Solved Google is sending me to other web sites?

[Resolved] Google is sending me to other web sites?

Hi everyone. This is the first computer forum I have ever been on and I have to say my skills rank only as beginner to intermediate. I just started having a
problem with google where it is redirecting me to other web sites. I think it may be adware/spyware. Can I get rid of this myself or do I need to buy something? Thanks.

 

did you even look here?

http://www.windowsbbs.com/malware-virus-removal/announcements.html

 

Sorry wildfire. I didn't know you guys had this set up already. I'll download the program tonight and keep you posted. Thanks again for the help.

 

Nothing to do with me mate, thank others on this board. Apologies for being so curt last night, too much beer

 

OK..I downloaded the progam and ran it heres the info.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:13 PM, on 10/8/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\sxwzidyb\qfohcrkh.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\WINDOWS\System32\EZSP_PX.EXE
C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\RAMASST.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kyle Wagamon\Desktop\RSIT.exe
C:\Program Files\trend micro\Kyle Wagamon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 28
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\EZSP_PX.EXE
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE "
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKLM\..\Policies\Explorer\Run: [h2h8AIh0DQ] C:\Documents and Settings\All Users\Application Data\sxwzidyb\qfohcrkh.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O21 - SSODL: SmartDscCfg - {3D48BB73-7D96-F0DB-5572-055657A897E7} - C:\Program Files\ufiznj\SmartDscCfg.dll
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7755 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AdwareAlert Scheduled Scan.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-09-01 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE84A6AA-A333-4B92-B276-C11E2212E4FE}]
CPrintEnhancer Object - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll [2006-12-15 599472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-28 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-08-29 842268]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-09-01 2403392]
SITEguard

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"00THotkey "=C:\WINDOWS\System32\00THotkey.exe [2003-01-17 253952]
"000StTHK "=C:\WINDOWS\system32\000StTHK.exe [2001-06-23 24576]
"PmProxy "=C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe [2003-02-28 40960]
"LtMoh "=C:\Program Files\ltmoh\Ltmoh.exe [2003-01-22 184320]
"Apoint "=C:\Program Files\Apoint2K\Apoint.exe [2002-12-25 159744]
"TFNF5 "=C:\WINDOWS\system32\TFNF5.exe [2001-08-03 73728]
"TFncKy "=TFncKy.exe /Type 28 []
"TouchED "=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [2003-01-21 126976]
"Tpwrtray "=C:\WINDOWS\system32\TPWRTRAY.EXE [2002-12-10 237568]
"ezShieldProtector for Px "=C:\WINDOWS\System32\EZSP_PX.EXE [2002-08-20 40960]
"Pinger "=c:\toshiba\ivp\ism\pinger.exe [2002-10-17 159744]
"iRiver Updater "=C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe [2004-03-10 204800]
"WG511WLU "=C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe [2003-02-21 188416]
"RealTray "=C:\Program Files\Real\RealPlayer\RealPlay.exe [2003-08-12 26112]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2005-10-06 278528]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2006-02-07 155648]
"OM_Monitor "=C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe [2006-05-16 40960]
"HP Software Update "=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"h2h8AIh0DQ "=C:\Documents and Settings\All Users\Application Data\sxwzidyb\qfohcrkh.exe [2008-09-29 57344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "=C:\Program Files\Messenger\msmsgs.exe [2002-08-20 1511453]
"uoltray "=C:\Program Files\NetZero\exec.exe regrun []
"H/PC Connection Agent "=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2002-01-08 401496]
"OM_Monitor "=C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe [2006-05-16 57344]
"swg "=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-09-28 68856]
"AdwareAlert "=C:\Program Files\AdwareAlert\AdwareAlert.exe [2008-10-03 9093120]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SmartDscCfg - {3D48BB73-7D96-F0DB-5572-055657A897E7} - C:\Program Files\ufiznj\SmartDscCfg.dll [2008-09-29 114688]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - open - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1 "

======List of files/folders created in the last 3 months======

2008-10-08 20:13:58 ----D---- C:\rsit
2008-10-08 20:13:58 ----D---- C:\Program Files\trend micro
2008-10-07 17:17:16 ----D---- C:\Documents and Settings\Kyle Wagamon\Application Data\AdwareAlert
2008-10-07 17:16:58 ----D---- C:\Program Files\AdwareAlert
2008-10-05 16:01:40 ----D---- C:\WINDOWS\pss
2008-10-05 11:54:55 ----D---- C:\Documents and Settings\All Users\Application Data\Arovax
2008-10-05 11:33:30 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-05 11:23:34 ----D---- C:\WINDOWS\SxsCaPendDel
2008-10-04 12:28:22 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-10-04 12:17:12 ----D---- C:\Program Files\Common Files\iS3
2008-10-04 12:17:11 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-10-04 12:09:37 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-10-01 20:35:07 ----D---- C:\WINDOWS\Sun
2008-09-29 05:22:13 ----D---- C:\Documents and Settings\All Users\Application Data\fmzufsto
2008-09-29 05:22:08 ----D---- C:\Program Files\ufiznj
2008-09-29 05:22:03 ----D---- C:\Documents and Settings\All Users\Application Data\sxwzidyb
2008-09-29 05:21:50 ----A---- C:\WINDOWS\System32\~.exe.bak
2008-09-01 15:14:55 ----D---- C:\Documents and Settings\Kyle Wagamon\Application Data\Google
2008-09-01 14:45:05 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-09-01 14:44:59 ----D---- C:\Program Files\Google
2008-09-01 14:44:06 ----A---- C:\WINDOWS\System32\javaws.exe
2008-09-01 14:44:06 ----A---- C:\WINDOWS\System32\javaw.exe
2008-09-01 14:44:06 ----A---- C:\WINDOWS\System32\java.exe

======List of files/folders modified in the last 3 months======

2008-10-08 20:13:58 ----RD---- C:\Program Files
2008-10-08 20:12:06 ----D---- C:\WINDOWS\System32\CatRoot2
2008-10-07 17:17:17 ----SD---- C:\WINDOWS\Tasks
2008-10-07 17:17:00 ----SHD---- C:\WINDOWS\Installer
2008-10-07 17:16:58 ----HD---- C:\Config.Msi
2008-10-07 16:33:49 ----D---- C:\WINDOWS\Temp
2008-10-05 16:59:03 ----A---- C:\WINDOWS\win.ini
2008-10-05 16:58:15 ----D---- C:\WINDOWS\WinSxS
2008-10-05 16:58:03 ----D---- C:\WINDOWS\system32
2008-10-05 16:57:23 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2008-10-05 16:54:38 ----D---- C:\WINDOWS\LastGood
2008-10-05 16:54:25 ----D---- C:\WINDOWS\twain_32
2008-10-05 16:54:13 ----HD---- C:\WINDOWS\inf
2008-10-05 16:52:03 ----D---- C:\WINDOWS\System32\CatRoot
2008-10-05 16:51:29 ----D---- C:\WINDOWS
2008-10-05 16:44:57 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2008-10-05 16:44:52 ----D---- C:\WINDOWS\Debug
2008-10-05 16:43:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-05 16:40:28 ----DC---- C:\WINDOWS\System32\DRVSTORE
2008-10-05 16:38:54 ----D---- C:\WINDOWS\Prefetch
2008-10-05 13:44:58 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-05 13:44:58 ----D---- C:\Program Files\Common Files
2008-10-05 11:23:13 ----D---- C:\WINDOWS\System32\drivers
2008-09-09 04:59:24 ----D---- C:\Documents and Settings\Kyle Wagamon\Application Data\Adobe
2008-09-01 14:44:04 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\System32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2003-01-31 90416]
R2 ASCTRM;ASCTRM; C:\WINDOWS\System32\drivers\ASCTRM.sys [2003-08-12 8552]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2001-08-17 55296]
R2 MDC8021X;WPA Security Protocol (IEEE 802.1x) v2.2.0.0; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2004-01-05 11861]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-01-10 98912]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-02-14 1169792]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2002-12-13 99577]
R3 AR5211;Atheros AR5001 Wireless Network Adapter Service; C:\WINDOWS\System32\DRIVERS\ar5211.sys [2003-07-29 322720]
R3 AWINDIS5;AWINDIS5 Protocol Driver; \??\C:\WINDOWS\System32\AWINDIS5.SYS []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2002-08-28 13184]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-01-28 541376]
R3 tridxp;tridxp; C:\WINDOWS\System32\DRIVERS\tridxpm.sys [2003-04-24 248448]
R3 tsdhd;TOSHIBA SD Card Host Controller Driver; C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2003-02-10 25888]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2003-07-03 25216]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2003-07-03 53120]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2003-07-03 16000]
S2 mrtRate;mrtRate; C:\WINDOWS\System32\drivers\mrtRate.sys []
S3 aliadwdm;ALi Audio Accelerator WDM driver; C:\WINDOWS\system32\drivers\ac97ali.sys [2002-08-28 231552]
S3 ALiIRDA;ALi Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\aliirda.sys [2001-12-18 26112]
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\System32\drivers\CDANT.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2006-12-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2006-12-06 21568]
S3 pciSd;pciSd; C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2003-02-12 15143]
S3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver; C:\WINDOWS\System32\DRIVERS\WG511ICB.sys [2003-02-20 50560]
S3 RIOUNIV;Rio universal USB driver; C:\WINDOWS\System32\Drivers\RIOUNIV.sys [2003-07-02 16128]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\System32\Drivers\Tbiosdrv.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2003-07-03 28160]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [2001-08-17 30208]
S3 wlags48b;Wireless LAN PCCard Driver; C:\WINDOWS\System32\DRIVERS\wlags48b.sys [2002-06-28 156672]
S3 wlluc48;Wireless LAN PC Card Driver; C:\WINDOWS\System32\DRIVERS\wlluc48.sys [2002-08-28 154624]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE [2001-09-10 32256]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\System32\DVDRAMSV.exe [2003-03-13 49152]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2002-08-29 12800]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2002-08-29 12800]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2002-08-29 12800]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-10-09 323584]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2002-08-29 250368]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2002-08-29 12800]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2002-08-29 12800]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-01 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2007-10-30 68096]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

And from the Notepad:

info.txt logfile of random's system information tool 1.04 2008-10-08 20:14:15

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f "C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c "C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll "
Adobe Flash Player 9-->C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
AdwareAlert-->MsiExec.exe /X{96A6803B-0E97-4D76-A6EF-65D99CDEBDB8}
ALi AGP Driver 2.00-->C:\WINDOWS\System32\UnAGP.EXE RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC16B64A-38A7-4D7D-BA2E-671ED441304F}\Setup.exe" -uninst
Alps Pointing-device Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
AT&T Connection Services Manager-->C:\WINDOWS\WNBackup\WnClient62\unwise32.exe /Z /U C:\WINDOWS\WNBackup\WnClient62\install.log "AT&T Connection Services Manager "
Atheros Client Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E46F23-8DFB-4993-895E-80D95FEE6E86}\setup.exe" -l0x9
C-Dilla Licence Management System-->C:\C_DILLA\setup\cdunin16.exe
Command & Conquer Red Alert 2-->C:\Westwood\RA2\Uninstll.EXE
Dermatology Self-Evaluation Program Volume 2-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\DSEP2\Uninst.isu "
Drag'n Drop CD+DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DDC146FA-73E0-4FA1-A353-841EA14BF600}\SETUP.EXE" -l0x9 deleteall
DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\Setup.exe" DVD-RAM Driver
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll "
HijackThis 2.0.2--> "C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet All-In-One Software 8.0-->C:\Program Files\HP\Digital Imaging\{24557DC0-0839-496f-82F9-C4EB72EFE4FA}\setup\hpzscr01.exe -datfile hposcr12.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Smart Web Printing 1.0-->MsiExec.exe /X{E3030F57-9E6B-4E36-95B6-F7B4DBDEB8FB}
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
ImageMixer VCD/DVD2 for OLYMPUS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x9 UNINSTALL
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD 4--> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iPod for Windows 2005-10-12-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
iRiver Manager-->C:\Program Files\iRiver\iRiver Manager\iRiverUninstall.exe
iRiver Updater-->C:\Program Files\iRiver\iRiver Manager\Updater\uninst.exe
iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{13616DE2-9795-4910-8C93-80D45AF09658} /l1033
Java 2 Runtime Environment Standard Edition v1.3.1-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\JavaSoft\JRE\1.3.1\Uninst.isu "
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Dreamweaver MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
MetaFrame Presentation Server Web Client for Win32-->C:\WINDOWS\System32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft ActiveSync 3.5--> "C:\WINDOWS\ISUNINST.EXE" -f "C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c "C:\Program Files\Microsoft ActiveSync\ceuninst.dll "
Microsoft Office 2000 SR-1 Disc 2-->MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Small Business-->MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
Microsoft Office PowerPoint 2003-->MsiExec.exe /I{90180409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Standard for Students and Teachers-->MsiExec.exe /I{913D0409-6000-11D3-8CFE-0050048383C9}
NETGEAR WG511 54 Mbps Wireless PC Card -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B1E5CF8-9170-42A2-A88A-A169FBDD128E}\Setup.exe" -l0x9
NLDTS 4.0-->C:\PROGRA~1\NLDTS4\UNWISE.EXE C:\PROGRA~1\NLDTS4\INSTALL.LOG
Notebook Maximizer-->C:\WINDOWS\iun506.exe C:\Program Files\Notebook Maximizer\irunin.ini
OLYMPUS CAMEDIA Master 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\Setup.exe" CAMEDIA Master 4.03
OLYMPUS Master-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1033 /zUNINSTALL
Pocket PC Connection Wizard-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Microsoft ActiveSync\cmdtwiz.isu "
Quicken 2003 New User Edition-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F61F2821-694C-475F-99AB-6AF2EFDF40FD} anything
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{0B69DA57-BC7D-461D-B7D6-2AA9F08869CD} /l1033
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek Fast Ethernet Adapter Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x9 REMOVE
Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80D95911-28E9-40AC-A6B5-1DA6D9F14B29}\SETUP.EXE" -l0x9
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
SurfHere by Toshiba-->MsiExec.exe /X{A962C8E1-4F0B-4BA9-806E-B8D9A3B31F82}
TOSHIBA Access-->C:\PROGRA~1\TOSHIB~1\UNWISE.EXE C:\PROGRA~1\TOSHIB~1\INSTALL.LOG
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe"
TOSHIBA Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -l0x9
TOSHIBA Controls-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9
Toshiba Hotkey Utility for Display Devices-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
TOSHIBA Power Saver-->TPWRDEL.EXE
Toshiba Registration-->MsiExec.exe /X{F6C405D2-C50D-4D10-B89E-73A233A14D74}
TOSHIBA SD Memory Card Format-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe"
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->C:\TOSHIBA\Ivp\Swupdate\UNWISE.EXE C:\TOSHIBA\Ivp\Swupdate\INSTALL.LOG
Toshiba Tbiosdrv Driver-->C:\PROGRA~1\Toshiba\TOSHIB~1\UNWISE.EXE C:\PROGRA~1\Toshiba\TOSHIB~1\INSTALL.LOG
TOSHIBA TouchPad On/Off Utility V2.05.00-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\TOSHIBA\TouchED\Uninst.isu" -c "C:\Program Files\TOSHIBA\TouchED\tpedinst.dll "
TOSHIBA Utilities-->tutildel.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
Westwood Shared Internet Components-->C:\Westwood\Internet\UnstllAP.EXE
Windows XP Hotfix - KB822603-->C:\WINDOWS\$NtUninstallKB822603$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) [See Q329048 for more information]-->C:\WINDOWS\$NtUninstallQ329048$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) [See q329112 for more information]-->C:\WINDOWS\$NtUninstallq329112$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) [See Q329115 for more information]-->C:\WINDOWS\$NtUninstallQ329115$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) [See Q329390 for more information]-->C:\WINDOWS\$NtUninstallQ329390$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q327979-->C:\WINDOWS\$NtUninstallQ327979$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q329170-->C:\WINDOWS\$NtUninstallQ329170$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) q329623-->C:\WINDOWS\$NtUninstallq329623$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q329834-->C:\WINDOWS\$NtUninstallQ329834$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q810090-->C:\WINDOWS\$NtUninstallQ810090$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q810565-->C:\WINDOWS\$NtUninstallQ810565$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q810577-->C:\WINDOWS\$NtUninstallQ810577$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q810583-->C:\WINDOWS\$NtUninstallQ810583$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q810833-->C:\WINDOWS\$NtUninstallQ810833$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q814033-->C:\WINDOWS\$NtUninstallQ814033$\spuninst\spuninst.exe
Yahoo! Photos Easy Upload Tool-->C:\Program Files\Yahoo!\Common\ydropper_uninst.exe /ylog=C:\PROGRA~1\Yahoo!\Photos\Uploader\install.log
Yahoo! Photos Print-at-Home Tool-->C:\WINDOWS\unins000.exe

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir "=%SystemRoot%
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=15
"PROCESSOR_IDENTIFIER "=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION "=0209
"NUMBER_OF_PROCESSORS "=1
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"CLASSPATH "=C:\Program Files\JavaSoft\JRE\1.3.1\lib\ext\QTJava.zip
"QTJAVA "=C:\Program Files\JavaSoft\JRE\1.3.1\lib\ext\QTJava.zip

 

Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a HJT log and start a new topic.


Hi and welcome

Let's ensure you have the latest version of HJT onboard.


Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close every window that is open later in the fix.



Download Trend Micro Hijack Thisâ„¢ and save to desktop, we will use this later.



We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

**No Validation is required**


**the SP2 setup package will work for SP3**


Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.



Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you <--please save this report, I'll need this in your reply.


You DO NOT need to have the Windows CD to install Recovery Console!
Windows 2000 users will need to install the Recovery Console from their installation CD

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.




NEXT**
Doubleclick the HJTInstall.exe I asked you to download earlier to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and creates a desktop shortcut.

Accept the license agreement by clicking the "I Accept" button.
Click on the "Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click "Save log" to save the log file and then the log will open in Notepad.
Click on Edit-> Select All then click on "Edit -> Copy " to copy the entire contents of the log.



In your next reply please ppost:
Combofix.txt
HJT log taken after the above scan has run

You may need several replies to post the requested logs, otherwise they might get cut off.

 

Hi Juliet....here you go. Hope I got everything you need. And thanks.

Buck

ComboFix 08-10-10.01 - Kyle Wagamon 2008-10-10 16:40:23.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.142 [GMT -4:00]
Running from: C:\Documents and Settings\Kyle Wagamon\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kyle Wagamon\Desktop\winxpsp1_en_hom_bf.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-09-10 to 2008-10-10 )))))))))))))))))))))))))))))))
.

2008-10-08 20:13 . 2008-10-08 20:14 <DIR> d-------- C:\rsit
2008-10-08 20:13 . 2008-10-10 16:09 <DIR> d-------- C:\Program Files\trend micro
2008-10-07 17:17 . 2008-10-07 17:17 <DIR> d-------- C:\Documents and Settings\Kyle Wagamon\Application Data\AdwareAlert
2008-10-05 16:46 . 2008-10-05 16:59 130,971 --a------ C:\WINDOWS\hpoins12.dat
2008-10-05 16:46 . 2007-01-22 12:05 1,470 --------- C:\WINDOWS\hpomdl12.dat
2008-10-05 11:54 . 2008-10-05 11:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Arovax
2008-10-05 11:33 . 2008-10-05 11:52 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-05 11:23 . 2008-10-05 16:44 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-10-04 12:28 . 2008-10-05 11:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-10-04 12:17 . 2008-10-04 12:17 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-10-04 12:17 . 2008-10-05 11:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-10-01 20:35 . 2008-10-01 20:35 <DIR> d-------- C:\WINDOWS\Sun
2008-09-29 05:22 . 2008-09-29 05:22 <DIR> d-------- C:\Program Files\ufiznj
2008-09-29 05:22 . 2008-09-29 05:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sxwzidyb
2008-09-29 05:22 . 2008-09-29 05:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fmzufsto
2008-09-29 05:21 . 2008-09-29 05:21 57,344 --a------ C:\WINDOWS\system32\~.exe.bak
2008-09-27 10:29 . 2008-09-27 10:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-27 10:29 . 2008-09-27 10:29 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 20:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-09-01 20:11 --------- d-----w C:\Program Files\Google
2008-09-01 18:44 --------- d-----w C:\Program Files\Java
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 1511453]
"H/PC Connection Agent "= "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2002-01-08 401496]
"OM_Monitor "= "C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-28 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey "= "C:\WINDOWS\System32\00THotkey.exe" [2003-01-17 13:41 253952]
"PmProxy "= "C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe" [2003-02-28 40960]
"LtMoh "= "C:\Program Files\ltmoh\Ltmoh.exe" [2003-01-22 184320]
"Apoint "= "C:\Program Files\Apoint2K\Apoint.exe" [2002-12-25 159744]
"TouchED "= "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 126976]
"ezShieldProtector for Px "= "C:\WINDOWS\System32\EZSP_PX.EXE" [2002-08-20 40960]
"Pinger "= "c:\toshiba\ivp\ism\pinger.exe" [2002-10-17 159744]
"iRiver Updater "= "C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe" [2004-03-10 204800]
"WG511WLU "= "C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe" [2003-02-21 188416]
"RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [2003-08-12 26112]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-06 278528]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2006-02-07 155648]
"OM_Monitor "= "C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"000StTHK "= "000StTHK.exe" [2001-06-23 23:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"TFNF5 "= "TFNF5.exe" [2001-08-03 C:\WINDOWS\system32\TFNF5.exe]
"Tpwrtray "= "TPWRTRAY.EXE" [2002-12-10 C:\WINDOWS\system32\TPWRTRAY.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"h2h8AIh0DQ "= "C:\Documents and Settings\All Users\Application Data\sxwzidyb\qfohcrkh.exe" [2008-09-29 57344]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2003-08-12 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SmartDscCfg "= {3D48BB73-7D96-F0DB-5572-055657A897E7} - C:\Program Files\ufiznj\SmartDscCfg.dll [2008-09-29 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM "= mobilev.acm
"VIDC.MJPG "= pvmjpg21.dll

R0 ALiAGP;ALi AGP Bus Filter Driver;C:\WINDOWS\System32\DRIVERS\ALiAGP.sys [2002-09-02 26880]
R3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\System32\AWINDIS5.SYS [2002-04-11 16194]
R3 tridxp;tridxp;C:\WINDOWS\System32\DRIVERS\tridxpm.sys [2003-04-24 248448]
S3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\System32\DRIVERS\aliirda.sys [2001-12-18 26112]
S3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;C:\WINDOWS\System32\DRIVERS\WG511ICB.sys [2003-02-20 50560]
S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\System32\Drivers\RIOUNIV.sys [2003-07-02 16128]
S3 wlags48b;Wireless LAN PCCard Driver;C:\WINDOWS\System32\DRIVERS\wlags48b.sys [2002-06-28 156672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-10 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
- C:\Program Files\AdwareAlert\AdwareAlert.exe []

2008-10-10 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
- C:\Program Files\AdwareAlert []

2004-08-05 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 12:04]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.hotmail.com/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm -
O18 -: Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - %~$path:i
O18 -: WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - %~$path:i
O18 -: WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - %~$path:i
O18 -: WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - %~$path:i
O18 -: WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - %~$path:i
O18 -: WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - %~$path:i
O18 -: WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - %~$path:i

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-10 16:42:09
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-10 16:44:17

Pre-Run: 32,725,860,352 bytes free
Post-Run: 32,703,385,600 bytes free

winxpsp1_en_hom_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /fastdetect

137


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:48:01 PM, on 10/10/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Application Data\sxwzidyb\qfohcrkh.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

 

Here's some additional stuff from hijack this....don't know if it all got it the last post. Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:48:01 PM, on 10/10/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Application Data\sxwzidyb\qfohcrkh.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\TOSHIBA\Ivp\netint\netint.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\EZSP_PX.EXE
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE "
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [h2h8AIh0DQ] C:\Documents and Settings\All Users\Application Data\sxwzidyb\qfohcrkh.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O21 - SSODL: SmartDscCfg - {3D48BB73-7D96-F0DB-5572-055657A897E7} - C:\Program Files\ufiznj\SmartDscCfg.dll
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7893 bytes

 

Welcome back


NEXT**
Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.


Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the CODE box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Code:

KillAll::

File:: 
C:\WINDOWS\system32\~.exe.bak

Folder:: 
C:\Documents and Settings\Kyle Wagamon\Application Data\AdwareAlert
C:\Documents and Settings\All Users\Application Data\sxwzidyb
C:\Program Files\ufiznj
C:\Documents and Settings\All Users\Application Data\fmzufsto

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
 "h2h8AIh0DQ "=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
 "SmartDscCfg "=-

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.





NEXT**
Go to Start > Control Panel > Internet Options
In the General tab, Temporary Internet Files, click:Delete Files When prompted, check:Delete all offline content
You can also check: Delete Cookies (You will have to re-enter passwords at websites that require them.)
Click OK

For I.E. 7 - under Browsing History, click delete... Under Temporary Internet Files, click Delete files...

Then, go to Start >Run and enter: cleanmgr
Select the drive to clean: C:\
Check the following boxes and then press OK to remove:
Temporary Files
Temporary Internet Files
RecycleBin
Agree to the prompt to perform the action...


Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
Follow the instructions for the browser you use.
Read the instructions about the cookies. Delete what you do not need.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
The rest are optional - if you want to remove the lot, check "Select All ".
Finally click Empty Selected. When you get the "Done Cleaning " message, click OK.
If you use the Firefox or Opera browsers, you can use this program
as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.



NEXT**
I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


Please do a scan with Kaspersky Online Scanner or from here
http://www.kaspersky.com/virusscanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
[*]The program will install and then begin downloading the latest definition
files.
[*]After the files have been downloaded on the left side of the page in the Scan section select My Computer.
[*]This will start the program and scan your system.
[*]The scan will take a while, so be patient and let it run. (At times it may appear to stall)
* Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
* Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
* Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

[*]Once the scan is complete, click on View scan report To obtain the report:
Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.

Animated tutorial
http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif

(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419


In your next reply post:
ComboFix.txt
Kaspersky log
New HJT log taken after the above scans have run

Also please at this time give an update on how the computer is at the moment.

 

Hi Juliet....sorry it took me awhile...here you go.

ComboFix 08-10-10.01 - Kyle Wagamon 2008-10-12 7:45:10.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.178 [GMT -4:00]
Running from: C:\Documents and Settings\Kyle Wagamon\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kyle Wagamon\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\~.exe.bak
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\fmzufsto
C:\Documents and Settings\All Users\Application Data\sxwzidyb
C:\Documents and Settings\All Users\Application Data\sxwzidyb\qfohcrkh.exe
C:\Documents and Settings\Kyle Wagamon\Application Data\AdwareAlert
C:\Documents and Settings\Kyle Wagamon\Application Data\AdwareAlert\Log\2008 Oct 07 - 05_17_16 PM_833.log
C:\Documents and Settings\Kyle Wagamon\Application Data\AdwareAlert\Log\2008 Oct 09 - 06_46_03 AM_169.log
C:\Documents and Settings\Kyle Wagamon\Application Data\AdwareAlert\Log\2008 Oct 10 - 03_29_11 PM_573.log
C:\Documents and Settings\Kyle Wagamon\Application Data\AdwareAlert\Log\2008 Oct 10 - 03_35_37 PM_383.log
C:\Documents and Settings\Kyle Wagamon\Application Data\AdwareAlert\rs.dat
C:\Documents and Settings\Kyle Wagamon\Application Data\AdwareAlert\Settings\ScanResults.pie
C:\Program Files\ufiznj
C:\Program Files\ufiznj\SmartDscCfg.dll
C:\WINDOWS\system32\~.exe.bak

.
((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 )))))))))))))))))))))))))))))))
.

2008-10-08 20:13 . 2008-10-08 20:14 <DIR> d-------- C:\rsit
2008-10-08 20:13 . 2008-10-10 16:09 <DIR> d-------- C:\Program Files\trend micro
2008-10-05 16:46 . 2008-10-05 16:59 130,971 --a------ C:\WINDOWS\hpoins12.dat
2008-10-05 16:46 . 2007-01-22 12:05 1,470 --------- C:\WINDOWS\hpomdl12.dat
2008-10-05 11:54 . 2008-10-05 11:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Arovax
2008-10-05 11:33 . 2008-10-05 11:52 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-05 11:23 . 2008-10-05 16:44 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-10-04 12:28 . 2008-10-05 11:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-10-04 12:17 . 2008-10-04 12:17 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-10-04 12:17 . 2008-10-05 11:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-10-01 20:35 . 2008-10-01 20:35 <DIR> d-------- C:\WINDOWS\Sun
2008-09-27 10:29 . 2008-09-27 10:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-27 10:29 . 2008-09-27 10:29 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 20:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-09-01 20:11 --------- d-----w C:\Program Files\Google
2008-09-01 18:44 --------- d-----w C:\Program Files\Java
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 1511453]
"H/PC Connection Agent "= "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2002-01-08 401496]
"OM_Monitor "= "C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-28 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey "= "C:\WINDOWS\System32\00THotkey.exe" [2003-01-17 13:41 253952]
"PmProxy "= "C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe" [2003-02-28 40960]
"LtMoh "= "C:\Program Files\ltmoh\Ltmoh.exe" [2003-01-22 184320]
"Apoint "= "C:\Program Files\Apoint2K\Apoint.exe" [2002-12-25 159744]
"TouchED "= "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 126976]
"ezShieldProtector for Px "= "C:\WINDOWS\System32\EZSP_PX.EXE" [2002-08-20 40960]
"Pinger "= "c:\toshiba\ivp\ism\pinger.exe" [2002-10-17 159744]
"iRiver Updater "= "C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe" [2004-03-10 204800]
"WG511WLU "= "C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe" [2003-02-21 188416]
"RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [2003-08-12 26112]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-06 278528]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2006-02-07 155648]
"OM_Monitor "= "C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"000StTHK "= "000StTHK.exe" [2001-06-23 23:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"TFNF5 "= "TFNF5.exe" [2001-08-03 C:\WINDOWS\system32\TFNF5.exe]
"Tpwrtray "= "TPWRTRAY.EXE" [2002-12-10 C:\WINDOWS\system32\TPWRTRAY.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2003-08-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM "= mobilev.acm
"VIDC.MJPG "= pvmjpg21.dll

R0 ALiAGP;ALi AGP Bus Filter Driver;C:\WINDOWS\System32\DRIVERS\ALiAGP.sys [2002-09-02 26880]
R3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\System32\AWINDIS5.SYS [2002-04-11 16194]
R3 tridxp;tridxp;C:\WINDOWS\System32\DRIVERS\tridxpm.sys [2003-04-24 248448]
S3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\System32\DRIVERS\aliirda.sys [2001-12-18 26112]
S3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;C:\WINDOWS\System32\DRIVERS\WG511ICB.sys [2003-02-20 50560]
S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\System32\Drivers\RIOUNIV.sys [2003-07-02 16128]
S3 wlags48b;Wireless LAN PCCard Driver;C:\WINDOWS\System32\DRIVERS\wlags48b.sys [2002-06-28 156672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2008-10-10 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
- C:\Program Files\AdwareAlert\AdwareAlert.exe []

2008-10-10 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
- C:\Program Files\AdwareAlert []

2004-08-05 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 12:04]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 07:48:46
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\urlmon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\drivers\CDANTSRV.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-10-12 7:53:30 - machine was rebooted

Pre-Run: 32,674,471,936 bytes free
Post-Run: 32,669,474,816 bytes free

130

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, October 12, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 1 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, October 12, 2008 12:03:14
Records in database: 1306932
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 49922
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 07:36:44


File name / Threat name / Threats count
C:\Documents and Settings\Kyle Wagamon\Desktop\Dokumente und EinstellungenAll UsersStartmenuProgrammeAutostartoffice.exe Infected: Trojan.Win32.Obfuscated.gx 1

The selected area was scanned.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:39 PM, on 10/12/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\WINDOWS\System32\EZSP_PX.EXE
C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Documents and Settings\Kyle Wagamon\Local Settings\temp\jkos-Kyle Wagamon\binaries\ScanningProcess.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\EZSP_PX.EXE
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE "
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7791 bytes

 

Welcome back

This looks good now, how are things on your end?


Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm



Go to My Computer->Tools->Folder Options->View tab:

• Under the Hidden files and folders heading:
  
• Select - Show hidden files and folders.
  
• Uncheck- Hide protected operating system files (recommended) option.
  
• Also, make sure there is no checkmark beside Hide file extensions for known file types.
  
• Click OK. (Remember to Hide files and folders once done)

Using Windows Explorer (right-click your "Start" button and select "Explore "), please navigate to and delete the following files/folders in bold

C:\Documents and Settings\Kyle Wagamon\Desktop\Dokumente und Einstellungen\All Users\StartmenuProgramme\Autostartoffice.exe <-delete this file
C:\Program Files\AdwareAlert<--delete this folder

Now reboot your machine.


Don't miss or skip this next step, it will remove bad file from quarantine and
Clears System Restore cache and create new Restore point



[*] Click START then RUN
[*] Now type Combofix /u in the runbox and click OK.
Note the space between the x and the /u, it needs to be there.

Please post back and let me know what issues remain.

 

Hi Juliet. I did what you said. However, I had trouble deleting the two files you wanted me to......I found the first one (C:\Documents and Settings\Kyle Wagamon\Desktop\Dokumente und Einstellungen\All Users\StartmenuProgramme\Autostartoffice.exe ) and I tried to delete it but it said it couldn't find it when I clicked delet. The other file I couldn't find at all (C:\Program Files\AdwareAlert<--delete this folder). Otherwise I did everything you said.

 

My mistake, I checked again it's already gone.

Let's try this


Go to My Computer->Tools->Folder Options->View tab:

* Under the Hidden files and folders heading:
* Select - Show hidden files and folders.
* Uncheck- Hide protected operating system files (recommended) option.
* Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK. (Remember to Hide files and folders once done)


Go to Start....Search.....All files and folders...type in the search window Autostartoffice.exe
If you find it try to delete again, if it resist try to drop into safe mode and try again.

 

Hey Juliet....sorry for the delay. I don't know why but my last two posts haven't come up. I emailed the moderater and he just said to try again...so here goes. I did what you said, even in safe mode and still didn't find the file. Does this mean my computer is finally clean! Hope so. If so, I just need one piece of advice. I don't have any virus or spyware protection and I guess I need some. Is there a free service to get this or should I just buy it. If I need to buy it, which one do you think I should get? Thanks a ton. Buck

 

Welcome back

Then we wont worry about it.

Don't miss or skip this next step, it will remove bad files from quarantine.

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

We will take care of this now, free Antivirus and Firewalls are used by many and are very satisfied with the protection provided.

If you feel one doesn't work well with your system then try a different one.

Avira
Here is a tutorial on it's setup and use:
http://www.techsupportforum.com/content/Se...rticles/64.html

Avast!
How to Install, Configure, and Use Avast Antivirus

Never install more than one antivirus scanner or firewall on your system

Free Antivirus With Resident Protection and other related resources.
http://users.telenet.be/bluepatchy/miekiem...irus%20Scanners


The following FREE versions are:
Zone Alarm free:
http://www.zonealarm.com/store/content/cat...ry=US〈=en
PDF documention for Zone Alarm available here:
http://www.zonealarm.com/store/content/sup...a/znalmMain.jsp
If you are going to try Zone Alarm I suggest to just install the basic firewall so the bundled trial Antivirus does not get installed, Also I recommend NOT installing the new optional feature Spy Blocker, as it's run by the questionable search engine Ask.com. You can read more about Ask.com http://www.benedelman.org/spyware/installa...kjeeves-banner/

Comodo free:
http://www.personalfirewall.comodo.com/
Comodo (Uncheck during installation "Install Comodo SafeSurf.. ", Make Comodo my default search provider" and "Make Comodo Search my homepage ")

Sunbelt kerio:
http://www.sunbelt-software.com/Home-Home-...ewall/Download/
PDF documentation for Sunbelt Kerio available here:
http://www.sunbelt-software.com/Home-Home-.../Documentation/

Online Armor Free
http://www.tallemu.com/free-firewall-prote...n-software.html

Jetico free:
http://www.jetico.com/index.htm#/jpfirewall.htm

Note: You must only use 1 (one) Firewall at a time because if you have 2 or more Firewalls running at the same time, they will conflict with each other and make your security less reliable.
If one conflicts with your system, try another.

For a tutorial on Firewalls and a listing of available ones see the link Here



If there are no more issues your good to go, good job!


Below are recommendations to protect your computer.

Please navigate to Microsoft Windows Updates and download all the "Critical Updates " for Windows.



Firefox 2.0
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 2, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

How to prevent Malware: Created by Miekiemoes

Here are some additional utilities that will further enhance your safety.
# http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)


Read this article 'Safe Computing Practices'.
So how did I get infected in the first place.

Secure My Computer: A Layered Approach

Strong passwords: How to create and use them

Slow Computer? Check here first; it may not be malware
http://www.castlecops.com/postitle175256-0-0-.html
Free Antivirus-AntiSpyware-Firewall Software


PC Safety and Security--What Do I Need?
http://www.techsupportforum.com/sec...115548-pc-safety-security-what-do-i-need.html

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
This site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware

 

Hey Juliet. I tried to do the cobofix thing but it says it cant find it now. I looked and its not on my desktop anymore.....I didn't delete it. Any ideas?

 

I searched for Combofix and it is there...is there something I'm doing wrong? Thanks again Juliet...anxious to get this done with....please help!

 

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Don't run the tool...........


Now repeat

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

Let me know if this doesn't work.
We'll just go in and do a manual file deletion.

 

Hey Juliet. So I downloaded Combofix again. I tried to run it from the start menu but it wouldn't. So I double clicked on the combofix icon and it generated a new report in the notepad. Then I went to the start menu and ran combofix like you told me...it just said combofix uninstalled at the end of the run session. The report is below. Did I do everything right? Thanks.

ComboFix 08-10-19.04 - Kyle Wagamon 2008-10-20 17:00:28.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.145 [GMT -4:00]
Running from: C:\Documents and Settings\Kyle Wagamon\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-09-20 to 2008-10-20 )))))))))))))))))))))))))))))))
.

2008-10-12 21:28 . 2008-10-12 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\zwlmjsnm
2008-10-10 16:12 . 2008-10-10 16:12 <DIR> d-------- C:\ERDNT
2008-10-08 20:13 . 2008-10-08 20:14 <DIR> d-------- C:\rsit
2008-10-08 20:13 . 2008-10-10 16:09 <DIR> d-------- C:\Program Files\trend micro
2008-10-05 16:46 . 2008-10-05 16:59 130,971 --a------ C:\WINDOWS\hpoins12.dat
2008-10-05 16:46 . 2007-01-22 12:05 1,470 --------- C:\WINDOWS\hpomdl12.dat
2008-10-05 11:54 . 2008-10-05 11:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Arovax
2008-10-05 11:33 . 2008-10-05 11:52 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-05 11:23 . 2008-10-05 16:44 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-10-04 12:28 . 2008-10-05 11:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-10-04 12:17 . 2008-10-04 12:17 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-10-04 12:17 . 2008-10-05 11:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-10-01 20:35 . 2008-10-01 20:35 <DIR> d-------- C:\WINDOWS\Sun
2008-09-27 10:29 . 2008-09-27 10:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-27 10:29 . 2008-09-27 10:29 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 20:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-09-01 20:11 --------- d-----w C:\Program Files\Google
2008-09-01 18:44 --------- d-----w C:\Program Files\Java
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 1511453]
"H/PC Connection Agent "= "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2002-01-08 401496]
"OM_Monitor "= "C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-28 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey "= "C:\WINDOWS\System32\00THotkey.exe" [2003-01-17 13:41 253952]
"PmProxy "= "C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe" [2003-02-28 40960]
"LtMoh "= "C:\Program Files\ltmoh\Ltmoh.exe" [2003-01-22 184320]
"Apoint "= "C:\Program Files\Apoint2K\Apoint.exe" [2002-12-25 159744]
"TouchED "= "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 126976]
"ezShieldProtector for Px "= "C:\WINDOWS\System32\EZSP_PX.EXE" [2002-08-20 40960]
"Pinger "= "c:\toshiba\ivp\ism\pinger.exe" [2002-10-17 159744]
"iRiver Updater "= "C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe" [2004-03-10 204800]
"WG511WLU "= "C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe" [2003-02-21 188416]
"RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [2003-08-12 26112]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-06 278528]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2006-02-07 155648]
"OM_Monitor "= "C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"000StTHK "= "000StTHK.exe" [2001-06-23 23:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"TFNF5 "= "TFNF5.exe" [2001-08-03 C:\WINDOWS\system32\TFNF5.exe]
"Tpwrtray "= "TPWRTRAY.EXE" [2002-12-10 C:\WINDOWS\system32\TPWRTRAY.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2003-08-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM "= mobilev.acm
"VIDC.MJPG "= pvmjpg21.dll

R0 ALiAGP;ALi AGP Bus Filter Driver;C:\WINDOWS\System32\DRIVERS\ALiAGP.sys [2002-09-02 26880]
R3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\System32\AWINDIS5.SYS [2002-04-11 16194]
R3 tridxp;tridxp;C:\WINDOWS\System32\DRIVERS\tridxpm.sys [2003-04-24 248448]
S3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\System32\DRIVERS\aliirda.sys [2001-12-18 26112]
S3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;C:\WINDOWS\System32\DRIVERS\WG511ICB.sys [2003-02-20 50560]
S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\System32\Drivers\RIOUNIV.sys [2003-07-02 16128]
S3 wlags48b;Wireless LAN PCCard Driver;C:\WINDOWS\System32\DRIVERS\wlags48b.sys [2002-06-28 156672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2008-10-10 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
- C:\Program Files\AdwareAlert\AdwareAlert.exe []

2008-10-10 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
- C:\Program Files\AdwareAlert []

2004-08-05 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 12:04]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Explorer_Run-h2h8AIh0DQ - C:\Documents and Settings\Kyle Wagamon\Desktop\Dokumente und EinstellungenAll UsersStartmenuProgrammeAutostartoffice.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.hotmail.com/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O18 -: WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - %~$path:i
O18 -: WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - %~$path:i
O18 -: WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - %~$path:i
O18 -: WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - %~$path:i
O18 -: WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - %~$path:i
O18 -: WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - %~$path:i

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-20 17:02:34
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-20 17:04:38
ComboFix-quarantined-files.txt 2008-10-20 21:04:21
ComboFix2.txt 2008-10-12 11:53:31

Pre-Run: 33,454,198,784 bytes free
Post-Run: 33,512,112,128 bytes free

121

 

Uninstall is what I was looking for, and yes you did right.


I supplied you with information for free Antivirus in my previous reply, consider downloading and installing one soon.


See if you can locate this folder, if found please delete.

C:\Documents and Settings\All Users\Application Data\zwlmjsnm


Let me know what other issues remain.