 14:13 . 2009-07-09 14:13 -------- d-sh--w- c:\documents and settings\HP_Administrator\PrivacIE 2009-06-27 17:39 . 2009-06-27 17:35 174712 ----a-w- c:\program files\RealTemp_3.00.zip . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-23 14:50 . 2009-03-11 23:22 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\MxBoost 2009-07-22 15:02 . 2006-04-27 23:15 -------- d-----w- c:\program files\Trend Micro 2009-07-22 13:48 . 2005-05-18 05:10 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2009-07-17 01:19 . 2009-05-18 21:49 -------- d-----w- c:\program files\Jewelry Designer Manager 2009-07-02 17:48 . 2009-03-11 23:21 -------- d-----w- c:\program files\Maxthon2 2009-07-01 22:08 . 2005-05-09 17:05 319376 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-27 01:12 . 2009-02-21 16:44 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SPORE Creature Creator 2009-06-23 19:01 . 2009-06-23 19:01 -------- d-----w- c:\program files\CDex_150 2009-06-23 18:27 . 2009-06-23 18:27 -------- d-----w- c:\program files\TagScanner 2009-06-23 18:00 . 2009-06-23 18:00 -------- d-----w- c:\program files\Free Audio Pack 2009-06-22 15:37 . 2009-06-22 15:37 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Sibelius Software 2009-06-22 15:37 . 2009-06-22 15:36 -------- d-----w- c:\program files\Musicnotes 2009-06-16 14:36 . 2004-09-10 23:18 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2004-09-10 23:15 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-13 04:53 . 2009-06-13 04:53 -------- d-----w- c:\program files\Veetle 2009-06-03 20:11 . 2007-04-26 01:31 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\dvdcss 2009-06-03 19:09 . 2004-09-10 23:16 1291264 ----a-w- c:\windows\system32\quartz.dll 2009-05-22 06:02 . 2007-05-18 19:05 225296 ----a-w- c:\windows\system32\drivers\tmxpflt.sys 2009-05-22 06:00 . 2007-05-18 19:05 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys 2009-05-22 05:45 . 2007-05-18 19:05 1220120 ----a-w- c:\windows\system32\drivers\vsapint.sys 2009-05-13 05:15 . 2004-09-10 23:18 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-07 15:32 . 2004-09-10 23:15 345600 ----a-w- c:\windows\system32\localspl.dll 2006-04-15 05:28 . 2006-04-15 05:28 60516 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2006-04-15 05:28 . 2006-04-15 05:28 49246 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2006-04-15 05:28 . 2006-04-15 05:28 165990 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2005-06-10 04:41 . 2005-06-10 04:41 0 --sha-w- c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-09-25 4583424] c:\documents and settings\Default User\Start Menu\Programs\Startup\ AutoTBar.exe [2003-10-1 57344] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\SMINST\\INSTALL_APP.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "14193:TCP"= 14193:TCP:PORT_14193 "40461:TCP"= 40461:TCP:PORT_40461 "53285:TCP"= 53285:TCP:PORT_53285 "6066:TCP"= 6066:TCP:PORT_6066 "41976:TCP"= 41976:TCP:PORT_41976 "8129:TCP"= 8129:TCP:PORT_8129 "23113:TCP"= 23113:TCP:PORT_23113 "56832:TCP"= 56832:TCP:PORT_56832 "5988:TCP"= 5988:TCP:PORT_5988 "26813:TCP"= 26813:TCP:PORT_26813 "10149:TCP"= 10149:TCP:PORT_10149 "48711:TCP"= 48711:TCP:PORT_48711 "59328:TCP"= 59328:TCP:PORT_59328 "39680:TCP"= 39680:TCP:PORT_39680 "22266:TCP"= 22266:TCP:PORT_22266 "18075:TCP"= 18075:TCP:PORT_18075 "53195:TCP"= 53195:TCP:PORT_53195 "30387:TCP"= 30387:TCP:PORT_30387 "26383:TCP"= 26383:TCP:PORT_26383 "46235:TCP"= 46235:TCP:PORT_46235 "9164:TCP"= 9164:TCP:PORT_9164 "60383:TCP"= 60383:TCP:PORT_60383 "25595:TCP"= 25595:TCP:PORT_25595 "54195:TCP"= 54195:TCP:PORT_54195 "31676:TCP"= 31676:TCP:PORT_31676 "29863:TCP"= 29863:TCP:PORT_29863 "56793:TCP"= 56793:TCP:PORT_56793 "6531:TCP"= 6531:TCP:PORT_6531 "14453:TCP"= 14453:TCP:PORT_14453 "26332:TCP"= 26332:TCP:PORT_26332 "9070:TCP"= 9070:TCP:PORT_9070 "58101:TCP"= 58101:TCP:PORT_58101 "8067:TCP"= 8067:TCP:PORT_8067 "50145:TCP"= 50145:TCP:PORT_50145 "9664:TCP"= 9664:TCP:PORT_9664 "19870:TCP"= 19870:TCP:PORT_19870 "7642:TCP"= 7642:TCP:PORT_7642 "53703:TCP"= 53703:TCP:PORT_53703 "34172:TCP"= 34172:TCP:PORT_34172 "58414:TCP"= 58414:TCP:PORT_58414 "10726:TCP"= 10726:TCP:PORT_10726 "58030:TCP"= 58030:TCP:PORT_58030 "20350:TCP"= 20350:TCP:PORT_20350 "16741:TCP"= 16741:TCP:PORT_16741 "25141:TCP"= 25141:TCP:PORT_25141 "46313:TCP"= 46313:TCP:PORT_46313 "29351:TCP"= 29351:TCP:PORT_29351 R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 4:47 AM 98304] R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 3:40 AM 118784] R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [5/18/2007 2:05 PM 36368] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [5/18/2007 2:05 PM 288848] S2 jnzjooyhnhx;jnzjooyhnhx;\??\c:\windows\system32\drivers\aniorcpiah.sys --> c:\windows\system32\drivers\aniorcpiah.sys [?] S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [12/29/2006 2:53 PM 480784] S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [12/29/2006 2:53 PM 943696] S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [12/29/2006 2:53 PM 566872] S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\system32\drivers\tj2knd5.sys [9/22/2005 4:48 PM 17616] S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\system32\drivers\tj2kunic.sys [9/22/2005 4:40 PM 69680] S3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\drivers\rt2500usb.sys [5/9/2005 7:41 AM 79616] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . - - - - ORPHANS REMOVED - - - - BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file) SafeBoot-svcWRSSSDK . ------- Supplementary Scan ------- . uStart Page = hxxp://www.wsmv.com/weather/index.html uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: &Search IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm IE: {{5CFA5B80-01F4-420F-B18B-545712C8A1C8} - http://www.playsushi.com/About.ps?l=6&t=nB4mpdg73 Trusted Zone: ebay.com\www DPF: Aces Up! by pogo - hxxp://game3.pogo.com/v/9.1.7.20/applet/aces/aces-en_US.cab DPF: Addiction by pogo - hxxp://game3.pogo.com/v/9.1.8.9/applet/addiction/addiction-en_US.cab DPF: Alibaba Slots - hxxp://game3.pogo.com/v/9.1.1.20/applet/alibaba/alibaba-en_US.cab DPF: Battle Phlinx by pogo - hxxp://game3.pogo.com/v/9.0.1.14/applet/battlephlinx/battlephlinx-en_US.cab DPF: Bingo Luau by pogo - hxxp://game3.pogo.com/v/9.1.5.8/applet/freebingo/freebingo-en_US.cab DPF: Blackjack by pogo - hxxp://game3.pogo.com/v/9.0.9.8/applet/blackjack/blackjack-en_US.cab DPF: Blackjack Carnival by pogo - hxxp://game3.pogo.com/v/9.0.5.4/applet/vbjack2/vbjack2-en_US.cab DPF: Blooop by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/cascade/cascade-en_US.cab DPF: Bowling by pogo - hxxp://game3.pogo.com/v/9.1.7.20/applet/bowling/bowling-en_US.cab DPF: Canasta by pogo - hxxp://game3.pogo.com/v/9.1.8.1/applet/canasta/canasta-en_US.cab DPF: Crazy Cakes by pogo - hxxp://game3.pogo.com/v/9.0.7.14/applet/platespinner/platespinner-en_US.cab DPF: Dice City Roller by pogo - hxxp://game3.pogo.com/v/9.0.1.7/applet/ytz/ytz-en_US.cab DPF: Dominoes v2 by pogo - hxxp://game1.pogo.com/v/8.1.9.1/applet/domino2/domino2-en_US.cab DPF: First Class Solitaire by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/firstclass2/firstclass2-en_US.cab DPF: Fortune Bingo by pogo - hxxp://game3.pogo.com/v/9.1.8.1/applet/superbingo/superbingo-en_US.cab DPF: Golf Solitaire by pogo - hxxp://game3.pogo.com/v/9.1.8.1/applet/golfsolitaire/golfsolitaire-en_US.cab DPF: Greenback Bayou by pogo - hxxp://game3.pogo.com/v/9.1.6.34/applet/greenback/greenback-en_US.cab DPF: Hangman Hijinks by pogo - hxxp://game3.pogo.com/v/9.1.8.1/applet/hangman/hangman-en_US.cab DPF: Harvest Mania by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/harvest/harvest-en_US.cab DPF: High Stakes Pool by pogo - hxxp://game1.pogo.com/v/8.1.9.1/applet/pool2/pool-en_US.cab DPF: Hog Heaven Slots by pogo - hxxp://game3.pogo.com/v/9.1.8.1/applet/fancy/fancy-en_US.cab DPF: Jigsaw Treasure Hunter - hxxp://game3.pogo.com/v/9.1.2.19/applet/jth/jth-en_US.cab DPF: Jungle Gin by pogo - hxxp://game3.pogo.com/v/9.1.8.1/applet/gin2/gin2-en_US.cab DPF: KenoPop! by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/speedkeno/speedkeno-en_US.cab DPF: Lost Temple Poker by pogo - hxxp://game1.pogo.com/applet-8.0.6.59/mhpoker/mhpoker-en_US.cab DPF: Lottso by pogo - hxxp://game3.pogo.com/v/9.0.5.4/applet/lottso/lottso-en_US.cab DPF: Mah Jong Garden by pogo - hxxp://game3.pogo.com/v/9.1.8.1/applet/mahjong2/mahjong2-en_US.cab DPF: Mahjong Safari by Pogo - hxxp://game3.pogo.com/v/9.1.8.1/applet/safari/safari-en_US.cab DPF: Makeover Madness by pogo - hxxp://game3.pogo.com/v/8.1.9.1/applet/shoes/shoes-en_US.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: Monopoly by pogo - hxxp://game3.pogo.com/v/9.1.4.9/applet/monopoly/monopoly-en_US.cab DPF: Pai Gow by pogo - hxxp://game3.pogo.com/v/9.0.7.14/applet/paigow/paigow-en_US.cab DPF: Payday Freecell Solitaire by pogo - hxxp://game3.pogo.com/v/9.1.6.34/applet/freecell2/freecell2-en_US.cab DPF: Penguin Blocks by pogo - hxxp://game3.pogo.com/v/9.1.7.20/applet/penguins/penguins-en_US.cab DPF: Perfect Pair Solitaire by pogo - hxxp://game3.pogo.com/v/9.0.1.7/applet/waterwheel/waterwheel-en_US.cab DPF: Phlinx by pogo - hxxp://game3.pogo.com/v/9.1.7.20/applet/flinger/flinger-en_US.cab DPF: Pop Fu by pogo - hxxp://game3.pogo.com/v/9.0.6.14/applet/popfu/popfu-en_US.cab DPF: PoppaZoppa by pogo - hxxp://game3.pogo.com/v/9.0.7.14/applet/poppazoppa/poppazoppa-en_US.cab DPF: Poppit by pogo - hxxp://game3.pogo.com/v/9.1.8.1/applet/poppit2/poppit2-en_US.cab DPF: Pseudoku by pogo - hxxp://game3.pogo.com/v/9.0.1.7/applet/pseudoku/pseudoku-en_US.cab DPF: Quick Quack by pogo - hxxp://game3.pogo.com/v/9.0.9.8/applet/hotstreak/hotstreak-en_US.cab DPF: QWERTY by pogo - hxxp://game1.pogo.com/v/8.1.6.3/applet/squares/squares-en_US.cab DPF: Scrabble by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/scrabble/scrabble-en_US.cab DPF: Showbiz Slots by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/slots/showbiz-en_US.cab DPF: Shuffle Bump by pogo - hxxp://game3.pogo.com/v/8.1.9.1/applet/puck/puck-en_US.cab DPF: Spades 2 by pogo - hxxp://game3.pogo.com/v/9.1.7.20/applet/spades2/spades2-en_US.cab DPF: Spider Solitaire by pogo - hxxp://game3.pogo.com/v/9.1.7.20/applet/spider/spider-en_US.cab DPF: Spooky Slots - hxxp://game3.pogo.com/v/9.1.5.14/applet/spooky/spooky-en_US.cab DPF: Squelchies by pogo - hxxp://game3.pogo.com/v/9.0.8.20/applet/squelchies/squelchies-en_US.cab DPF: Stax by pogo - hxxp://game3.pogo.com/v/9.1.8.1/applet/stax/stax-en_US.cab DPF: Stellar Sweeper by pogo - hxxp://game3.pogo.com/v/9.1.8.1/applet/sweeper/sweeper-en_US.cab DPF: Super Dominoes by pogo - hxxp://game1.pogo.com/v/8.1.6.3/applet/superdomino/superdomino-en_US.cab DPF: Sweet Tooth 2 by Pogo - hxxp://game3.pogo.com/v/9.1.6.34/applet/sweettooth2/sweettooth2-en_US.cab DPF: Team Bingo by Pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/teambingo/teambingo-en_US.cab DPF: Thousand Island Solitaire by pogo - hxxp://game3.pogo.com/v/9.0.9.8/applet/millbrae/millbrae-en_US.cab DPF: Tri-Peaks by pogo - hxxp://game3.pogo.com/v/9.1.1.1/applet/peaks/peaks-en_US.cab DPF: Trivial Pursuit by pogo - hxxp://game3.pogo.com/v/9.1.6.35/applet/trivial/trivial-en_US.cab DPF: Turbo 21 v2 by pogo - hxxp://game3.pogo.com/v/9.1.7.20/applet/turbo22/turbo22-en_US.cab DPF: Vaults of Atlantis Slots by pogo - hxxp://game3.pogo.com/v/9.0.1.7/applet/mlslots/mlslots-en_US.cab DPF: Wonderland Memories by pogo - hxxp://game3.pogo.com/v/9.0.8.20/applet/memories/memories-en_US.cab DPF: Word Craft by pogo - hxxp://game3.pogo.com/v/9.1.3.19/applet/babble/babble-en_US.cab DPF: Word Search Daily by pogo - hxxp://game1.pogo.com/v/8.1.8.23/applet/wordsearch/wordsearch-en_US.cab DPF: Word Whomp by pogo - hxxp://game3.pogo.com/v/9.1.8.1/applet/wordwhomp2/whomp2-en_US.cab DPF: Word Whomp Whackdown by pogo - hxxp://game3.pogo.com/v/9.1.7.20/applet/whackdown/whackdown-en_US.cab DPF: WordJong by pogo - hxxp://game3.pogo.com/v/9.0.1.7/applet/wordjong/wordjong-en_US.cab DPF: World Class Solitaire by pogo - hxxp://game3.pogo.com/v/9.0.8.20/applet/worldclass/worldclass-en_US.cab DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file://e:\win\setup\iamce.dll DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://ak.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-23 17:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3391927887-3703448293-1221114721-1008\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3276) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~3\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\ehome\ehSched.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\windows\ehome\mcrdsvc.exe c:\progra~1\TRENDM~1\INTERN~1\PccUpdUI.exe c:\progra~1\TRENDM~1\INTERN~1\pcclient.exe c:\progra~1\TRENDM~1\INTERN~1\Temp\aubin\patch.exe . ************************************************************************** . Completion time: 2009-07-23 17:22 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-23 22:22 Pre-Run: 94,536,208,384 bytes free Post-Run: 94,383,022,080 bytes free Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=,1,2,3,4 326 --- E O F --- 2009-07-21 14:52
  4. Good morning Maurice. Thanks for assisting me with this challenge. OK. I downloaded the four programmes you identified. ERUNT - backed up Registry ATF Cleaner - deleted files Avenger - copied code and ran. Computer rebooted (twice). Received error message on reboot - "There is no disk in drive \device\harddisk1\DR3" [abort] [retry] [continue]. I pressed continue three times (on the second the DR3 changed to DR4) and the computer ontinued to boot. When windows opened up I got the following error message - "exception processing message C0000013 parameters 75b6bf7c 75b6bf7c 75b6bf7c". I pressed continue five times. An log file appeared on screen but was NOT saved in C:\avenger.txt (so I am unable to copy the file into this message, sorry). RSIT - ran programme. Log files attached: =============info.txt==================== info.txt logfile of random's system information tool 1.06 2009-07-23 09:55:07 ======Uninstall list====== -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19} -->MsiExec.exe /I{5B782FFA-6A95-480D-8E0A-0954A14693D6} -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1B8CBC-9118-11D7-86D3-00055DF3561E}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9 -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 7-Zip 4.42-->"C:\Program Files\7-Zip\Uninstall.exe" Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Photoshop Elements 3.0-->MsiExec.exe /I{851C67EF-068A-4060-9EF5-2E3DDCD68382} Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Agere Systems PCI Soft Modem-->agrsmdel Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\Setup.exe" -l0x9 Ben 10 Alien Force Bounty Hunters-->MsiExec.exe /X{BC7E9D03-F7B1-4179-AAEC-941D14DF5EF3} Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" CDex extraction audio-->"C:\Program Files\CDex_150\uninstall.exe" Content Transfer-->MsiExec.exe /X{CFADE4AF-C0CF-4A04-A776-741318F1658F} CouponBar-->regsvr32 /u /s "C:\WINDOWS\CouponBarIE.dll" Creative WebCam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9 /remove Creative WebCam Live! Pro Driver (1.01.01.1011)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0080.uns -unsext NT -plugin V0080Pin.dll -pluginres V0080Pin.crl Creative WebCam Live! Pro User's Guide (English)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Live! Pro\Creative WebCam Live! Pro User's Guide\English\CTManual.isu" DesignPro 5.0 Limited Edition-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{97AE00A8-1336-410F-B467-1C6623127BD6} DesignPro 5.0 Media Edition-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EDF1085A-73FF-4B3B-8726-2A403D400E48} EPSON CardMonitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x9 uninst EPSON Copy Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG EPSON Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B53B71D-9E2F-42B8-9123-96354872D166}\setup.exe" -l0x9 MyUninstall EPSON PhotoStarter3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5983C895-DDA4-45D9-A8D1-877D5DE7693E}\Setup.exe" -l0x9 uninst EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R EPSON Scan-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\Setup.exe" -l0x9 UNINSTALL EPSON Smart Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\Setup.exe" -l0x9 Uninstall EPSON SP RX500 Reference Guide-->C:\Program Files\epson\guide\rx500_e\uninstall.exe ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe" EVEREST Home Edition v2.20-->"C:\Program Files\EVEREST Home Edition\unins000.exe" Free Mp3 Wma Converter V 1.8.0-->"C:\Program Files\Free Audio Pack\unins000.exe" Game Maker 7.0-->C:\Program Files\Game_Maker7\Uninstal.exe GameTap Web Player-->C:\Program Files\InstallShield Installation Information\{1C338B34-1BFB-4BAD-B4A3-7B71A2E221F6}\setup.exe -runfromtemp -l0x0009 -removeonly Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe" Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall Help and Support Additions-->C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878} HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Image Zone for Media Center PC-->MsiExec.exe /X{8D0C57BC-4942-4960-BB6D-142456D6F233} HP Image Zone Plus 4.2-->C:\Program Files\HP\Digital Imaging\{5E1494D4-3562-4FFB-B35C-600F80F6934C}\setup\hpzscr01.exe -datfile hpdscr01.dat HP Photo & Imaging 3.5 - HP Devices-->C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat HP PSC & OfficeJet 4.0-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat HP Tunes-->MsiExec.exe /X{C9DC1E02-D0D4-4642-BCF5-20B0E487B6CC} HPIZ402-->MsiExec.exe /X{8D9768AE-DE42-4A04-A461-2361A58C384D} InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8} J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Jewelry Designer Manager Pro-->C:\PROGRA~1\JEWELR~1\UNWISE.EXE C:\PROGRA~1\JEWELR~1\INSTALL.LOG Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Maxthon Browser (remove only)-->C:\Program Files\Maxthon\MaxthonUINST.exe Maxthon2 Browser (remove only)-->C:\Program Files\Maxthon2\MaxthonUINST.exe Metric Converter-->C:\PROGRA~1\METRIC~1\UNWISE.EXE C:\PROGRA~1\METRIC~1\INSTALL.LOG Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft Access 2000 SR-1 Runtime-->C:\Program Files\Microsoft Office\ART\uninstall.exe {004F0409-78E1-11D2-B60F-006097C998E7} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9} Microsoft Plus! Dancer LE-->MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914} Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7} Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8} Microsoft Visual J# .NET Redistributable Package(ENU) v1.0.4205-->msiexec.exe /I {90AD8C11-ED4A-4AE7-BB70-7740C452C999} /l*v "C:\Program Files\Common Files\Microsoft Visual J# .NET Setup\logs\RedistRepairRemove1033.log" Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} muvee autoProducer 3.5 magicMoments - HPD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B103C8A7-D1CC-4B1A-BD41-883F652E097D}\setup.exe" -l0x9 muvee autoProducer unPlugged - HPD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}\setup.exe" -l0x9 NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI OTOY-->RunDll32 C:\WINDOWS\DOWNLO~1\OTOYAX.dll,_RemoveGroove@16 PDF reDirect (remove only)-->C:\Program Files\PDF reDirect\Uninstall.exe Photosmart 320,370,7400,8100,8400 Series-->C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat Questionmark Secure Version 4.2.0.0-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0E2F32F7-1D43-44FA-8CB5-F7F4CA8276CA} QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F} RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe" Sibelius Scorch Plugin 5.2.5.48-->"C:\Program Files\Musicnotes\unins000.exe" Skype 2.5-->"C:\Program Files\Skype\Phone\unins000.exe" Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011} Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19} SPORE
  5. Good morning. I am hoping that you can assist me in ridding my computer of some stubborn Malware (redirecting my google searches). Actions taken so far: manually deleted a couple of program directories that were not familiar (bonjour, playsushi, yontoo layers) cleaned my Registry using Ccleaner downloaded Malware & updated ran Malware, but am continuing to be infected as it appears (from my Tendmicro logs) that the Trojan is making further changes to the Windows Services to negate the Malware changes, as I am geting the same .dll showing on the infected list. ===========Latest Malware Log=============== Malwarebytes' Anti-Malware 1.39 Database version: 2477 Windows 5.1.2600 Service Pack 3 7/22/2009 10:25:14 AM mbam-log-2009-07-22 (10-25-14).txt Scan type: Quick Scan Objects scanned: 102133 Time elapsed: 7 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: \\?\globalroot\systemroot\system32\geyekrsppqxvnb.dll (Trojan.TDSS) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: \\?\globalroot\systemroot\system32\geyekrsppqxvnb.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Delete on reboot. ==========Latest HijackThis Log========== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:12:44 AM, on 7/22/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe C:\Program Files\Maxthon2\Maxthon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wsmv.com/weather/index.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file) O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM') O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Go PlaySushi! - {5CFA5B80-01F4-420F-B18B-545712C8A1C8} - http://www.playsushi.com/About.ps?l=6&t=nB4mpdg73 (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/v/9.1.7.20/applet/aces/aces-en_US.cab O16 - DPF: Addiction by pogo - http://game3.pogo.com/v/9.1.8.9/applet/add...ction-en_US.cab O16 - DPF: Alibaba Slots - http://game3.pogo.com/v/9.1.1.20/applet/al...ibaba-en_US.cab O16 - DPF: Battle Phlinx by pogo - http://game3.pogo.com/v/9.0.1.14/applet/ba...hlinx-en_US.cab O16 - DPF: Bingo Luau by pogo - http://game3.pogo.com/v/9.1.5.8/applet/fre...bingo-en_US.cab O16 - DPF: Blackjack by pogo - http://game3.pogo.com/v/9.0.9.8/applet/bla...kjack-en_US.cab O16 - DPF: Blackjack Carnival by pogo - http://game3.pogo.com/v/9.0.5.4/applet/vbj...jack2-en_US.cab O16 - DPF: Blooop by pogo - http://game3.pogo.com/v/9.1.3.19/applet/ca...scade-en_US.cab O16 - DPF: Bowling by pogo - http://game3.pogo.com/v/9.1.7.20/applet/bo...wling-en_US.cab O16 - DPF: Canasta by pogo - http://game3.pogo.com/v/9.1.8.1/applet/can...nasta-en_US.cab O16 - DPF: Crazy Cakes by pogo - http://game3.pogo.com/v/9.0.7.14/applet/pl...inner-en_US.cab O16 - DPF: Dice City Roller by pogo - http://game3.pogo.com/v/9.0.1.7/applet/ytz/ytz-en_US.cab O16 - DPF: Dominoes v2 by pogo - http://game1.pogo.com/v/8.1.9.1/applet/dom...mino2-en_US.cab O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/v/9.1.3.19/applet/fi...lass2-en_US.cab O16 - DPF: Fortune Bingo by pogo - http://game3.pogo.com/v/9.1.8.1/applet/sup...bingo-en_US.cab O16 - DPF: Golf Solitaire by pogo - http://game3.pogo.com/v/9.1.8.1/applet/gol...taire-en_US.cab O16 - DPF: Greenback Bayou by pogo - http://game3.pogo.com/v/9.1.6.34/applet/gr...nback-en_US.cab O16 - DPF: Hangman Hijinks by pogo - http://game3.pogo.com/v/9.1.8.1/applet/han...ngman-en_US.cab O16 - DPF: Harvest Mania by pogo - http://game3.pogo.com/v/9.1.3.19/applet/ha...rvest-en_US.cab O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/v/8.1.9.1/applet/pool2/pool-en_US.cab O16 - DPF: Hog Heaven Slots by pogo - http://game3.pogo.com/v/9.1.8.1/applet/fancy/fancy-en_US.cab O16 - DPF: Jigsaw Treasure Hunter - http://game3.pogo.com/v/9.1.2.19/applet/jth/jth-en_US.cab O16 - DPF: Jungle Gin by pogo - http://game3.pogo.com/v/9.1.8.1/applet/gin2/gin2-en_US.cab O16 - DPF: KenoPop! by pogo - http://game3.pogo.com/v/9.1.3.19/applet/sp...dkeno-en_US.cab O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-8.0.6.59/mhpo...poker-en_US.cab O16 - DPF: Lottso by pogo - http://game3.pogo.com/v/9.0.5.4/applet/lot...ottso-en_US.cab O16 - DPF: Mah Jong Garden by pogo - http://game3.pogo.com/v/9.1.8.1/applet/mah...jong2-en_US.cab O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.com/v/9.1.8.1/applet/saf...afari-en_US.cab O16 - DPF: Makeover Madness by pogo - http://game3.pogo.com/v/8.1.9.1/applet/shoes/shoes-en_US.cab O16 - DPF: Monopoly by pogo - http://game3.pogo.com/v/9.1.4.9/applet/mon...opoly-en_US.cab O16 - DPF: Pai Gow by pogo - http://game3.pogo.com/v/9.0.7.14/applet/pa...aigow-en_US.cab O16 - DPF: Payday Freecell Solitaire by pogo - http://game3.pogo.com/v/9.1.6.34/applet/fr...cell2-en_US.cab O16 - DPF: Penguin Blocks by pogo - http://game3.pogo.com/v/9.1.7.20/applet/pe...guins-en_US.cab O16 - DPF: Perfect Pair Solitaire by pogo - http://game3.pogo.com/v/9.0.1.7/applet/wat...wheel-en_US.cab O16 - DPF: Phlinx by pogo - http://game3.pogo.com/v/9.1.7.20/applet/fl...inger-en_US.cab O16 - DPF: Pop Fu by pogo - http://game3.pogo.com/v/9.0.6.14/applet/po...popfu-en_US.cab O16 - DPF: PoppaZoppa by pogo - http://game3.pogo.com/v/9.0.7.14/applet/po...zoppa-en_US.cab O16 - DPF: Poppit by pogo - http://game3.pogo.com/v/9.1.8.1/applet/pop...ppit2-en_US.cab O16 - DPF: Pseudoku by pogo - http://game3.pogo.com/v/9.0.1.7/applet/pse...udoku-en_US.cab O16 - DPF: Quick Quack by pogo - http://game3.pogo.com/v/9.0.9.8/applet/hot...treak-en_US.cab O16 - DPF: QWERTY by pogo - http://game1.pogo.com/v/8.1.6.3/applet/squ...uares-en_US.cab O16 - DPF: Scrabble by pogo - http://game3.pogo.com/v/9.1.3.19/applet/sc...abble-en_US.cab O16 - DPF: Showbiz Slots by pogo - http://game3.pogo.com/v/9.1.3.19/applet/sl...owbiz-en_US.cab O16 - DPF: Shuffle Bump by pogo - http://game3.pogo.com/v/8.1.9.1/applet/puck/puck-en_US.cab O16 - DPF: Spades 2 by pogo - http://game3.pogo.com/v/9.1.7.20/applet/sp...ades2-en_US.cab O16 - DPF: Spider Solitaire by pogo - http://game3.pogo.com/v/9.1.7.20/applet/sp...pider-en_US.cab O16 - DPF: Spooky Slots - http://game3.pogo.com/v/9.1.5.14/applet/sp...pooky-en_US.cab O16 - DPF: Squelchies by pogo - http://game3.pogo.com/v/9.0.8.20/applet/sq...chies-en_US.cab O16 - DPF: Stax by pogo - http://game3.pogo.com/v/9.1.8.1/applet/stax/stax-en_US.cab O16 - DPF: Stellar Sweeper by pogo - http://game3.pogo.com/v/9.1.8.1/applet/swe...eeper-en_US.cab O16 - DPF: Super Dominoes by pogo - http://game1.pogo.com/v/8.1.6.3/applet/sup...omino-en_US.cab O16 - DPF: Sweet Tooth 2 by Pogo - http://game3.pogo.com/v/9.1.6.34/applet/sw...ooth2-en_US.cab O16 - DPF: Team Bingo by Pogo - http://game3.pogo.com/v/9.1.3.19/applet/te...bingo-en_US.cab O16 - DPF: Thousand Island Solitaire by pogo - http://game3.pogo.com/v/9.0.9.8/applet/mil...lbrae-en_US.cab O16 - DPF: Tri-Peaks by pogo - http://game3.pogo.com/v/9.1.1.1/applet/peaks/peaks-en_US.cab O16 - DPF: Trivial Pursuit by pogo - http://game3.pogo.com/v/9.1.6.35/applet/tr...ivial-en_US.cab O16 - DPF: Turbo 21 v2 by pogo - http://game3.pogo.com/v/9.1.7.20/applet/tu...rbo22-en_US.cab O16 - DPF: Vaults of Atlantis Slots by pogo - http://game3.pogo.com/v/9.0.1.7/applet/mls...slots-en_US.cab O16 - DPF: Wonderland Memories by pogo - http://game3.pogo.com/v/9.0.8.20/applet/me...ories-en_US.cab O16 - DPF: Word Craft by pogo - http://game3.pogo.com/v/9.1.3.19/applet/ba...abble-en_US.cab O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/v/8.1.8.23/applet/wo...earch-en_US.cab O16 - DPF: Word Whomp by pogo - http://game3.pogo.com/v/9.1.8.1/applet/wor...homp2-en_US.cab O16 - DPF: Word Whomp Whackdown by pogo - http://game3.pogo.com/v/9.1.7.20/applet/wh...kdown-en_US.cab O16 - DPF: WordJong by pogo - http://game3.pogo.com/v/9.0.1.7/applet/wor...djong-en_US.cab O16 - DPF: World Class Solitaire by pogo - http://game3.pogo.com/v/9.0.8.20/applet/wo...class-en_US.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v41/freecell/freecell.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134460630812 O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} (IAMCE Class) - file://E:\win\setup\iamce.dll O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} (GameTap Web Updater) - http://ak.g.gametap.com/static/cab_headles...pWebUpdater.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://clubgames.pogo.com/online2/pogop/in...aploader_v6.cab O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O24 - Desktop Component 0: (no name) - http://mail.google.com/mail/help/images/logo.gif -- End of file - 17410 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.