Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91984 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

My Log


  • This topic is locked This topic is locked
37 replies to this topic

#16 haunt

haunt

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 18 February 2007 - 05:52 PM

Thank you for all the effort and your time. I just went online and I am still being redirected from sites I click on google to other websites. I'll keep at it.

    Advertisements

Register to Remove


#17 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 18 February 2007 - 05:54 PM

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,vihrmvt.exe

Close ALL windows and browsers except HijackThis and click "Fix checked"


Delete this file:
vihrmvt.exe

Reboot and post a new HJT log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#18 haunt

haunt

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 18 February 2007 - 09:23 PM

I was able to check & fix the
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,vihrmvt.exe
But I couldn't find vihrmvt.exe to delete.
I did a search and did not find it. Do you know how I can find it?

Logfile of HijackThis v1.99.1
Scan saved at 10:18:14 PM, on 2/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Home\Desktop\HijackThis.exe

O1 - Hosts: localhost 127.0.0.1
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\Home\LOCALS~1\Temp\stdrun1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://supportcenter...oad/tgctlsr.cab
O16 - DPF: {010123DF-5E80-11D8-9E86-0007E96C65AE} (SprtCtlBrowse Class) - http://supportcenter...d/sprtctlbr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1171219238547
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

#19 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 18 February 2007 - 09:26 PM

It went away when you fixed the F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,vihrmvt.exe How's it running now?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#20 haunt

haunt

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 18 February 2007 - 09:53 PM

still getting redirected from sites I click on in google searches. always a quick flash in the address bar of "www.sansujo.com..........." then redirected to other sites. Really takes all the fun out of the web!

#21 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 18 February 2007 - 09:58 PM

Run HJT and kill this one:
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\Home\LOCALS~1\Temp\stdrun1.exe


Delete this file if listed:
C:\DOCUMENTS and settings\Home\LOCAL settings\Temp\stdrun1.exe

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.


(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time.


Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#22 haunt

haunt

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 19 February 2007 - 07:47 AM

Good Morning,
I was ablse to find and kill "O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\Home\LOCALS~1\Temp\stdrun1.exe"

Ran the ATF CLeaner & Rebooted. Hijack this log posted below.

I decided to come here today the long way. I did a Google search for TomCoyote then clicked on the link.
I was redirected through that sansujo.com all over the place. Here are a few to give you an idea.

http://216.133.243.2...9600 1171891222

http://216.133.243.2...9800 1171891005

http://216.133.243.2...3600 1171890492

http://redirect.clic...8FOxATM5gTM3ETM

http://redirect.clic...;Terms=insomnia

http://search.live.c...amp;q=tomcoyote

http://search.search...tnR9zVzzdxSUQtN

to name a few NAD finally the log:
Logfile of HijackThis v1.99.1
Scan saved at 8:06:31 AM, on 2/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Home\Desktop\HijackThis.exe

O1 - Hosts: localhost 127.0.0.1
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://supportcenter...oad/tgctlsr.cab
O16 - DPF: {010123DF-5E80-11D8-9E86-0007E96C65AE} (SprtCtlBrowse Class) - http://supportcenter...d/sprtctlbr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1171219238547
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

#23 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 19 February 2007 - 07:57 AM

navigate to C:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad ("Open With" on the right click menu) Copy paste it here and let me have a look.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#24 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 19 February 2007 - 08:38 AM

It appears you have something hidden. Run this scan and it should show up.

For users running Windows 2000, XP or Vista

Download ComboScan to your Desktop.
  • Close all applications and windows.
  • Double-click on comboscan.exe to run it, and follow the prompts.
  • When the scan is complete, a text file will open - ComboScan.txt
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your thread in the HijackThis Log Help Forum.
  • A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
  • Please attach Supplementary.txt to your post.
Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

To attach a file to a new post, simply
  • Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  • copy and paste the following into the "Upload File from your Computer" box:

    C:\ComboScan\Supplementary.txt

  • Click Upload.
What ComboScan will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. ComboScan automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#25 haunt

haunt

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 19 February 2007 - 09:04 AM

wasn't much in C:\windows\system32\drivers\etc\hosts localhost 127.0.0.1 I'll try the Comboscan next

    Advertisements

Register to Remove


#26 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 19 February 2007 - 09:08 AM

OK. The scan should help.

You did do this before, right?

Click Start> Run> type in CMD tap enter key
Copy/Paste: ipconfig /flushdns <-- Note the space between g /f. It needs to be there.


Now lets check some settings on your system.
Enter your Control Panel and double-click on Network Connections

Then right click on your Default Connection
Usually Local Area Connection for Cable and DSL
Left click on Properties
Double-Click on the Internet Protocol (TCP/IP) item
Select the radio dial that says Obtain DNS Servers Automatically
Press OK twice to get out of the properties screen and reboot if it asks

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#27 haunt

haunt

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 19 February 2007 - 09:39 AM

No, this will be the first try with the combo scan. I am going to do it next. Then the start>run>CMD thing

#28 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 19 February 2007 - 09:41 AM

No, this will be the first try with the combo scan. I am going to do it next.
Then the start>run>CMD thing

Sorry, I was referring to the wareout fix we did before.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#29 haunt

haunt

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 19 February 2007 - 11:03 AM

Okay, Here are the comboscan.text and supp.text. I couldn't find the attach buttons. I Just pasted the file below the XXXX's also.

I will do the other now.(Click Start> Run> type in CMD tap enter key)

ComboScan v20070212.14 run by Home on 2007-02-19 at 10:44:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis log (run as Home.com) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:44:52 AM, on 2/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Home\Desktop\comboscan.exe
C:\DOCUME~1\Home\LOCALS~1\Temp\~dqclgvy.tmp\Home.com

O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {01D6DF35-DDE1-4FAF-A3C8-301D7ED0BFD5} - \
O2 - BHO: (no name) - {022C0918-8965-47FF-9663-19E9549244B3} - \
O2 - BHO: (no name) - {04677740-8D24-456B-93A8-9234494F38F7} - \
O2 - BHO: (no name) - {12FDBA36-508D-4DED-9B0F-5EBCB2D50C1F} - \
O2 - BHO: (no name) - {1425CB4C-BE1A-403F-932D-824626F64935} - \
O2 - BHO: 0 - {1A91C860-D382-4BE6-23BE-22E91B490054} - C:\Program Files\Outlook Express\rydimyz.dll (file missing)
O2 - BHO: (no name) - {37D267F2-72B3-4A9B-A32D-60F808A8BE71} - \
O2 - BHO: (no name) - {405AED7B-648B-CD31-D8D6-085EAEA5A579} - C:\WINDOWS\System32\nhvfmpn.dll
O2 - BHO: (no name) - {44216188-77A0-6189-F04B-03A6DA2AE438} - C:\WINDOWS\System32\vbrdhrb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54698A2F-2247-4538-82FC-2B5443D66945} - C:\WINDOWS\system32\drivera.dll (file missing)
O2 - BHO: (no name) - {59CC9B03-6161-449A-9D3D-AA7EEB8E52B9} - \
O2 - BHO: (no name) - {5D8C3ED9-7346-41A1-B478-5F445D8B7394} - \
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\cumuepqb.dll
O2 - BHO: (no name) - {6D1A2FF3-1ADF-4935-A2A7-CA9DCE67D450} - C:\WINDOWS\System32\awtrqrs.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {7F3F9FA9-9B2A-46F7-A3B3-0AC7AABC9AFD} - \
O2 - BHO: (no name) - {80F37839-8643-41E6-9195-6472AD8B14E1} - C:\WINDOWS\System32\mllif.dll
O2 - BHO: (no name) - {8DCA00D6-AFAF-45F9-BB65-ACF5CA9732D7} - \
O2 - BHO: (no name) - {9C2443C9-BA89-4044-9DF2-F4B4D184B59F} - \
O2 - BHO: 0 - {A9FB0FE5-537D-4A4C-CC9F-510370668740} - C:\Program Files\Outlook Express\rydimyz.dll (file missing)
O2 - BHO: (no name) - {C5FC8332-F8D3-4BEF-8C8E-15CD7E7467DF} - \
O2 - BHO: (no name) - {C708E199-1A40-48FC-A90F-16A07FEBA337} - \
O2 - BHO: (no name) - {D3A0E59E-DA6C-4ACD-8147-85AF711B4429} - \
O2 - BHO: (no name) - {D5328ED0-97FF-48FD-9EDA-309A16454E84} - \
O2 - BHO: (no name) - {DD21BA76-CBD6-4B8E-8F8D-9AA2BE59E58F} - \
O2 - BHO: (no name) - {DE1F4F0E-EA2C-45FF-9BEF-FFE9F4DF6EEB} - \
O2 - BHO: (no name) - {DE95B2DC-556A-4A71-8EAB-CC8E49CB3297} - \
O2 - BHO: (no name) - {E50EF314-66B7-4685-A64B-DA72105C34FE} - \
O2 - BHO: (no name) - {E8C0CC66-8438-4236-92CD-3811FC143767} - \
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://supportcenter...oad/tgctlsr.cab
O16 - DPF: {010123DF-5E80-11D8-9E86-0007E96C65AE} (SprtCtlBrowse Class) - http://supportcenter...d/sprtctlbr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1171219238547
O20 - Winlogon Notify: awtrqrs - C:\WINDOWS\SYSTEM32\awtrqrs.dll
O20 - Winlogon Notify: instcat - instcat.dll (file missing)
O20 - Winlogon Notify: mllif - C:\WINDOWS\System32\mllif.dll
O20 - Winlogon Notify: winkei32 - winkei32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe


-- HijackThis Fixed Entries (C:\Documents and Settings\Home\Desktop\backups\) ---

backup-20070218-084435-308 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
backup-20070218-084435-225 O4 - HKLM\..\Run: [sys01203532082] C:\WINDOWS\sys01203532082.exe
backup-20070218-084435-400 O4 - HKLM\..\Run: [sys02035320822] C:\WINDOWS\sys02035320822.exe
backup-20070218-084435-683 O4 - HKLM\..\Run: [oajrwbh.dll] C:\WINDOWS\System32\rundll32.exe "C:\Documents and Settings\Home\Local Settings\Application Data\oajrwbh.dll",wjkmomf
backup-20070218-084435-506 O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvcun.dll,startup
backup-20070218-084435-773 O4 - Startup: .protected
backup-20070218-084435-332 O4 - Global Startup: .protected
backup-20070218-084913-126 O4 - Startup: .protected
backup-20070218-084913-823 O4 - Global Startup: .protected
backup-20070218-215129-588 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,vihrmvt.exe
backup-20070219-074923-918 O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\DOCUME~1\Home\LOCALS~1\Temp\stdrun1.exe


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

1 AVG Anti-Spyware Driver - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1 AvgAsCln (AVG Anti-Spyware Clean Driver) - System32\DRIVERS\AvgAsCln.sys
3 EL90XBC (3Com EtherLink XL 90XB/C Adapter Driver) - System32\DRIVERS\el90xbc5.sys
3 iscFlash - \??\C:\WINDOWS\SYSTEM32\DRIVERS\iscflash.sys
3 ltmodem5 (LT Modem Driver) - System32\DRIVERS\ltmdmnt.sys
3 nv - System32\DRIVERS\nv4_mini.sys
3 nv4 - System32\DRIVERS\nv4.sys
1 prodrv06 (StarForce Protection Environment Driver v6) - \SystemRoot\System32\drivers\prodrv06.sys
0 prohlp02 (StarForce Protection Helper Driver v2) - System32\drivers\prohlp02.sys
0 sfhlp01 (StarForce Protection Helper Driver) - System32\drivers\sfhlp01.sys
3 usbscan (USB Scanner Driver) - System32\DRIVERS\usbscan.sys
3 USBSTOR (USB Mass Storage Driver) - System32\DRIVERS\USBSTOR.SYS
1 vsdatant - System32\vsdatant.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2 AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2 CAISafe - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
3 IDriverT (InstallDriver Table Manager) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
2 LightScribeService (LightScribeService Direct Disc Labeling Service) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3 UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\System32\wdfmgr.exe
2 VETMSGNT (VET Message Service) - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
2 vsmon (TrueVector Internet Monitor) - C:\WINDOWS\system32\ZONELABS\vsmon.exe -service
2 WinDefend (Windows Defender) - "C:\Program Files\Windows Defender\MsMpEng.exe"


-- Scheduled Tasks --------------------------------------------------------------

2007-02-19 10:22:02 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>


-- Files created between 2007-01-19 and 2007-02-19 ------------------------------

2007-02-18 16:31:27 1023570 ---hs---- C:\WINDOWS\system32\fillm.ini2<FILLM~1.INI>
2007-02-18 11:40:15 2630 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-18 09:49:54 0 d--hs---- C:\FOUND.006
2007-02-17 21:43:52 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-02-17 21:28:16 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys<Unsigned: GRISOFT, s.r.o.>
2007-02-17 21:27:59 0 d-------- C:\Program Files\Grisoft
2007-02-17 21:00:10 0 d--hs---- C:\FOUND.005
2007-02-16 19:36:06 76412 --a------ C:\WINDOWS\system32\ypkmvnnx.dll<Unsigned: n/a>
2007-02-16 19:35:39 44165 --a------ C:\WINDOWS\system32\cumuepqb.dll<Unsigned: n/a>
2007-02-16 14:59:26 110592 --a------ C:\TTC.dll<Unsigned: n/a>
2007-02-13 18:22:38 0 d-------- C:\Program Files\Windows Defender<WINDOW~4>
2007-02-13 18:07:02 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-02-13 18:06:47 0 d--h----- C:\WINDOWS\$hf_mig$
2007-02-13 14:33:12 0 d--hs---- C:\FOUND.004
2007-02-12 21:46:59 0 d-------- C:\WINDOWS\peernet
2007-02-12 21:46:54 0 d-------- C:\WINDOWS\provisioning<PROVIS~1>
2007-02-12 21:36:27 0 d-------- C:\WINDOWS\ServicePackFiles<SERVIC~1>
2007-02-12 21:21:59 0 d-------- C:\WINDOWS\system32\ReinstallBackups<REINST~1>
2007-02-12 21:13:54 0 d-------- C:\WINDOWS\EHome
2007-02-12 20:48:16 4274816 -----n--- C:\WINDOWS\system32\nv4_disp.dll<Signed: NVIDIA Corporation>
2007-02-12 20:47:52 1897408 -----n--- C:\WINDOWS\system32\drivers\nv4_mini.sys<Signed: NVIDIA Corporation>
2007-02-12 20:47:51 1888992 -----n--- C:\WINDOWS\system32\ati3duag.dll<Signed: ATI Technologies Inc. >
2007-02-12 20:47:49 1737856 -----n--- C:\WINDOWS\system32\mtxparhd.dll<Signed: Matrox Graphics Inc.>
2007-02-12 20:47:42 1309184 -----n--- C:\WINDOWS\system32\drivers\mtlstrm.sys<Signed: Smart Link>
2007-02-12 20:47:41 1041536 -----n--- C:\WINDOWS\system32\drivers\hsfdpsp2.sys<Signed: Conexant Systems, Inc.>
2007-02-12 20:47:37 870784 -----n--- C:\WINDOWS\system32\ati3d1ag.dll<Signed: ATI Technologies Inc. >
2007-02-12 20:47:34 701440 -----n--- C:\WINDOWS\system32\drivers\ati2mtag.sys<Signed: ATI Technologies Inc.>
2007-02-12 20:47:29 685056 -----n--- C:\WINDOWS\system32\drivers\hsfcxts2.sys<Signed: Conexant Systems, Inc.>
2007-02-12 20:47:19 452736 -----n--- C:\WINDOWS\system32\drivers\mtxparhm.sys<Signed: Matrox Graphics Inc.>
2007-02-12 20:47:19 516768 -----n--- C:\WINDOWS\system32\ativvaxx.dll<Signed: ATI Technologies Inc. >
2007-02-12 20:47:16 397056 -----n--- C:\WINDOWS\system32\s3gnb.dll<Signed: S3 Graphics, Inc.>
2007-02-12 20:47:16 377984 -----n--- C:\WINDOWS\system32\ati2dvaa.dll<Signed: ATI Technologies Inc.>
2007-02-12 20:47:13 327040 -----n--- C:\WINDOWS\system32\drivers\ati2mtaa.sys<Signed: ATI Technologies Inc.>
2007-02-12 20:47:08 404990 -----n--- C:\WINDOWS\system32\drivers\slntamr.sys<Signed: Smart Link>
2007-02-12 20:47:03 270848 -----n--- C:\WINDOWS\system32\sbe.dll<Signed: n/a>
2007-02-12 20:47:02 286792 -----n--- C:\WINDOWS\system32\slextspk.dll<Signed: Smart Link>
2007-02-12 20:46:55 201728 -----n--- C:\WINDOWS\system32\ati2dvag.dll<Signed: ATI Technologies Inc.>
2007-02-12 20:46:54 220032 -----n--- C:\WINDOWS\system32\drivers\hsfbs2s2.sys<Signed: Conexant Systems, Inc.>
2007-02-12 20:46:48 188508 -----n--- C:\WINDOWS\system32\slgen.dll<Signed: Smart Link>
2007-02-12 20:46:48 229376 -----n--- C:\WINDOWS\system32\ati2cqag.dll<Signed: ATI Technologies Inc.>
2007-02-12 20:46:45 186368 -----n--- C:\WINDOWS\system32\encdec.dll<Signed: n/a>
2007-02-12 20:46:41 180360 -----n--- C:\WINDOWS\system32\drivers\ntmtlfax.sys<Signed: Smart Link>
2007-02-12 20:46:39 166912 -----n--- C:\WINDOWS\system32\drivers\s3gnbm.sys<Signed: S3 Graphics, Inc.>
2007-02-12 20:46:36 81920 -----n--- C:\WINDOWS\system32\ieencode.dll<Signed: n/a>
2007-02-12 20:46:34 126686 -----n--- C:\WINDOWS\system32\drivers\mtlmnt5.sys<Signed: Smart Link>
2007-02-12 20:46:33 129535 -----n--- C:\WINDOWS\system32\drivers\slnt7554.sys<Signed: Smart Link>
2007-02-12 20:46:22 95424 -----n--- C:\WINDOWS\system32\drivers\slnthal.sys<Signed: Smart Link>
2007-02-12 20:46:21 104960 -----n--- C:\WINDOWS\system32\drivers\atinrvxx.sys<Signed: ATI Technologies Inc.>
2007-02-12 20:46:11 73832 -----n--- C:\WINDOWS\system32\slcoinst.dll<Signed: Smart Link>
2007-02-12 20:46:09 86016 -----n--- C:\WINDOWS\system32\mdmxsdk.dll<Signed: Conexant>
2007-02-12 20:46:06 73796 -----n--- C:\WINDOWS\system32\slserv.exe<Signed: Smart Link>
2007-02-12 20:46:06 63488 -----n--- C:\WINDOWS\system32\drivers\atinxsxx.sys<Signed: ATI Technologies Inc.>
2007-02-12 20:46:06 73216 -----n--- C:\WINDOWS\system32\drivers\atintuxx.sys<Signed: ATI Technologies Inc.>
2007-02-12 20:46:05 63663 -----n--- C:\WINDOWS\system32\drivers\ati1rvxx.sys<Signed: ATI Technologies Inc.>
2007-02-12 20:46:01 57856 -----n--- C:\WINDOWS\system32\drivers\atinbtxx.sys<Signed: ATI Technologies Inc.>
2007-02-12 20:46:01 56623 -----n--- C:\WINDOWS\system32\drivers\ati1btxx.sys<Signed: ATI Technologies Inc.>
2007-02-12 20:45:58 52224 -----n--- C:\WINDOWS\system32\drivers\atinraxx.sys<Signed: ATI Technologies Inc.>
2007-02-12 20:45:52 36463 -----n--- C:\WINDOWS\system32\drivers\ati1tuxx.sys<Signed: ATI Technologies Inc.>
2007-02-12 20:45:50 34735 -----n--- C:\WINDOWS\system32\drivers\ati1xsxx.sys<Signed: ATI Technologies Inc.>
2007-02-12 20:45:50 32768 -----n--- C:\WINDOWS\system32\ativtmxx.dll<Signed: ATI Technologies Inc.>
2007-02-12 20:45:45 31744 -----n--- C:\WINDOWS\system32\drivers\atinxbxx.sys<Signed: ATI Technologies Inc.>
2007-02-12 20:45:44 29455 -----n--- C:\WINDOWS\system32\drivers\ati1xbxx.sys<Signed: ATI Technologies Inc.>
2007-02-12 20:45:44 30671 -----n--- C:\WINDOWS\system32\drivers\ati1raxx.sys<Signed: ATI Technologies Inc.>
2007-02-12 20:45:41 28672 -----n--- C:\WINDOWS\system32\drivers\atinsnxx.sys<Signed: ATI Technologies Inc.>
2007-02-12 20:45:41 26367 -----n--- C:\WINDOWS\system32\drivers\ati1snxx.sys<Signed: ATI Technologies Inc.>
2007-02-12 20:45:41 43008 -----n--- C:\WINDOWS\system32\drivers\amdagp.sys<Signed: Advanced Micro Devices, Inc.>
2007-02-12 20:45:40 32285 -----n--- C:\WINDOWS\system32\hsfcisp2.dll<Signed: Conexant Systems, Inc.>
2007-02-12 20:45:40 41088 -----n--- C:\WINDOWS\system32\drivers\sisagp.sys<Signed: Silicon Integrated Systems Corporation>
2007-02-12 20:45:33 32866 -----n--- C:\WINDOWS\system32\slrundll.exe<Signed: Smart Link>
2007-02-12 20:45:33 25471 -----n--- C:\WINDOWS\system32\drivers\atv04nt5.dll<Signed: Intel® Corporation>
2007-02-12 20:45:33 32866 -----n--- C:\WINDOWS\slrundll.exe<Signed: Smart Link>
2007-02-12 20:45:32 22271 -----n--- C:\WINDOWS\system32\drivers\watv06nt.sys<Signed: Intel® Corporation>
2007-02-12 20:45:30 25471 -----n--- C:\WINDOWS\system32\drivers\watv10nt.sys<Signed: Intel® Corporation>
2007-02-12 20:45:28 21183 -----n--- C:\WINDOWS\system32\drivers\atv01nt5.dll<Signed: Intel® Corporation>
2007-02-12 20:45:27 13776 -----n--- C:\WINDOWS\system32\drivers\recagent.sys<Signed: Smart Link>
2007-02-12 20:45:26 11868 -----n--- C:\WINDOWS\system32\drivers\mdmxsdk.sys<Signed: Conexant>
2007-02-12 20:45:25 13824 -----n--- C:\WINDOWS\system32\drivers\atinttxx.sys<Signed: ATI Technologies Inc.>
2007-02-12 20:45:25 14336 -----n--- C:\WINDOWS\system32\drivers\atinpdxx.sys<Signed: ATI Technologies Inc.>
2007-02-12 20:45:25 12047 -----n--- C:\WINDOWS\system32\drivers\ati1pdxx.sys<Signed: ATI Technologies Inc.>
2007-02-12 20:45:24 13240 -----n--- C:\WINDOWS\system32\drivers\slwdmsup.sys<Signed: Smart Link>
2007-02-12 20:45:24 15423 -----n--- C:\WINDOWS\system32\drivers\ch7xxnt5.dll<Signed: Intel® Corporation>
2007-02-12 20:45:24 21343 -----n--- C:\WINDOWS\system32\drivers\ati1ttxx.sys<Signed: ATI Technologies Inc.>
2007-02-12 20:45:24 11615 -----n--- C:\WINDOWS\system32\drivers\ati1mdxx.sys<Signed: ATI Technologies Inc.>
2007-02-12 20:45:23 14143 -----n--- C:\WINDOWS\system32\drivers\atv06nt5.dll<Signed: Intel® Corporation>
2007-02-12 20:45:23 13824 -----n--- C:\WINDOWS\system32\drivers\atinmdxx.sys<Signed: ATI Technologies Inc.>
2007-02-12 20:45:22 11935 -----n--- C:\WINDOWS\system32\drivers\wadv11nt.sys<Signed: Intel® Corporation>
2007-02-12 20:45:22 11871 -----n--- C:\WINDOWS\system32\drivers\wadv09nt.sys<Signed: Intel® Corporation>
2007-02-12 20:45:22 11295 -----n--- C:\WINDOWS\system32\drivers\wadv08nt.sys<Signed: Intel® Corporation>
2007-02-12 20:45:22 11807 -----n--- C:\WINDOWS\system32\drivers\wadv07nt.sys<Signed: Intel® Corporation>
2007-02-12 20:45:20 17279 -----n--- C:\WINDOWS\system32\drivers\atv10nt5.dll<Signed: Intel® Corporation>
2007-02-12 20:45:19 11325 -----n--- C:\WINDOWS\system32\drivers\vchnt5.dll<Signed: Intel® Corporation>
2007-02-12 20:45:19 11359 -----n--- C:\WINDOWS\system32\drivers\atv02nt5.dll<Signed: Intel® Corporation>
2007-02-12 20:45:07 3901 -----n--- C:\WINDOWS\system32\drivers\siint5.dll<Signed: Intel® Corporation>
2007-02-12 20:45:07 4255 -----n--- C:\WINDOWS\system32\drivers\adv01nt5.dll<Signed: Intel® Corporation>
2007-02-12 20:45:06 3775 -----n--- C:\WINDOWS\system32\drivers\adv11nt5.dll<Signed: Intel® Corporation>
2007-02-12 20:45:06 3711 -----n--- C:\WINDOWS\system32\drivers\adv09nt5.dll<Signed: Intel® Corporation>
2007-02-12 20:45:06 3647 -----n--- C:\WINDOWS\system32\drivers\adv07nt5.dll<Signed: Intel® Corporation>
2007-02-12 20:45:06 3615 -----n--- C:\WINDOWS\system32\drivers\adv05nt5.dll<Signed: Intel® Corporation>
2007-02-12 20:45:06 3967 -----n--- C:\WINDOWS\system32\drivers\adv02nt5.dll<Signed: Intel® Corporation>
2007-02-12 20:45:05 3135 -----n--- C:\WINDOWS\system32\drivers\adv08nt5.dll<Signed: Intel® Corporation>
2007-02-12 20:44:30 4569 -----n--- C:\WINDOWS\system32\secupd.dat
2007-02-11 16:10:53 44165 --a------ C:\WINDOWS\system32\mkacgjxn.dll<Unsigned: n/a>
2007-02-11 16:10:35 76412 --a------ C:\WINDOWS\system32\tdghugph.dll<Unsigned: n/a>
2007-02-11 11:26:55 0 d-------- C:\Program Files\AdwareAlert<ADWARE~1>
2007-02-09 18:37:41 0 d-------- C:\Documents and Settings\David\Application Data\Lavasoft
2007-02-09 18:35:58 0 d---s---- C:\Documents and Settings\David\UserData
2007-02-09 18:24:35 0 d-------- C:\WINDOWS\Prefetch
2007-02-09 18:08:43 0 d-------- C:\Program Files\Online Services<ONLINE~1>
2007-02-09 18:06:06 66591 --a------ C:\WINDOWS\system32\drivers\el90xbc5.sys<Signed: 3Com Corporation>
2007-02-09 18:02:32 24661 --a------ C:\WINDOWS\system32\spxcoins.dll<Signed: Perle Systems Ltd.>
2007-02-09 17:47:35 0 d-------- C:\WINDOWS\setupupd
2007-02-09 17:47:17 76412 --a------ C:\WINDOWS\system32\gpfirrea.dll<Unsigned: n/a>
2007-02-09 17:44:07 44165 --a------ C:\WINDOWS\system32\nldiqvuu.dll<Unsigned: n/a>
2007-02-08 20:33:21 76412 --a------ C:\WINDOWS\system32\llqhdgkg.dll<Unsigned: n/a>
2007-02-08 19:18:46 72192 --a------ C:\WINDOWS\system32\nhvfmpn.dll<Unsigned: n/a>
2007-02-08 19:18:42 95744 --a------ C:\WINDOWS\system32\oajrwbh.dll<Unsigned: n/a>
2007-02-08 19:18:28 22647 ---hs---- C:\WINDOWS\system32\rqrpqpn.dll<Unsigned: n/a>
2007-02-07 21:49:52 0 d-------- C:\WINDOWS\setup.pss
2007-02-07 20:28:45 71168 --a------ C:\WINDOWS\system32\vbrdhrb.dll<Unsigned: n/a>
2007-02-07 20:28:45 57856 --a------ C:\WINDOWS\system32\ebysjkm.dll<Unsigned: n/a>
2007-02-07 20:28:38 22796 ---hs---- C:\WINDOWS\system32\vturonl.dll<Unsigned: n/a>
2007-02-07 20:28:38 95232 --a------ C:\WINDOWS\system32\bmgncde.dll<Unsigned: n/a>
2007-02-07 17:50:07 0 d-------- C:\Documents and Settings\Home\Application Data\Lavasoft
2007-02-07 17:49:10 0 d-------- C:\Program Files\Lavasoft
2007-02-06 18:24:19 3 --a------ C:\WINDOWS\unq32.dat
2007-02-06 18:15:40 0 d--hs---- C:\FOUND.003
2007-02-06 15:57:42 0 d-------- C:\Documents and Settings\David\Application Data\Real
2007-02-06 15:45:48 0 d--hs---- C:\FOUND.002
2007-02-06 15:34:27 76412 --a------ C:\WINDOWS\system32\wgjcvmrm.dll<Unsigned: n/a>
2007-02-06 15:34:08 44165 --a------ C:\WINDOWS\system32\oplcghot.dll<Unsigned: n/a>
2007-02-06 15:33:54 974741 ---hs---- C:\WINDOWS\system32\fillm.bak2<FILLM~2.BAK>
2007-02-06 02:45:13 0 d-------- C:\Program Files\Common Files\{0D2252B8-01BF-1033-0422-991230980001}<{0D225~1>
2007-02-05 23:47:48 277124 ---hs---- C:\WINDOWS\system32\mllif.dll<Unsigned: n/a>
2007-02-05 23:43:21 95744 --a------ C:\WINDOWS\system32\drivera.exe<Unsigned: n/a>
2007-02-05 23:42:02 22587 -----n--- C:\WINDOWS\system32\awtrqrs.dll<Unsigned: n/a>
2007-02-05 23:40:49 95744 --a------ C:\WINDOWS\system32\monterreya_sc.exe<MONTER~1.EXE><Unsigned: n/a>
2007-02-05 22:53:52 58880 --a------ C:\WINDOWS\system32\itgydwj.dll<Unsigned: n/a>
2007-02-05 22:52:49 12 --a------ C:\WINDOWS\system32\dlh9jkd1q8.exe<DLH9JK~1.EXE><Unsigned: n/a>
2007-02-05 22:52:34 93736 --a------ C:\WINDOWS\TTC.exe<Unsigned: n/a>
2007-02-05 22:52:25 96768 --a------ C:\WINDOWS\system32\grbqcdl.dll<Unsigned: n/a>
2007-02-05 22:50:49 8464 --a------ C:\WINDOWS\system32\sporder.dll<Unsigned: Microsoft Corporation>


-- Find3M Report ----------------------------------------------------------------

2007-02-09 18:10:32 22748 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2006-12-31 22:13:54 0 d-------- C:\Program Files\eBay
2006-12-31 22:13:28 0 d-------- C:\Program Files\SAT
2006-12-14 20:48:22 680 --a------ C:\WINDOWS\AUTOLNCH.REG


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"RoboForm"="\"C:\\Program Files\\Siber Systems\\AI RoboForm\\RoboTaskBarIcon.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"QOELOADER"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust Anti-Spam\\QSP-2.1.215.5\\QOELoader.exe\""
"CaAvTray"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVRID.exe\""
"Zone Labs Client"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Firewall\\ca.exe\""
"IMJPMIG8.1"="C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load]
"forwas"=hex:15,26,db,fb,69
"pstincl"=hex:36,7f,29,75,60,78,57,42,7b,21,17,0e,ab,c5,ab,86,69,4f,7f,08,f3,\
da,8b,64,2e,05,9f,ac,63,2c,f6,fa,75,32,ed,ad,2b,29,c5,83,2f,fd,81,02,e0,9a,\
37,d6,72,05,ff,44,f5,8b,07,b9,21,df,50,a2,7d,e6,6a,e4,79,ba,66,e8,7e,f2,1f,\
d2,30,b0,0a,9c,fc,12,a5,05,6d,c8,2a,d2,e2,56,8b,e5,7b,90,c0,34,79,a7,ed,32,\
74,b3,e5,3d,7f,ab,9f
"uincl"=hex:9f,81,ea,0e,78,6d,50,41,33,6b,4b,56,ba,92,ac,95,74,51,37,53,bf,96,\
8d,73,21,1f,cf,f7,72,28,f6,a2,6c,20,fd,ba,3e,3a,cb,df,35,fa,cb,13,bf,85,2b,\
c6,69,0f,a9,4c,fd,9b,01,a3,6e,d5,4b,a2,78,fd,70,f1,73,bb,2b,a6,79,fb,45,df,\
2b,ff,05,97,f2,5c,b7,08,6e,c4,37,9a,be,5a,8b,fc,6f,db,8b,35,7f,ae,eb,2f,73,\
a4,f6,3f,7c,bc,d0,4a,28,65,90,c9,e3,53,6b,0e,6f,8d,a6,9b,be,17,05,25,29,5e,\
4a,7c,64,27,67,6e,6d,3a,6c,7d,64,69,57,0b,6f,7e,09,00,be,c0,a2,cf,63,4e,29,\
46,ba,96,82,7e,32,1c,d7,b5,7f,2e,ed,af,2e,20,f7,b9,2b,31,d0,85,30,ab,cb,16,\
ba,d3,76,93,32,53,ff,41,e4,8d,14,eb,6f,9e,0e,a3,22,b9,3c,b3,3b


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6D1A2FF3-1ADF-4935-A2A7-CA9DCE67D450}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft Windows Installer"="C:\\WINDOWS\\TEMP\\stdrun1.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Microsoft Windows Installer"="C:\\WINDOWS\\TEMP\\stdrun1.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost.exe"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtrqrs
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\instcat
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllif
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkei32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- End of ComboScan: finished at 2007-02-19 at 11:11:25 -------------------------

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

ComboScan v20070212.14 run by Home on 2007-02-19 at 10:44:03
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 383.54 MiB / 133.66 MiB
Pagefile Memory (total/avail): 923.09 MiB / 713.36 MiB
Virtual Memory (total/avail): 2047.88 MiB / 2000.09 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 6.32 GiB total, 0.43 GiB free.
D: is CDROM (No Media)


-- Security Center --------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: eTrust EZ Firewall v5.1.039.004 (Computer Associates, Inc.)
AV: eTrust EZ Antivirus v7.0.6.7 (Computer Associates)


-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Home\Application Data
CLASSPATH=C:\PROGRA~1\PHOTOD~1.1\ADOBEC~1
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BOB-X09C85ETVIL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Home
LOGONSERVER=\\BOB-X09C85ETVIL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;;C:\PROGRA~1\NETWOR~1\MCAFEE~1
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 7 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0703
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Home\LOCALS~1\Temp
TMP=C:\DOCUME~1\Home\LOCALS~1\Temp
USERDOMAIN=BOB-X09C85ETVIL
USERNAME=Home
USERPROFILE=C:\Documents and Settings\Home
windir=C:\WINDOWS


-- User Profiles ----------------------------------------------------------------

Home (admin)
David (admin)
Administrator (admin)


-- Add/Remove Programs ----------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
AI RoboForm --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
eTrust EZ Armor --> C:\Program Files\CA\eTrust EZ Armor\uninst.exe
HijackThis 1.99.1 --> C:\DOCUME~1\Home\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe /uninstall
Macromedia Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Microsoft Office 2000 Small Business --> MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}


-- End of ComboScan: finished at 2007-02-19 at 11:11:25 -------------------------

#30 haunt

haunt

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 19 February 2007 - 11:14 AM

Here's what I got from the ipconfig /flushdns XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Microsoft Windows XP [Version 5.1.2600] © Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\Home>ipconfig /flushdns Windows IP Configuration Could not flush the DNS Resolver Cache: Function failed during execution. C:\Documents and Settings\Home> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX I do not recall doing the wareout

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users