# One computer will not connect to the Internet, all others do. I've tried everything!



## AlexEatsWaffles (Mar 18, 2010)

I have what I believe is a very unusual problem. There are several devices in my house with working Internet: One computer, a laptop, and an Xbox. A different computer, running on Windows XP and using a Linksys WMP54G Wireless-G PCI adapter to connect to the Actiontec MI424-WR will not receive Internet. 

That computer was working perfectly fine yesterday, until I restarted it. After a restart, I could not get on the Internet. The Linksys monitor says "Connected to access point, but the Internet cannot be found". It shows great connection (90-100%) and every other computer in my house has working Internet. I have tried tech support, system restore, flushdns, winsock resets, plugging the computer into the router using an ethernet cable, and pretty much anything else I could think of. 

I can ping every IP address in my house except for 192.168.1.3 (the faulty computer). I can also ping the IP of websites, but not the actual name of the website. For example, I can ping 206.wha.te.ver (verizon.net's IP) but I cannot ping verizon.net. I'm not sure, but I think the cause of my issue may have been because of some Windows Updates, which I think I did a few days ago.

Also, in Network Connections there is an icon under the heading "Internet Gateway" labeled Internet Connection. It says Disabled and when I try to enable it, a window pops up saying Connecting... and then Connected before closing. The icon still says Disabled even after this.

Any help at all is GREATLY appreciated!


----------



## etaf (Oct 2, 2003)

> I can ping every IP address in my house except for 192.168.1.3 (the faulty computer). I can also ping the IP of websites, but not the actual name of the website. For example, I can ping 206.wha.te.ver (verizon.net's IP) but I cannot ping verizon.net. I'm not sure, but I think the cause of my issue may have been because of some Windows Updates, which I think I did a few days ago.


That sounds like a DNS issue 
It my be a firewall is blocking access on that PC - 
have you disabled the firewall?
What is the firewall you have ?
If you have norton,mcafee etc and a subscription has run out that could be the issue and you may need to use the removal tool to get rid of the software to connect

you will need to copy the results from below into notepad and copy onto a working PC to post here
also install and copy and post an image of the screen

*------------------------------------------------------------------------*
*{ipconfig /all}*
If you cannot access the internet with this PC, then you will need to paste the results into something like notepad and then copy onto a machine that can access the internet and post results here
We would like to see the results from ipconfig /all post back the results here
-> Start 
-> _(XP - enter the following in the RUN box)_
*cmd /k ipconfig /all*
-> _(Vista or Windows 7 - enter the following in the Search box)_
*cmd /k ipconfig /all*

A black box will appear on the screen - 
rightclick in the box
select all
enter
control key + C key - to copy

then reply here and 
control key + V to paste
*------------------------------------------------------------------------*
If you cannot access the internet with this PC, then you will need to paste the results into something like notepad and then copy onto a machine that can access the internet and post results here
*{Ping Tests}*

Start> Run {search bar in Vista}> CMD to open a DOS window and type:

Type the following command
*Ping google.com*
Post back the results
rightclick in the box
select all
enter
control key + C key - to copy
then reply here and 
control key + V to paste

Type the following command 
*Ping* {plus the number thats shown against the default gateway shown in above ipconfig /all}
Post back the results
rightclick in the box
select all
enter
control key + C key - to copy
then reply here and 
control key + V to paste

Type the following command
*Ping 209.191.93.53*
post back results
rightclick in the box
select all
enter
control key + C key - to copy
then reply here and 
control key + V to paste
*------------------------------------------------------------------------*
*Download and install*
If you cannot access the internet with this PC, then you will need to copy the program across to the faulty PC

http://www.xirrus.com/library/wifitools.php
Then run the program 
if you get an error - You need NET Framework installed for the WiFi Inspector to function.

post a screen shot of the program running - if there are a lot of networks showing can you click on "networks" top lefthand area - so we can see all the network information, and also post which network "Adapter Name" (1st column) is yours on the list

To post a screen shot of the active window, hold the Alt key and press the PrtScn key. Open the Windows PAINT application and Paste the screen shot. You can then use PAINT to trim to suit, and save it as a JPG format file. 
To upload it to the forum, open the full reply window and use the Manage Attachments button to upload it here.
*------------------------------------------------------------------------*


----------



## AlexEatsWaffles (Mar 18, 2010)

First of all, I don't have a flash drive or anything I can transfer a notepad file with. I've tried turning the firewall off and on, and I don't have McAfee or Norton.
ipconfig /all shows nothing out of the ordinary as far as I can tell. Is there anything I should be looking for?

I pinged that IP address and got replies for all 4 pings, between 40 and 50 ms. However, pinging google.com did not work.


----------



## JohnWill (Oct 19, 2002)

AlexEatsWaffles said:


> ipconfig /all shows nothing out of the ordinary as far as I can tell. Is there anything I should be looking for?


I think the key here is "as far as I can tell". The whole point of getting this information is we may well spot the problem where you're not seeing it. It's pretty hard to give you a complete course in networking and all the issues that can be indicated, it's much easier to see the data and analyze it.


----------



## AlexEatsWaffles (Mar 18, 2010)

Primary DNS Suffix
Node Type: Unknown
IP Routing enabled :No
WINS Proxy Enabled: No
DNS Suffix Search list: home

Wireless Connection
Connection-specific DNS Suffix: home
Description: Linksys Wireless-G PCI Adapter
Physical address: 00-12-XX-XX-XX-XX
DHCP: Yes
Autoconfiguration enabled: Yes
IP address: 192.168.1.3
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1
DHCP Server: 192.168.1.1
DNS servers: 192.168.1.1
Lease obtained 19 March 2010 03:00:00 PM
Lease expires 20 March 2010 03:00:00 PM

That's not copy and pasted, but that's what shows up when I do ipconfig /all. Does anyone know why I would be able to ping google's IP address but not the name of the website? Also, why "internet connection" under "Internet gateway" in network connections won't enable even after it says connected? Those seem to be the only two things that might indicate the actual problem, unless there's something in ipconfig /all that I didn't notice.

Again, all help is appreciated.


----------



## etaf (Oct 2, 2003)

> Does anyone know why I would be able to ping google's IP address but not the name of the website?


yes, because the DNS is not working correctly

in the CMD black window 
start
run or search window type CMD
a black window appears same as the one for ipconfig

now type
ipconfig /flushdns

I expect the DNS is otherwise working as other pcs are OK


----------



## AlexEatsWaffles (Mar 18, 2010)

I think I mentioned trying /flushdns in my original post. Anyway, I tried it again and I still couldn't ping google.com.


----------



## AlexEatsWaffles (Mar 18, 2010)

Are there any more ideas for this or am I basically screwed?


----------



## etaf (Oct 2, 2003)

lets try some public DNS IP addresses and see if that works on the PC
Google supply a public DNS and also configuration instructions
http://code.google.com/speed/public-dns/

Put the two address into the PC

Then if that works all OK - we can try an work out why it wont use your ISP dns and whats blocking

You may have already answered, but bare withus
what firewall you do you have installed or have you had installed - it may be worth uninstalling with a removal tool


----------



## AlexEatsWaffles (Mar 18, 2010)

Ok, I tried the Google DNS and followed all the instructions without results. I went to 18.62.1.6 (the address from the Google configuration instructions) and it gave me a link to the MIT website, which I was redirected to after 15 seconds. As usual, that came up with "This page cannot be found". In short, using the Google DNS was no different than using my regular one. Also, I'm sure you already knew this but when I disable the Wireless Internet Connection under Network Connections, the icon "Internet Connection" under Internet Gateway disappears. I don't recall ever seeing the heading Internet Gateway until the day my Internet stopped working.

The only firewall I'm using is the Windows firewall. I've tried turning it off, but that doesn't help. I haven't downloaded any other firewalls or anything recently.


----------



## etaf (Oct 2, 2003)

thats what I get by using the IP 18.62.1.6


> Are you looking for the MIT EECS Web site?
> 
> It is http://www.eecs.mit.edu. Please change your bookmark accordingly.
> 
> If your browser is suitably equipped, you will be redirected there in 15 seconds.


why not use one of the working PC to view the site and then configure the non-working PC
can you post ipconfig /all from non-working PC again

maybe its a virus or malware on the PC 
download HJT - see my signature for link to program , copy onto faulty PC - and post the HJT log


----------



## AlexEatsWaffles (Mar 18, 2010)

The non-working PC is the one I configured and went to that site with. ipconfig /all from that PC says the same thing as it did before. If I can get a flash drive I'll post the HJT log, but for now I can't copy anything from that computer and paste it on this one. Virus/malware is definately a possibility, I've had some huge problems with them in the past but nothing completely cut off my Internet access.


----------



## etaf (Oct 2, 2003)

I think a HJT log when you can - can you write a CD to copy ? as I'm out of ideas now ..


----------



## AlexEatsWaffles (Mar 18, 2010)

Nope, my CD drive is busted on that computer. I'll get a flash drive ASAP and post the HJT log.


----------



## AlexEatsWaffles (Mar 18, 2010)

Here's the HijackThis log.
Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 02:42:47 PM, on 20/03/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe E:\Programs n stuff\TrendMicro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing) O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKCU\..\Run: [aviwsGlade] rundll32.exe "C:\Documents and Settings\Alex\Local Settings\Application Data\aviwsGlade\aviwsGlade.dll", DllInit O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Fred\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://nycmail1.safehorizon.org/iNotes.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264786483734 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264786457921 O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- End of file - 7256 bytes


----------



## AlexEatsWaffles (Mar 18, 2010)

oh boy, that didn't turn out too well.

Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 02:42:47 PM, on 20/03/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe E:\Programs n stuff\TrendMicro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com 
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll 
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll 
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll 
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll 
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll 
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll 
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll 
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing) 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime 
O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe" 
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe 
O4 - HKCU\..\Run: [aviwsGlade] rundll32.exe "C:\Documents and Settings\Alex\Local Settings\Application Data\aviwsGlade\aviwsGlade.dll", DllInit 
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html 
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage 
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll 
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Fred\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll 
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab 
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://nycmail1.safehorizon.org/iNotes.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab 
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab 
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab 
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab 
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264786483734 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab 
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264786457921 O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab 
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe 
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe 
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE 
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- End of file - 7256 bytes


----------



## AlexEatsWaffles (Mar 18, 2010)

So whose decision is it to move my thread to this forum? Do we even know that it's malware or a virus yet?


----------



## etaf (Oct 2, 2003)

i moved the thread as HJT logs are decoded in the malware forum ONLY by gurus with a gold shield - if you want it moved back to networking - we can do that - click on report button on each post and ask to be moved back to networking, one of the moderators will move back - , NOTE its unlikely your log will be viewed and actioned in the networking forum


----------



## AlexEatsWaffles (Mar 18, 2010)

Ok, sorry if I came off sounding rude.


----------



## AlexEatsWaffles (Mar 18, 2010)

I'm just gonna bump this because I'd REALLY like some help here! Can anyone at least analyze my Hijack This post?


----------



## AlexEatsWaffles (Mar 18, 2010)

Thanks everyone, I really appreciate the feedback that I'm being given here. I'd rather have someone tell me I'm screwed than not say anything.


----------



## shinybeast (Sep 29, 2008)

Hello AlexEatsWaffles,

The HijackThis log does show infection. Let's see if we can get to the bottom of it and clean it up.

My handle is shinybeast and I will be assisting you in the removal of malware your computer may have.

*Please follow these guidelines as we work to clean your computer.*


*Read* through the instructions before you perform them and if you have questions please *ask* before you perform them. Please do not guess. I will be happy to clarify or explain.
Perform all instructions *in the order given*.
*Stick with the process until I give you an "all clean."* If the symptoms are gone, it does not necessarily mean your computer is safe and secure.
*Do not run any other tools to remove malware while we are working.*
If your security software throws up warnings about some of these tools, please allow these tools to run.
Any instructions given are for your computer only and should *NOT* be used on any other computer.

*Be aware* that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

*Because of this, I advise you to backup any personal files and folders before we start.*

Please generate and post a *new* HijackThis log if you still need help. I am assuming you can download and transfer tools to the afflicted computer. Please let me know if this is not so.


----------



## AlexEatsWaffles (Mar 18, 2010)

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 04:54:46 PM, on 04/04/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
E:\Programs n stuff\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [aviwsGlade] rundll32.exe "C:\Documents and Settings\Alex\Local Settings\Application Data\aviwsGlade\aviwsGlade.dll", DllInit
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264786483734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264786457921
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07AEC661-474C-46BF-9087-D38A7FF8DB05}: NameServer = 4.2.2.2,4.2.2.3
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 4963 bytes


----------



## shinybeast (Sep 29, 2008)

Hello AlexEatsWaffles,

*HijackThis*


Start HijackThis and select *Do a system scan only.*
Place a check next to the lines listed below. 
_NOTE: Some entries may no longer exist because of the previous actions._

*O4 - HKCU\..\Run: [aviwsGlade] rundll32.exe "C:\Documents and Settings\Alex\Local Settings\Application Data\aviwsGlade\aviwsGlade.dll", DllInit*


After placing a check next to the above lines, *close all windows except for HijackThis*.
Click *Fix checked*, then click *Yes* to confirm.
Close HijackThis, then *reboot the computer*.

*Scan with RSIT*


*Click here* to download *Random's System Information Tool* by *random/random* and save it to your desktop.
Double-click *RSIT.exe* to run the tool
Click *Continue* at the disclaimer screen.
Once it finishes, two logs will open...
*log.txt* will be opened maximized
*info.txt* will be opened minimized

Please post the contents of *both* logs in your next post.

*NOTE*: If the logs are too long to post, break them up or attach as necessary.


----------



## AlexEatsWaffles (Mar 18, 2010)

Here's the log.txt file, thanks a ton for helping!
Logfile of random's system information tool 1.06 (written by random/random) Run by Alex at 2010-04-05 18:43:49 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 997 MB (3%) free of 29 GB Total RAM: 510 MB (51% free) HijackThis download failed ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{145B29F4-A56B-4b90-BBAC-45784EBEBBB7}] StumbleUpon Launcher - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll [2009-06-03 1262920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}] PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-10-08 395216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - E:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-31 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-31 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim] C:\Program Files\AIM\aim.exe [2009-10-05 3634024] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] C:\Program Files\DNA\btdna.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2009-01-19 1150976] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-10 115816] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2009-01-09 114688] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.2] C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe /R [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2005-11-15 1200128] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe [2005-10-19 126976] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] C:\WINDOWS\System32\igfxtray.exe [2005-10-19 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] E:\iTunes\iTunesHelper.exe [2010-01-22 141608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75] C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe [2005-08-18 749568] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2002-07-16 28672] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck] C:\Program Files\Norton Internet Security\osCheck.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\prunnet] C:\WINDOWS\system32\prunnet.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2009-11-11 417792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rloigrpfcufmwin] C:\WINDOWS\System32\regsvr32.exe [2008-04-13 11776] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\settdebugx.exe] C:\DOCUME~1\Alex\LOCALS~1\Temp\settdebugx.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smss32.exe] C:\WINDOWS\system32\smss32.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-31 149280] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouOfflineForMeh.exe] C:\Documents and Settings\Alex\Application Data\Microsoft\YouOfflineForMeh.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Alex^Start Menu^Programs^Startup^GigaTribe.lnk] C:\Program Files\GigaTribe\gigatribe.exe -system:startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Alex^Start Menu^Programs^Startup^LimeWire On Startup.lnk] C:\PROGRA~1\LimeWire\LimeWire.exe -startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Alex^Start Menu^Programs^Startup^Screen Saver Control.lnk] C:\WINDOWS\FSScrCtl.exe [2008-11-16 249344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2005-09-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.2.lnk] C:\PROGRA~1\EFAXME~1.2\J2GTray.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] C:\PROGRA~1\MICROS~4\Office\OSA9.EXE [1999-02-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ZuneWlanCfgSvc"=3 "ZuneNetworkSvc"=3 "ZuneBusEnum"=2 "Apple Mobile Device"=2 "ALG"=3 "Alerter"=2 "SeaPort"=2 "LiveUpdate Notice Service"=2 "LiveUpdate Notice Ex"=2 "ISPwdSvc"=3 "ccSetMgr"=2 "ccEvtMgr"=3 "Bonjour Service"=2 "Viewpoint Manager Service"=2 "Dnscache"=2 "LexBceS"=2 "WMPNetworkSvc"=3 "SymAppCore"=2 "StumbleUponUpdateService"=3 "SQLAgent$SONY_MEDIAMGR"=3 "ose"=3 "odserv"=3 "MSSQL$SONY_MEDIAMGR"=3 "idsvc"=3 "IDriverT"=3 "FLEXnet Licensing Service"=3 "CurtainsSysSvc"=2 "comHost"=3 "Browser Defender Update Service"=2 "sdCoreService"=2 "sdAuxService"=2 "iPod Service"=3 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19 348160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableStatusMessages"=0 "EnableLUA"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=149 "NoActiveDesktopChanges"=0 "NoSetActiveDesktop"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoActiveDesktopChanges"= "NoSetActiveDesktop"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE" "C:\Program Files\Dell Wireless 2350 Control Utility\ControlUtility.exe"="C:\Program Files\Dell Wireless 2350 Control Utility\ControlUtility.exe:*:Enabledell Wireless 2350 Broadband Router Control Utility" "D:\Setup.exe"="D:\Setup.exe:*:Enabledell Wireless 2350 Broadband Router Setup Wizard" "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader" "C:\Program Files\Common Files\AOL\1157588186\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1157588186\ee\aolsoftware.exe:*:Enabled:AOL Services" "C:\Program Files\Common Files\AOL\1157588186\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1157588186\ee\aim6.exe:*:Enabled:AIM" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:EnabledNA" "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "E:\AIM6\aim6.exe"="E:\AIM6\aim6.exe:*:Enabled:AIM" "C:\Documents and Settings\Alex\Desktop\mflpro\Data\Disk1\setup.exe"="C:\Documents and Settings\Alex\Desktop\mflpro\Data\Disk1\setup.exe:*:Enabled:Setup.exe" "C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AIM" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "E:\iTunes\iTunes.exe"="E:\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Trillian\trillian.exe"="C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2db0efb6-bc2c-11de-b86a-0012179188ec}] shell\AutoRun\command - G:\YouOfflineForMeh.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f6d2c39-402c-11df-b8c0-0012179188ec}] shell\AutoRun\command - YouOfflineForMeh.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0ba47ad-d095-11dd-b81a-0012179188ec}] shell\AutoRun\command - G:\YouOfflineForMeh.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efe2187d-d626-11dd-b81e-0012179188ec}] shell\AutoRun\command - D:\YouOfflineForMeh.exe ======List of files/folders created in the last 1 months====== 2010-04-05 18:41:45 ----D---- C:\Program Files\trend micro 2010-03-28 09:47:17 ----A---- C:\WINDOWS\resetlog.txt 2010-03-18 15:52:51 ----D---- C:\WINDOWS\Prefetch 2010-03-15 17:18:20 ----D---- C:\Program Files\TADemo 2010-03-15 16:58:53 ----DC---- C:\CAVEDOG 2010-03-15 16:10:32 ----D---- C:\Documents and Settings\Alex\Application Data\WarZone 2010-03-15 16:10:22 ----D---- C:\Program Files\WarZone(2) 2010-03-13 19:59:28 ----D---- C:\Program Files\Opera 2010-03-13 19:59:28 ----D---- C:\Program Files\Mozilla Firefox 2010-03-13 19:58:54 ----D---- C:\Program Files\Common Files\DivX Shared 2010-03-13 19:58:51 ----D---- C:\Program Files\DivX 2010-03-13 12:03:21 ----D---- C:\Program Files\Messenger 2010-03-13 12:02:22 ----D---- C:\WINDOWS\system32\scripting 2010-03-13 12:02:15 ----D---- C:\WINDOWS\l2schemas 2010-03-13 12:02:14 ----D---- C:\WINDOWS\system32\en 2010-03-13 12:02:14 ----D---- C:\Program Files\msn 2010-03-13 04:02:00 ----D---- C:\WINDOWS\ie8updates 2010-03-12 16:25:33 ----HDC---- C:\WINDOWS\ie8 2010-03-11 04:08:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$ 2010-03-07 15:30:01 ----D---- C:\Documents and Settings\Alex\Application Data\REAPER 2010-03-07 15:27:46 ----D---- C:\Program Files\REAPER ======List of files/folders modified in the last 1 months====== 2010-04-05 18:41:45 ----AD---- C:\Program Files 2010-04-05 18:40:06 ----D---- C:\WINDOWS\Temp 2010-04-05 18:39:00 ----D---- C:\WINDOWS\system32\CatRoot2 2010-04-05 18:33:51 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-04-05 16:31:44 ----D---- C:\Documents and Settings\Alex\Application Data\Adobe 2010-04-05 15:51:50 ----D---- C:\Documents and Settings\Alex\Application Data\Audacity 2010-04-04 17:13:16 ----D---- C:\Documents and Settings\Alex\Application Data\vlc 2010-04-01 17:45:34 ----AD---- C:\WINDOWS\system32 2010-04-01 17:31:13 ----D---- C:\Documents and Settings\Alex\Application Data\BitTorrent 2010-03-28 10:04:31 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-03-28 09:56:56 ----D---- C:\Program Files\Trillian 2010-03-28 09:47:17 ----D---- C:\WINDOWS 2010-03-18 17:48:15 ----HD---- C:\WINDOWS\inf 2010-03-18 17:20:36 ----D---- C:\WINDOWS\system32\CatRoot 2010-03-18 17:13:37 ----D---- C:\WINDOWS\system32\wbem 2010-03-18 17:13:36 ----RSD---- C:\WINDOWS\Fonts 2010-03-18 17:13:36 ----D---- C:\WINDOWS\AppPatch 2010-03-18 17:12:09 ----D---- C:\WINDOWS\system32\config 2010-03-18 17:10:24 ----D---- C:\WINDOWS\Registration 2010-03-18 17:08:38 ----D---- C:\WINDOWS\EHome 2010-03-18 17:08:37 ----D---- C:\WINDOWS\system32\ReinstallBackups 2010-03-18 17:08:05 ----D---- C:\WINDOWS\system32\Setup 2010-03-18 17:07:19 ----D---- C:\WINDOWS\WinSxS 2010-03-18 16:49:55 ----SHD---- C:\WINDOWS\Installer 2010-03-18 16:49:55 ----DC---- C:\Config.Msi 2010-03-18 16:35:23 ----D---- C:\Documents and Settings\Alex\Application Data\StumbleUpon 2010-03-18 16:32:25 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2010-03-18 15:50:39 ----D---- C:\WINDOWS\security 2010-03-18 14:50:51 ----SD---- C:\WINDOWS\Tasks 2010-03-18 07:09:00 ----D---- C:\WINDOWS\system32\CatRoot_bak 2010-03-18 07:05:26 ----D---- C:\WINDOWS\system32\drivers 2010-03-15 17:11:35 ----D---- C:\WINDOWS\system 2010-03-14 12:35:21 ----A---- C:\WINDOWS\win.ini 2010-03-14 04:02:30 ----HD---- C:\WINDOWS\$hf_mig$ 2010-03-13 19:58:54 ----D---- C:\Program Files\Common Files 2010-03-13 12:06:43 ----A---- C:\WINDOWS\imsins.BAK 2010-03-13 12:03:20 ----DC---- C:\WINDOWS\system32\dllcache 2010-03-13 12:03:14 ----D---- C:\WINDOWS\network diagnostic 2010-03-13 12:03:13 ----D---- C:\WINDOWS\ime 2010-03-13 12:03:12 ----D---- C:\WINDOWS\Help 2010-03-13 12:02:26 ----D---- C:\WINDOWS\system32\en-US 2010-03-13 12:02:25 ----D---- C:\WINDOWS\system32\usmt 2010-03-13 12:02:17 ----D---- C:\Program Files\Internet Explorer 2010-03-13 12:02:13 ----D---- C:\WINDOWS\system32\bits 2010-03-13 12:02:13 ----D---- C:\WINDOWS\peernet 2010-03-13 12:02:12 ----D---- C:\Program Files\Movie Maker 2010-03-13 11:57:28 ----D---- C:\WINDOWS\system32\Restore 2010-03-13 11:57:27 ----D---- C:\WINDOWS\system32\npp 2010-03-13 11:57:25 ----D---- C:\WINDOWS\msagent 2010-03-13 11:57:23 ----D---- C:\WINDOWS\srchasst 2010-03-13 11:57:21 ----D---- C:\Program Files\NetMeeting 2010-03-13 11:57:20 ----D---- C:\WINDOWS\system32\Com 2010-03-13 11:57:16 ----D---- C:\Program Files\Windows Media Player 2010-03-13 11:57:15 ----D---- C:\Program Files\Outlook Express 2010-03-13 11:57:08 ----D---- C:\Program Files\Common Files\System 2010-03-13 11:56:47 ----D---- C:\WINDOWS\system32\oobe 2010-03-13 00:34:05 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2010-03-13 00:33:38 ----RSD---- C:\WINDOWS\assembly 2010-03-13 00:31:41 ----D---- C:\Program Files\Common Files\Microsoft Shared 2010-03-13 00:31:07 ----D---- C:\Program Files\Microsoft Office 2010-03-13 00:30:09 ----D---- C:\WINDOWS\ShellNew 2010-03-12 16:27:20 ----D---- C:\WINDOWS\WBEM 2010-03-12 16:27:06 ----D---- C:\WINDOWS\Media ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [] R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632] R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-01-09 191544] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-03 12032] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-10-24 20747] R2 CAMTHWDM;WebcamMax, WDM Video Capture; C:\WINDOWS\system32\DRIVERS\CAMTHWDM.sys [2008-03-11 941784] R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2005-12-23 8413] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-04 11868] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R2 usbhub;DSC Composite USB Device; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-09-12 40832] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816] R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-01-15 42368] R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295] R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS [] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2002-10-09 1175536] R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2002-10-09 170499] R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998] R3 RT2500;Linksys Wireless-G PCI Adapter Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2005-10-20 243328] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-12-19 539008] R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2002-10-09 604240] S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [] S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [] S2 Ca536av;DV 5900(Video); C:\WINDOWS\System32\Drivers\Ca536av.sys [2003-09-05 514859] S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-01-14 108736] S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-01-14 78272] S3 agq87rcx;agq87rcx; C:\WINDOWS\system32\drivers\agq87rcx.sys [] S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552] S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552] S3 Bulk503;Chameleon Mega Digital Camera; C:\WINDOWS\System32\Drivers\Bulk503.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [] S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 ISO503;Chameleon Mega Video Camera; C:\WINDOWS\System32\Drivers\ISO503.SYS [] S3 kbeepm;kbeepm; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\kbeepm.sys [] S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\D:\ppp\PCANDIS5.SYS [] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 STV680;USB Dual-mode Camera; C:\WINDOWS\system32\drivers\STV680.sys [2002-02-11 119536] S3 STV680m;USB Dual-mode Cameram; C:\WINDOWS\system32\drivers\STV680m.sys [2002-02-11 9024] S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-01-09 12984] S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-01-09 145976] S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-01-09 40120] S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-01-09 35256] S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-01-09 27576] S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 USBCamera;DV 5900(Still); C:\WINDOWS\System32\Drivers\Bulk536.sys [2003-05-14 11048] S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-09-28 109056] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-31 153376] R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-04 311296] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S2 WMP54Gv4SVC;WMP54Gv4SVC; C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe [2004-02-06 41025] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576] S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] S4 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-10-08 112592] S4 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648] S4 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648] S4 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-01-12 49248] S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-03 655624] S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S4 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton Internet Security\isPwdSvc.exe [] S4 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648] S4 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048] S4 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR [] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [] S4 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [] S4 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR [] S4 StumbleUponUpdateService;StumbleUponUpdateService; C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe [2009-06-03 120168] S4 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2007-01-05 47712] S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [] S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S4 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2008-11-10 60032] S4 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-11-10 5117568] S4 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-11-10 243840] -----------------EOF-----------------


----------



## AlexEatsWaffles (Mar 18, 2010)

I'm not going to post the info.txt file yet. I'm not sure if it's possible to analyze the log.txt file I just posted because the formatting appears to be screwed up. Any idea how I could fix the formatting on that? Or is it okay like that and should I post the info.txt file even though the formatting isn't right?


----------



## shinybeast (Sep 29, 2008)

It would be nice to deal with the formatting. Did the log open in Notepad or some other program?

Was it formatted correctly when it opened after the scan?

Are you transferring the file to another computer to post?


----------



## shinybeast (Sep 29, 2008)

Hello AlexEatsWaffles,

I waded through the log. Let's try the following.

Please ensure you have drive D: and G: connected to the afflicted computer if they are removable.

Before you attempt the following, download ERUNT, OTM and the attached OTMFix.txt file and transfer to the *DESKTOP* of the afflicted computer.

*Backup Registry With ERUNT*

Modifying the Windows Registry can occasionally create problems, so it is imperative we back it up first.


Please download *ERUNT* (Emergency Recovery Utility NT) by Lars Hederer from one of the links below and save it to a convenient location
*Link 1* | *Link 2*
Double-click the file *erunt-setup.exe* that you downloaded to start the install
After the language selection, click *Next* three times to choose the *default* location, folder name and start menu folder.
You may choose to uncheck the desktop icons at the *Select Additional Options* window.
IMPORTANT: After clicking Install, you will get a popup asking if you want to run ERUNT at each startup. Click *No* (Once we are finished, you may choose to enable this option).
Keep the option to run ERUNT checked and click *Finish*
Click OK at the Welcome dialog box
Ensure the *System Registry* and *Current User Registry* boxes are *checked* and click OK to backup the registry to the default location and filename. You will be asked if you want to create the folder, click *Yes*
A window should appear that says "Registry backup is complete!." Click *OK* in that window.

*NOTE:* If the "registry optimization tool" NTREGOPT is installed with ERUNT, do *NOT*, for any reason, run NTREGOPT.

*IMPORTANT: If you do not complete ERUNT backup successfully, do not continue further and post back to let me know.*

*Download and run OTM*

*Click here* to download *OTM by Old Timer* and save it to your Desktop.


Double-click *OTM.exe* to run it.
Drag and drop *OTMFix.txt* into the white area under "Paste Instructions for Items to be Moved" (under the yellow line)
Check that the formatting is the same as the below text. If not, make it so.

```
:Services
kbeepm
agq87rcx

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2db0efb6-bc2c-11de-b86a-0012179188ec}] 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f6d2c39-402c-11df-b8c0-0012179188ec}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0ba47ad-d095-11dd-b81a-0012179188ec}] 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efe2187d-d626-11dd-b81e-0012179188ec}]

:Files
C:\YouOfflineForMeh.exe
D:\YouOfflineForMeh.exe
G:\YouOfflineForMeh.exe

:Commands
[emptytemp]
```

Click the *MoveIt!* button
*OTM may ask to reboot the machine. Please do so if asked.*
A log should open in notepad. Paste the contents of the log in your next reply.
If the log does not open, find the log as described below
Start Notepad (Start > All Programs > Accessories > Notepad)
In Notepad, click *File*, then click *Open*
In the *File Name:* box, type **.log* then press Enter
Navigate to *C:\_OTM\MovedFiles* and locate the newest log and open it (they are named as {date}_{time}.log)
Copy the contents of the log and paste it in your next reply.


Test connection then post the OTM log and the RSIT info.txt in your next reply (whether the formatting is correct or not).


----------



## AlexEatsWaffles (Mar 18, 2010)

Here's info.txt, but the formatting on this one is probably gonna turn out bad too :/ I'll post the OTM logs as soon as possible.

info.txt logfile of random's system information tool 1.06 2009-03-30 15:30:54 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8} Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0} Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191} Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02} Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4} Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F} Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100} Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D} Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF} Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67} Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A} Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353} Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24} Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD} Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1 Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494} Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623} Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002} Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA} Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7} Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23} Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230} Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF} Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739} AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4} AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4} Advertisement Service-->C:\WINDOWS\system32\prunnet.exe Uninstall AIM 6-->C:\Program Files\AIM6\uninst.exe AIM MusicLink 4.0.0.0-->C:\PROGRA~1\AIMMUS~1\UNWISE.EXE C:\PROGRA~1\AIMMUS~1\INSTALL.LOG All Sound Recorder XP 2.10-->"C:\Program Files\All Sound Recorder XP 210\unins000.exe" AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B} Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886} Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe Audacity 1.3.6 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe" AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA} Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Conexant SmartHSFi V92 56K DF PCI Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2702\HXFSETUP.EXE -U -IDel8d8xk.INF Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D} Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe" Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76} Dell Photo Printer 720-->C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE -dDell Photo Printer 720 Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe" DellConnect-->MsiExec.exe /X{18525F55-9B32-4D49-BF03-D53B17A49D97} Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\system32\OggDSuninst.exe" Dora Lost City-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{747C231B-062D-4586-8221-8E7870987D5B}\setup.exe" -l0x9 -uninst DV 5900-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C589DCD8-CA7F-4966-9648-EE41CEA52E8C}\Setup.exe" EasyChange Powered by TrueSwitch-->C:\Program Files\TrueSwitchComcast\TrueWizard.exe -uninstall eFax Messenger 4.2-->C:\Program Files\eFax Messenger 4.2\Uninstall.exe Eusing Free Registry Cleaner-->C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG Faces Of Eddie Screen Saver-->sstunst2.exe Faces Of Eddie facesofedie-->MsiExec.exe /X{C5EFC23E-DDE1-4BED-9631-F86CAD530720} FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe Form Fill (Windows Live Toolbar)-->MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF} GTK+ Runtime 2.14.7 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe HijackThis 2.0.2-->"C:\DOCUME~1\Alex\LOCALS~1\Temp\Rar$EX00.406\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB909394)-->"C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe" Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe" Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe" Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe" Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe" IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562 iPod for Windows User Guide-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B9987754-9A14-4B61-ABB3-73A79503238D} /l1033 iPod System Software Updater 2.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B02B8E30-EB28-49B0-A60F-696268BAE033} /l1033 iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8} J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020} kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243} Last.fm 1.5.2.38918-->"C:\Program Files\Last.fm\unins000.exe" Lexmark Skin: Kids-->C:\PROGRA~1\LEXMAR~2\Skin8\UNWISE.EXE C:\PROGRA~1\LEXMAR~2\Skin8\INSTALL.LOG Lexmark X74-X75-->C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBBUN5C.EXE -dLexmark X74-X75 LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe" Linksys Wireless-G PCI Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}\setup.exe" -l0x9 LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8} Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c} Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log MagicImage 400-->C:\WINDOWS\restart.exe /U D:\Camera\Disk1\INSTALL.LOG Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA} metallica_theme-->MsiExec.exe /X{F0C22E43-84FD-4079-9159-10322595753F} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall. msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst. exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst .exe" Microsoft Office 2000 Small Business-->MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9} Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Small Business 2007 Trial-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall SMALLBUSINESSR /dll OSETUP.DLL Microsoft Office Small Business 2007-->MsiExec.exe /X{91120000-00CA-0000-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft User-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWudf01007$\spuninst\spuninst.exe" Microsoft VC9 runtime libraries-->MsiExec.exe /I{797EE0CA-8165-405C-B5CE-F11EC20F1BB0} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918} Microsoft WinUsb 1.0-->"C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spuninst.exe" Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9} Microsoft Works Suite 2006 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP D:\ Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F} Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1} Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69} MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0-->MsiExec.exe /I{428102E6-8A39-48B9-8389-847F5A44A600} MSXML 4.0-->MsiExec.exe /I{54BB0384-1C33-488F-A95B-877E480D3EDC} MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96} Musicnotes Player V1.23.2 and Viewer-->"C:\Program Files\Musicnotes\Player\unins000.exe" Norton AntiVirus-->MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0} Norton Confidential Browser Component-->MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164} Norton Confidential Web Protection Component-->MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A} Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F- 41f3-87C5-2B5A031F2B3B}.exe" /X Norton Internet Security-->MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B} Norton Internet Security-->MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B} Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555} Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43} Norton Protection Center-->MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8} OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7} Opera 9.63-->MsiExec.exe /X{2C0CD17D-0B06-4700-83FA-7344B868B0A2} Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9} Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8} Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe Popup Blocker (Windows Live Toolbar)-->MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8} PPC Booster-->"C:\Program Files\ppcbooster\ppcbu_32.exe" QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F} Rhapsody Player Engine-->MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe" Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe" Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe" Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe" Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe" Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe" Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe" Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe" Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe" Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe" Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe" Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe" Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe" Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe" Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe" Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe" Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe" Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe" Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe" Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe" Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe" Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe" Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe" Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe" Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log SideStep-->regsvr32 /u /s "C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll" Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D} Smart WAV Converter-->"C:\Program Files\Smart WAV Converter\unins000.exe" SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56} Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" StarCraft-->C:\Program Files\Common Files\Blizzard Entertainment\StarCraft\Uninstall.exe StumbleUpon IE Toolbar-->C:\Program Files\StumbleUpon\uninstall.exe Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434} Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A} SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2} Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe" Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe" Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe" Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe" Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe" Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u Visual Basic 6 Runtime-->C:\PROGRA~1\VB6RUN~1\UNWISE.EXE C:\PROGRA~1\VB6RUN~1\INSTALL.LOG Visual C++ 8.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E} VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe WebcamMax-->"C:\Program Files\WebcamMax\uninst.exe" Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66} Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Live Outlook Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE} Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7} Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D} Windows Live Toolbar Feed Detector (Windows Live Toolbar)-->MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26} Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe" Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Hotfix - KB826939-->C:\WINDOWS\$NtUninstallKB826939$\spuninst\spuninst.exe Windows XP Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe" Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe" Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe" Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF} Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3} Zune-->c:\Program Files\Zune\ZuneSetup.exe /x Zune-->MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2} =====HijackThis Backups===== O4 - HKLM\..\Run: [381b53b4] rundll32.exe "C:\WINDOWS\system32\xnhoflmf.dll",b [2009-03-29] O2 - BHO: Adparatus - {8B2C7C9D-716D-4e9e-9358-B9C80A81B7ED} - C:\Program Files\Adparatus\Adparatus.dll (file missing) [2009-03-29] O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user') [2009-03-29] O2 - BHO: (no name) - {1970E8FC-8A0C-4135-A87B-DB97297EE129} - (no file) [2009-03-29] O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM') [2009-03-29] O2 - BHO: (no name) - {b020d44c-72be-4a55-9645-9f18cbc69c56} - (no file) [2009-03-29] O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) [2009-03-29] O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE') [2009-03-29] O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE') [2009-03-29] O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\System32\shdocvw.dll [2009-03-29] O2 - BHO: (no name) - {AD9500BB-C9FE-4FF4-B364-2688F91B3A93} - (no file) [2009-03-29] O3 - Toolbar: Duhiki - {20001E7A-823D-4E19-ADE2-D6AB53C7C81E} - C:\Program Files\Duhiki\DuhikiToolbar\Duhiki.dll (file missing) [2009-03-29] O15 - Trusted Zone: *.gomyhit.com (HKLM) [2009-03-29] O15 - Trusted Zone: *.gomyhit.com [2009-03-29] O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.sidestep.com/get/k00721/sb02a.cab [2009-03-29] O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB [2009-03-29] O15 - Trusted Zone: *.antimalwareguard.com (HKLM) [2009-03-29] O15 - Trusted Zone: *.antimalwareguard.com [2009-03-29] O20 - Winlogon Notify: iifecbCV - iifecbCV.dll (file missing) [2009-03-29] ======Hosts File====== 127.0.0.1	www.007guard.com 127.0.0.1	007guard.com 127.0.0.1	008i.com 127.0.0.1	www.008k.com 127.0.0.1	008k.com 127.0.0.1	www.00hq.com 127.0.0.1	00hq.com 127.0.0.1	010402.com 127.0.0.1	www.032439.com 127.0.0.1	032439.com ======Security center information====== AV: Norton Internet Security (outdated) FW: Norton Internet Security ======System event log====== Computer Name: DELL-TCVGRDIH9Z Event Code: 10005 Message: DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Record Number: 111849 Source Name: DCOM Time Written: 20090311182400.000000-300 Event Type: error User: NT AUTHORITY\SYSTEM Computer Name: DELL-TCVGRDIH9Z Event Code: 10005 Message: DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Record Number: 111845 Source Name: DCOM Time Written: 20090311172400.000000-300 Event Type: error User: NT AUTHORITY\SYSTEM Computer Name: DELL-TCVGRDIH9Z Event Code: 4226 Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Record Number: 111844 Source Name: Tcpip Time Written: 20090311171358.000000-300 Event Type: warning User: Computer Name: DELL-TCVGRDIH9Z Event Code: 10005 Message: DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Record Number: 111840 Source Name: DCOM Time Written: 20090311162400.000000-300 Event Type: error User: NT AUTHORITY\SYSTEM Computer Name: DELL-TCVGRDIH9Z Event Code: 10005 Message: DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Record Number: 111836 Source Name: DCOM Time Written: 20090311152401.000000-300 Event Type: error User: NT AUTHORITY\SYSTEM =====Application event log===== Computer Name: DELL-TCVGRDIH9Z Event Code: 1000 Message: Faulting application iexplore.exe, version 7.0.5730.11, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Record Number: 9306 Source Name: Application Error Time Written: 20090318153704.000000-240 Event Type: error User: Computer Name: DELL-TCVGRDIH9Z Event Code: 1000 Message: Faulting application iexplore.exe, version 7.0.5730.11, faulting module urlmon.dll, version 7.0.5730.11, fault address 0x00026366. Record Number: 9304 Source Name: Application Error Time Written: 20090318152731.000000-240 Event Type: error User: Computer Name: DELL-TCVGRDIH9Z Event Code: 12001 Message: The Messenger Sharing USN Journal Reader service started successfully. Record Number: 9205 Source Name: usnjsvc Time Written: 20090317194621.000000-240 Event Type: User: Computer Name: DELL-TCVGRDIH9Z Event Code: 12001 Message: The Messenger Sharing USN Journal Reader service started successfully. Record Number: 9170 Source Name: usnjsvc Time Written: 20090317164419.000000-240 Event Type: User: Computer Name: DELL-TCVGRDIH9Z Event Code: 1000 Message: Faulting application iexplore.exe, version 7.0.5730.11, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0001142e. Record Number: 9055 Source Name: Application Error Time Written: 20090316164212.000000-240 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=C:\WINDOWS\system32;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\ System32\Wbem;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel "PROCESSOR_REVISION"=0207 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip -----------------EOF-----------------


----------



## AlexEatsWaffles (Mar 18, 2010)

Here's the log OTM created.

All processes killed ========== SERVICES/DRIVERS ========== Service kbeepm stopped successfully! Service kbeepm deleted successfully! Error: No service named agq87rcx was found to stop! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\agq87rcx deleted successfully. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2db0efb6-bc2c-11de-b86a-0012179188ec}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2db0efb6-bc2c-11de-b86a-0012179188ec}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f6d2c39-402c-11df-b8c0-0012179188ec}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f6d2c39-402c-11df-b8c0-0012179188ec}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0ba47ad-d095-11dd-b81a-0012179188ec}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0ba47ad-d095-11dd-b81a-0012179188ec}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efe2187d-d626-11dd-b81e-0012179188ec}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{efe2187d-d626-11dd-b81e-0012179188ec}\ not found. ========== FILES ========== File/Folder C:\YouOfflineForMeh.exe not found. File/Folder D:\YouOfflineForMeh.exe not found. File/Folder G:\YouOfflineForMeh.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 1147336 bytes ->Temporary Internet Files folder emptied: 4477552 bytes ->FireFox cache emptied: 2223012 bytes ->Flash cache emptied: 348 bytes User: Alex ->Temp folder emptied: 1523652448 bytes ->Temporary Internet Files folder emptied: 32768 bytes ->Java cache emptied: 4592532 bytes ->FireFox cache emptied: 31724649 bytes ->Opera cache emptied: 308284483 bytes ->Flash cache emptied: 0 bytes User: Alex-2 ->Temp folder emptied: 13694 bytes ->Temporary Internet Files folder emptied: 3963728 bytes ->FireFox cache emptied: 18018996 bytes ->Flash cache emptied: 876 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Guest ->Temp folder emptied: 180446 bytes ->Temporary Internet Files folder emptied: 4379811 bytes ->Flash cache emptied: 300 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 235762 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 68749949 bytes User: sam ->Temp folder emptied: 923260 bytes ->Temporary Internet Files folder emptied: 2908718 bytes ->FireFox cache emptied: 87546192 bytes ->Flash cache emptied: 2300 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 3232958 bytes %systemroot%\System32 .tmp files removed: 111278225 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 98518189 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23926442 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1554566 bytes RecycleBin emptied: 1676691724 bytes Total Files Cleaned = 3,794.00 mb OTM by OldTimer - Version 3.1.10.1 log created on 04062010_064147 Files moved on Reboot... Registry entries deleted on Reboot...


----------



## shinybeast (Sep 29, 2008)

> Did the log open in Notepad or some other program?
> 
> Was it formatted correctly when it opened after the scan?


I am assuming nothing has changed regarding the connection.


----------



## AlexEatsWaffles (Mar 18, 2010)

I'm transferring the logs from the bad computer to a laptop using a flash drive. I open the files on the laptop and they open in a program called "Text Editor" where I then copy the text and paste it here. The logs appear fine when they open after the scan and when I open them in text editor. The connection is still not working.


----------



## shinybeast (Sep 29, 2008)

Hi AlexEatsWaffles,

OK, from now on, please attach requested logs rather than opening them and pasting them here. When you reply, click *Go Advanced* button and use *Manage Attachments *under Additional Options below the Submit Reply button.

*Scan with GMER*

*Click here* to download *GMER Rootkit Scanner* and save it to your desktop.


*Disconnect your computer from the internet and disable all security software before starting the scan.*
A guide to do this can be found *here*. If you still aren't sure how to disable protection software, please ask.
Double click the randomly named GMER file. If asked to allow gmer to run, please allow it.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on *NO*


_Click the image to enlarge it_
In the right panel, you will see several boxes that have been checked. *Uncheck* the following boxes:
Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All

Then click the Scan button and wait for it to finish
Once done click on the *Save..* button at lower right, and in the File name area, type in *"ark.txt"* (include the quotes or it will save as a .log file)
Save it where you can easily find it, such as your desktop, and attach it to your reply
_**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries_
*Note:* Do not run any programs while GMER is running.

*Reset Windows Firewall to default*

Click Start, click *Run...*, type *firewall.cpl* and press Enter.
Windows Firewall window should open.


Click *Advanced* tab
Under *Default Settings*, click *Restore Defaults* button
click *OK*

*Next*

Click Start, click *Run...*, type *inetcpl.cpl* and press Enter.
Internet Properties should open.


Click *Connections* tab
Click *LAN settings* button to open the Local Area Network (LAN) Settings window.
Under *Proxy server* ensure that *Use a proxy server for your LAN...* is unchecked.
Click *OK*.
Then click *OK* in the Internet Properties window.

Then make a new *HijackThis* log and attach it to your next reply along with the GMER log.

Check the connection and report results.

Also, why are you not running an Anti-virus? Is the Norton installation valid?


----------



## AlexEatsWaffles (Mar 18, 2010)

Still no Internet connection sadly. I run MBAM once in a while, but other than that I guess I just never got around to getting an antivirus. The ark.txt and Hijack This log are attached.


----------



## shinybeast (Sep 29, 2008)

Hi Alex,

I don't see any active malware but I am not convinced the computer is clean.

Is the "Internet Gateway" still showing in Network Connections after resetting Windows Firewall? It shows up because uPnP is enabled in the router.

Speaking of the router, are you able to connect and log in to the router's configuration page? ( http://192.168.1.1 )

You seem to like using MSCONFIG a lot, did you disable anything with that right before the problem started?

I am assuming Norton is no longer valid so let's get rid of it and install an anti-virus.

Please download the installer for one of the below free anti-virus programs and the Norton Removal Tool below and transfer them to the afflicted computer.

*Avast! Home Edition*
*Avira AntiVir*

*Uninstall Programs*

Click Start, click *Run...*
Type *appwiz.cpl* and press Enter to open *Add or Remove Programs*
For each of the programs listed below, highlight them in the list and click Remove

*Norton AntiVirus
Norton Internet Security (Symantec Corporation)*

Once finished, close Add or Remove Programs window

*Norton Cleanup*


*Click Here* to download the *Norton Removal Tool* and save it to your desktop.
Double click on *Norton_Removal_Tool.exe* to start the tool.
*NOTE*: To run the tool in *Vista*, right-click Norton_Removal_Tool.exe and select *Run as Administrator*. 
Follow program prompts, to remove the Norton product.
Reboot your computer

*Install chosen Anti-Virus*

Install your chosen anti-virus by double-clicking the installation file and follow the prompts. 
Then allow it to scan the computer. This will take a good bit of time depending on the amount of data on the computer. Report back what it finds, if anything.


----------



## AlexEatsWaffles (Mar 18, 2010)

Internet Gateway no longer appears in Network Connections. I can access 192.168.1.1, and speaking of that I should mention that connectivity test fails on the bad computer. I don't remember using msconfig for anything except getting rid of some startup processes that would slow down the computer. I got rid of Norton and installed avast. The avast shield popped up a few things so far, they all said something about rootkit and the process was "rundll32.exe".


----------



## shinybeast (Sep 29, 2008)

Hi Alex,



> The avast shield popped up a few things so far, they all said something about rootkit and the process was "rundll32.exe".


That's something to chew on.

Let's check for something that is currently circulating.

Download and run * HAMeb_check.exe*
Attach the resulting log.


----------



## AlexEatsWaffles (Mar 18, 2010)

Here you are.


----------



## shinybeast (Sep 29, 2008)

Hi Alex,

The CD emulator driver you have installed may have clouded the GMER scan's results. Please remove it as described below and run GMER again.

*Click here* to download SPTD installer and save it to your desktop.


Double-click *SPTDinst-v162-x86.exe* to run the tool.
Click *Uninstall*, then click *OK* to remove SPTD driver.
*Reboot* the computer to complete removal.

Then run *GMER* again and post the log.

*Scan with GMER*

You can use the randomly named GMER file you downloaded earlier. If you need to download it again, 
*click here* to download another copy.


*Disable all security software before starting the scan.*
*NOTE*: To disable *Alwil Avast!*
Right-click Avast!







icon in the system tray.
Highlight *avast! shields control* and click *Disable permanently*
Click *Yes* to confirm
The icon should look like this







indicating that Avast! has been disabled.

Double click the randomly named GMER file. If asked to allow gmer to run, please allow it.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on *NO*


_Click the image to enlarge it_
In the right panel, you will see several boxes that have been checked. *Uncheck* the following boxes:
Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All

Then click the Scan button and wait for it to finish
Once done click on the *Save..* button at lower right, and in the File name area, type in *"ark.txt"* (include the quotes or it will save as a .log file)
Save it where you can easily find it, such as your desktop, and post it in reply
_**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries_
*Note:* Do not run any programs while Gmer is running.


----------



## AlexEatsWaffles (Mar 18, 2010)

The SPTD thing told me I needed to update it, which it can't do without Internet connection.


----------



## shinybeast (Sep 29, 2008)

Hi Alex,

That's odd. Maybe you have an older version as the file you downloaded is for the latest version. I don't understand why it would have to update.

Lets' try one more thing.

*TDSSKiller*


*Click here* to download *TDSSKiller* to your desktop.
Extract *TDSSKiller.zip* to your desktop so that TDSSKiller.exe is on your desktop (_*not*_ in a folder).
*NOTE*: Close *all* running programs as a reboot may be necessary.
Copy the text in code box below.

```
"%userprofile%\Desktop\TDSSKiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"
```

Click Start, click Run... and paste the above command in the Open: box and click OK.
If TDSSKiller finds something, allow it to delete what it finds.
Once the tool is finished, press any key to continue and allow the computer to reboot if necessary.
Locate the log, *tdskiller.txt*, on your desktop and attach that log in your next reply.


----------



## AlexEatsWaffles (Mar 18, 2010)

TDSSKiller didn't find anything and there is no log on the desktop.


----------



## shinybeast (Sep 29, 2008)

Is there a log in root of C: drive? - C:\TDSSKiller.2.2.8_{date}_{time}_log.txt

Is Avast still reporting the rootkit in rundll32?


----------



## AlexEatsWaffles (Mar 18, 2010)

Here's the log, my bad.

Avast hasn't popped up anything in the last day, it moved some things to the virus chest and rundll32.exe no longer seems to run on startup.


----------



## shinybeast (Sep 29, 2008)

Please look in the Avast chest and report the filenames of the files Avast! removed. Double-click Avast icon in tray to open user interface and Click Maintenance > Virus Chest to view the files in the chest.

Also please post a new RSIT log. This time when you run it only one log will open.

*Scan with RSIT*


Double-click *RSIT.exe* to run the tool
Click *Continue* at the disclaimer screen.
Once it finishes, a log will open (log.txt).
Please attach *log.txt* in your next post.


----------



## AlexEatsWaffles (Mar 18, 2010)

Here you go.


----------



## shinybeast (Sep 29, 2008)

There is a driver present that appears to be changing it's name.

Let's try one more time with OTM to remove it and if that doesn't work we can try something with more strength.

*If you have rebooted the computer since running RSIT,* let me know and post a new RSIT log. Do not continue.

*If you have not rebooted*, do the following.

*Backup Registry With ERUNT*

Before we make changes to the registry, we need to back it up.


Start *ERUNT* (Start > All Programs > ERUNT > ERUNT)
Click OK at the Welcome dialog box
Ensure the *System Registry* and *Current User Registry* boxes are *checked* and click OK to backup the registry to the default location and filename.
A window should appear that says "Registry backup is complete!." Click *OK* in that window.

*IMPORTANT: If you do not complete ERUNT backup successfully, do not continue further and post back to let me know.*

*Download and run OTM*

*Click here* to download *OTM by Old Timer* and save it to your Desktop.


Double-click *OTM.exe* to run it.
Drag and drop *OTMFix2.txt* into the white area under "Paste Instructions for Items to be Moved" (under the yellow line)
Check that the formatting is the same as the below text. If not, make it so.


```
:Services
agaz4z7x

:Files
C:\WINDOWS\system32\drivers\agaz4z7x.sys
```

Click the *MoveIt!* button
*OTM may ask to reboot the machine. Please do so if asked.*
A log should open in notepad. Paste the contents of the log in your next reply.
If the log does not open, find the log as described below
Start Notepad (Start > All Programs > Accessories > Notepad)
In Notepad, click *File*, then click *Open*
In the *File Name:* box, type **.log* then press Enter
Navigate to *C:\_OTM\MovedFiles* and locate the newest log and open it (they are named as {date}_{time}.log)
Copy the contents of the log and paste it in your next reply.


Attach the OTM log to your next reply along with a new RSIT log.


----------



## AlexEatsWaffles (Mar 18, 2010)

Here you are good sir.


----------



## shinybeast (Sep 29, 2008)

Hello Alex,

FYI, the SPTD removal appeared to work earlier.

The attached OTMFix3.txt will delete disabled startup registry entries for malware and some uninstalled programs. Should have done it with the last OTMFix but I was preoccupied with the malware.

*Backup Registry With ERUNT*

Before we make changes to the registry, we need to back it up.


Start *ERUNT* (Start > All Programs > ERUNT > ERUNT)
Click OK at the Welcome dialog box
Ensure the *System Registry* and *Current User Registry* boxes are *checked* and click OK to backup the registry to the default location and filename.
A window should appear that says "Registry backup is complete!." Click *OK* in that window.

*IMPORTANT: If you do not complete ERUNT backup successfully, do not continue further and post back to let me know.*

*Download and run OTM*

*Click here* to download *OTM by Old Timer* and save it to your Desktop.


Double-click *OTM.exe* to run it.
Drag and drop *OTMFix3.txt* into the white area under "Paste Instructions for Items to be Moved" (under the yellow line)
Click the *MoveIt!* button
*OTM may ask to reboot the machine. Please do so if asked.*
A log should open in notepad. Paste the contents of the log in your next reply.
If the log does not open, find the log as described below
Start Notepad (Start > All Programs > Accessories > Notepad)
In Notepad, click *File*, then click *Open*
In the *File Name:* box, type **.log* then press Enter
Navigate to *C:\_OTM\MovedFiles* and locate the newest log and open it (they are named as {date}_{time}.log)
Attach the log and to your next reply.


*MSConfig Advice*

"The System Configuration utility helps you find problems with your Windows XP configuration. *It does not manage the programs that run when Windows starts.*" -- http://support.microsoft.com/kb/310560

MSConfig is designed to be used for troubleshooting system problems. When you use it to disable something "permanently" using Selective Startup there may be one or more of the following consequences.


Malware can remain inactive in the system and be activated at a later date when Normal Startup is selected.
Uninstalling a program that has been disabled may not properly uninstall the program. Also, boot errors may occur as a result of selecting Normal Startup after uninstalling a program disabled using Selective Startup.
Using MSConfig to disable Services can cause the computer to be unbootable should you disable a critical one.

I suggest you use the following options to deal with startups.


Uninstall the program if it is not being used.
Look in the program's settings to see if there is a setting to stop it from starting when Windows starts.
Use a Startup Manager such as *Startup Manager*, *Autoruns* or *WinPatrol* (WinPatrol also offers additional security).

After you run the OTM fix, start MSCONFIG and select *Normal Startup* and click *OK*. It will ask to reboot, please do.
You may have some errors on boot if I did not catch everything that no longer exists. If so, inform me and we can deal with it.

Also, check the connection afterwards. The DNS Client service was disabled in MSCONFIG and should be allowed to start again if you change to normal startup.


----------



## AlexEatsWaffles (Mar 18, 2010)

Still no connection, but no errors appeared at startup.


----------



## shinybeast (Sep 29, 2008)

Ok. One more thing to check before I can say the computer is clean. Let's try GMER again now that SPTD driver is out of the way.

*Scan with GMER*

If you need to download it again, *click here* to download *GMER Rootkit Scanner* and save it to your desktop.


*Disable all security software before starting the scan.*
*NOTE*: To disable *Alwil Avast!*
Right-click Avast!







icon in the system tray.
Highlight *avast! shields control* and click *Disable permanently*
Click *Yes* to confirm
The icon should look like this







indicating that Avast! has been disabled.

Double click the randomly named GMER file. If asked to allow gmer to run, please allow it.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on *NO*
In the right panel, you will see several boxes that have been checked. *Uncheck* the following boxes:
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All

Then click the Scan button and wait for it to finish
Once done click on the *Save..* button at lower right, and in the File name area, type in *"ark.txt"* (include the quotes or it will save as a .log file)
Save it where you can easily find it, such as your desktop, and post it in reply
_**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries_
*Note:* Do not run any programs while GMER is running.

*IMPORTANT*: After tools have run and any necessary reboots have occurred, right-click Avast!







icon, highlight *avast! shields control* and click *Enable all shields*

Please attach a *new* HijackThis log along with the GMER log ark.txt for a final check. Also, please inform me of any other issues the computer has (other than the DNS).


----------



## AlexEatsWaffles (Mar 18, 2010)

There aren't really any other problems, everything is definitely running smoother now than it was before I made this thread so thanks a lot, even if the connection isn't fixed.


----------



## shinybeast (Sep 29, 2008)

OK, SPTD driver isn't out of the way but I do not see anything bad. If you get the connection fixed without re-installing Windows, I suggest you run the removal tool for SPTD. With the amount of infection in the past, you may want to consider a reformat/re-install.

I'm stumped. The computer now appears clean. If all the things you tried before (ipconfig /flushdns, netsh winsock reset, turning off firewall, setting TCP/IP properties for the connection to obtain automatically, uninstalling/reinstalling Linksys Wireless-G PCI Adapter, etc.) still do not resolve it, you might have something corrupted in Windows. I can request that this be transferred back to XP or Networking forum and maybe ETAF and JohnWill will have some further ideas.

SP2 will no longer be supported by Microsoft after July 13 (no more updates), so you should consider updating to SP3.

You may delete RSIT, the randomly named GMER file, HAMeb_check.exe and TDSSKiller.exe along with it's .zip.

*OTM Cleanup*

Please run *OTM* which should still be on your desktop
In the upper right click *CleanUp!*
This will delete OTM and will clean up after it.

*Create a new System Restore point and clear old ones*

Please clear old restore points in order to avoid reintroducing malware from a restore point in the future.

*Create a new restore point*


Navigate to Start > All Programs > *Accessories* > *System Tools* and click *System Restore*
On the right side of the welcome window, select (tick) *Create a restore point*, then click Next
Under *Restore point description*, name the restore point (I suggest *post-malware removal* or something similar)
Click *Create*, then click *Close*

*Delete old restore points*


Click Start, click *Run...*, type *cleanmgr* and press Enter
Select the drive XP is installed on (usually C: ) and click OK
Once the Disk Cleanup dialog opens, click the *More Options* tab
Under *System Restore* click *Clean up...*
You will be asked if you are sure you want to clean all restore points but the most recent one, click *Yes*
Close the Disk Cleanup dialog to finish.

*Note:* Do the above *once*. Restore points should *not* be routinely deleted.

*Recommendations*

*Implementing the following suggestions will greatly reduce your chances of malware problems in the future.* ... once you get the connection figured out.

*Update Windows*

*It is important to keep Windows and Microsoft programs updated to close vulnerabilities as they are discovered.*

I suggest that you occasionally visit Microsoft Update and install all important updates. Please visit Microsoft Update as soon as possible as described below.

Close all windows and temporarily disable your anti-virus (usually through a tray icon)

Use *Internet Explorer* to visit this site: http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-US

Once the page loads follow instructions to install all critical updates. You may need to repeat this process until fully updated.

*Keep installed programs up to date*

*Anti-virus*
Most important is keeping your anti-virus software up to date. An out of date anti-virus is not much better than no anti-virus. If your anti-virus is not set to update automatically (preferred), it is imperative that you occasionally update it manually. You usually can accomplish this through a tray icon.

*Update Other Vulnerable Software*
Malware writers are increasingly targeting vulnerabilities in commonly used applications. There are several online sites which will scan your computer for outdated software. I've listed two below. I recommend occasionally visiting and scanning your computer to detect vulnerable software that should be updated.
*Secunia Online Software Inspector*
*F-Secure Health Check*

*Mozilla Firefox Plug-in Check*
If using Firefox, *Click here* to visit Mozilla, check your plug-ins and update them as necessary.

*Best Practices for Email and Downloaded Files.*


Do not read emails from unknown sources.
Make it a habit to never open email attachments from anyone, including people you know, unless you absolutely have to. If you need to open an attachment, scan it with your anti-virus before you open it.
Do not use Peer to Peer software to "share" media and software. You will get more than you expected and the "bonus" will not be something you want and will bring you back seeking help.
Do not use keygens or hacked software. First, it is stealing. Second, it is almost always infected with something. If you cannot afford to buy something, there is likely a free alternative that will be a good substitute. Search around and seek out advice from a trusted forum. Most will be glad to tell you of their favorite free program that performs the job you want done.

*Additional Protection Programs*

The programs listed below are excellent for improving your computer's security.

*WinPatrol* by Bill Pytlovany - "WinPatrol is a multi-purpose utility designed to increase performance and protect against unwanted changes." Information on it's many features can be found *here*

*MVPS Hosts file* - A replacement HOSTS file that redirects known malicious and ad serving sites to the localhost, thus preventing connection to them.
*Note:* MVPS Hosts file can sometimes slow down the computer so read the information on the site to mitigate this effect.

I encourage you to check out miekiemoes' article "How to prevent Malware:"

If you have any questions about these suggestions, I would be happy to answer them.

Let me know if you would like to move the thread.


----------



## AlexEatsWaffles (Mar 18, 2010)

I don't need the thread moved but I have one more question. Is it possible that the loss of connection is caused by a hardware problem such as the Linksys adapter? Thanks


----------



## shinybeast (Sep 29, 2008)

Hi Alex,

I seriously doubt the issue is with the adapter itself. The issue is likely on your computer (drivers or settings or corrupted files). 

You said you tried a wired connection earlier, correct? If the DNS doesn't resolve with the NIC in the computer either, that would discount the wireless adapter being "bad." Something in the OS is messed up most likely. 

Try booting into Safe Mode with Networking and see if domain names are resolved and report back.


----------



## etaf (Oct 2, 2003)

If you goto my first post - I put some details for downloading and running xirrus - are you able to do that at all ? and then post back the screen shot 
also can we see a screen shot of device manager

b]Download and install[/b]
If you cannot access the internet with this PC, then you will need to copy the program across to the faulty PC

http://www.xirrus.com/library/wifitools.php
Then run the program 
if you get an error - You need NET Framework installed for the WiFi Inspector to function.

post a screen shot of the program running - if there are a lot of networks showing can you click on "networks" top lefthand area - so we can see all the network information, and also post which network "Adapter Name" (1st column) is yours on the list

To post a screen shot of the active window, hold the Alt key and press the PrtScn key. Open the Windows PAINT application and Paste the screen shot. You can then use PAINT to trim to suit, and save it as a JPG format file. 
To upload it to the forum, open the full reply window and use the Manage Attachments button to upload it here.
*------------------------------------------------------------------------*

Press the Windows key (bottom left of the keyboard} and at the same time press the R key, now in the search box that appears - type devmgmt.msc

click on the + against network adapters and post back a screen shot.
To post a screen shot of the active window, hold the Alt key and press the PrtScn key. Open the Windows PAINT application and Paste the screen shot. You can then use PAINT to trim to suit, and save it as a JPG format file. 
To upload it to the forum, open the full reply window and use the Manage Attachments button to upload it here.


----------



## AlexEatsWaffles (Mar 18, 2010)

I tried booting in safe mode - no results.

etaf - My bad, I didn't have a flash drive when you posted that the first time, I guess I forgot about it. The screenshots are attached, sorry about the quality.


----------



## etaf (Oct 2, 2003)

No problem, I decide to repost all the instructions anyway  ,
There is a problem on the PC - with SCSI / Raid controller with a ! against it - but I think we can concentrate on the network just for now.... 
So the adapter can see the wireless network and report it with that tool all OK 
remove the WEP security from the router and then post the following - I'm sure we will be going back over old ground - but I feel its necessary really, as there has been a lot of changes on the PC and we may have missed something - so please bare with us, and the process
*------------------------------------------------------------------------*
*{ipconfig /all}*
If you cannot access the internet with this PC, then you will need to paste the results into something like notepad and then copy onto a machine that can access the internet and post results here
We would like to see the results from ipconfig /all post back the results here
-> Start 
-> _(XP - enter the following in the RUN box)_
*cmd /k ipconfig /all*
-> _(Vista or Windows 7 - enter the following in the Search box)_
*cmd /k ipconfig /all*

A black box will appear on the screen - 
rightclick in the box
select all
enter
control key + C key - to copy

then reply here and 
control key + V to paste
*------------------------------------------------------------------------*
If you cannot access the internet with this PC, then you will need to paste the results into something like notepad and then copy onto a machine that can access the internet and post results here
*{Ping Tests}*

Start> Run {search bar in Vista}> CMD to open a DOS window and type:

Type the following command
*Ping google.com*
Post back the results
rightclick in the box
select all
enter
control key + C key - to copy
then reply here and 
control key + V to paste

Type the following command 
*Ping* {plus the number thats shown against the default gateway shown in above ipconfig /all}
Post back the results
rightclick in the box
select all
enter
control key + C key - to copy
then reply here and 
control key + V to paste

Type the following command
*Ping 209.191.93.53*
post back results
rightclick in the box
select all
enter
control key + C key - to copy
then reply here and 
control key + V to paste
*------------------------------------------------------------------------*


----------



## AlexEatsWaffles (Mar 18, 2010)

ipconfig /all and the ping tests are both in the attached file.


----------



## etaf (Oct 2, 2003)

so we are at the same place as before - can get to website with the IP address but not by name 
I tried to ping the DNS server 4.2.2.2 - which is a public IP and got no reply - maybe try changing the DNS to the google DNS servers 
heres the link for the address and how to configure 
http://code.google.com/speed/public-dns/
IP addresses 8.8.8.8 and 8.8.4.4

again - sorry we are going over all the old stuff again, but I think we need to go back to basics all over again..... so please bare with us some more


----------



## AlexEatsWaffles (Mar 18, 2010)

No problem, I changed the DNS servers to Google's, still can't ping by hostname though.


----------



## etaf (Oct 2, 2003)

What Service Pack are you on - SP1, SP2 or SP3 ?
did this problem start with a SP update - I have SP3 cause DNS issues - it may be worth re-installing

Also post back the hosts file 
Windows\system32\drivers\etc\Hosts

And then back to these again
*-------------------------------------------------------------------------------------------------------------------------------*

start>run>cmd>ipconfig /flushdns

*-------------------------------------------------------------------------------------------------------------------------------*

start>run>cmd>nbtstat -R

*-------------------------------------------------------------------------------------------------------------------------------*

(From a JohnWill post)

*TCP/IP stack repair options for use with Windows XP with SP2/SP3.*

*S*tart, *R*un, *CMD* to open a command prompt:

In the command prompt window that opens, type type the following commands:

_Note: Type only the text in bold for the following commands._

Reset TCP/IP stack to installation defaults, type: *netsh int ip reset reset.log*

Reset WINSOCK entries to installation defaults, type: *netsh winsock reset catalog*

Reboot the machine.
*-------------------------------------------------------------------------------------------------------------------------------*


----------



## AlexEatsWaffles (Mar 18, 2010)

I believe I'm on SP2.


----------



## AlexEatsWaffles (Mar 18, 2010)

I can't seem to attach the hosts file, what should I do?


----------



## etaf (Oct 2, 2003)

start> control panel > system - that should tell you .... if SP2 
does the host file just look like example here 
http://vlaurie.com/computers2/Articles/hosts.htm


----------



## AlexEatsWaffles (Mar 18, 2010)

Yeah, it's SP2 and the hosts file looks just like that.


----------



## etaf (Oct 2, 2003)

and all the 
flashdns
nbtstat
tcp/ip - reset

Made no difference - correct


----------



## AlexEatsWaffles (Mar 18, 2010)

Correct.


----------



## etaf (Oct 2, 2003)

I just reviewed the whole thread, and noticed that Norton was still present right up to the last HJT 
What are you using as a firewall now ?
ALSO
I jumped in before you answered post #55 


> Hi Alex,
> 
> I seriously doubt the issue is with the adapter itself. The issue is likely on your computer (drivers or settings or corrupted files).
> 
> ...


can you answer the points made above

I'll also move the post back to networking forum


----------



## TerryNet (Mar 23, 2005)

Sorry if I missed it, but I did not see a confirmation that you uninstalled Norton and ran the Removal Tool.


----------



## AlexEatsWaffles (Mar 18, 2010)

The only firewall I'm using is the Windows Firewall. I tried booting in safe mode with networking but the problem was still there. I ran the Norton removal tool and it is no longer in the Add/Remove Programs list.


----------



## etaf (Oct 2, 2003)

same ping results - if using cable or wireless, you can ping the IP address and get a reply, but can ping names - correct 
I'm glad terrynet has popped in, as i'm about out of ideas ...


----------



## AlexEatsWaffles (Mar 18, 2010)

So the best option at this point is a reinstall?


----------



## etaf (Oct 2, 2003)

> same ping results - if using cable or wireless, you can ping the IP address and get a reply, but can ping names - correct


is this correct ?

Terrynet may have other suggestions, but if hes online today, it wont be until later due to time difference hes in Ottawa, IL


----------



## TerryNet (Mar 23, 2005)

1. Ping to internet address works but ping to google.com or yahoo.com fails.
2. DNS server assigned 4.2.2.2; also 8.8.8.8 tried.
3. Norton uninstalled and then Removal Tool used.
4. Same results ethernet or wireless.
5. Same results *Safe Mode with Networking*.
6. Control Panel - Internet Options - Connections tab - LAN settings - no boxes checked.
7. No other firewall now or in past except for Windows and the banished Norton.

If all seven of those are correct I have only one more idea, and it _should _not matter anyhow:

8. Control Panel - Administrative Tools - Services - the 'DNS client' service should be Started.


----------



## shinybeast (Sep 29, 2008)

Hi Alex,

I've been pondering this some more. 
There is one more thing I would like you to check. Please perform the following.

*Scan with OTL*

*Click here* to download *OTL by OldTimer* and save it to your Desktop


Close all other open windows, then double-click *OTL*







to start the tool.
Under *Output*, ensure that *Minimal Output* is selected
Copy the text in the code box below and paste it into the *Custom Scans/Fixes* box (under the cyan line at the bottom of the window)

```
netsvcs
/md5start
ws2_32.dll
/md5stop
CREATERESTOREPOINT
```

Click *Run Scan* in upper left of window.
When the scan is finished, two logs will open:
*OTL.Txt* <-- _Will be opened_
*Extras.Txt* <-- _Will be minimized_
Please attach *OTL.txt* to your next reply.


----------



## AlexEatsWaffles (Mar 18, 2010)

etaf - Yes, that is correct.
Terrynet - Those are all correct and the DNS client service is started.


----------



## etaf (Oct 2, 2003)

well, i'm right out of idea now - just to follow-up on the services mentioned by terrynet - heres a full list required - just in case 


> From a Johnwill post
> 
> Check your Services are Started on all PCs:
> 
> ...


So unless Terrynet or shinybeast suggestion above post #76 - looks like a rebuild - although possibly putting SP2 back on may clear the issues - or even upgrading to SP3 if available for that PC from windows update - for download to one of your other PCs and copy across - very large 316MB http://www.microsoft.com/downloads/...A8-5E76-401F-BE08-1E1555D4F3D4&displaylang=en


----------



## AlexEatsWaffles (Mar 18, 2010)

Shinybeast - Here's the OTL.txt, sorry for the delay.


----------



## shinybeast (Sep 29, 2008)

Hi Alex,

While I am looking over the log, please run GooredFix and post the log. There are a lot of malware remnants in the log! I need to look it over well to see if any of them could be responsible for your issue.

*GooredFix*

Please download *GooredFix* from one of the locations below and *save it to your Desktop*
*Link 1* | *Link 2*


*Ensure all Firefox windows are closed.*
To run the tool, double-click GooredFix.exe.
When prompted to run the scan, click *Yes*.
GooredFix will check for infections, and then a log will appear.
Please post the contents of that log in your next reply (the log can also be found on your desktop, named *GooredFix.txt*).


----------

