Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Problem Plus Other Issues


  • This topic is locked This topic is locked
21 replies to this topic

#1 StevePA

StevePA

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 03 May 2008 - 03:20 PM

Hello...

SuperAntiSpywareFree had identified adware.vundo-varient.

I made it through steps 1 through 5 of your precedure (Kaspersky scan).

When I tried to run DSS, the system hung.

I have rebooted...does that mean I'll have to re-run Kaspersky?

Following is what I have so far?


==================
KASPERSKY LOG
==================


KASPERSKY ONLINE SCANNER REPORT
Saturday, May 03, 2008 3:43:45 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/05/2008
Kaspersky Anti-Virus database records: 737090
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target Folders
C:\
F:\000\
F:\001\
F:\002\
F:\003\
F:\DVDFabPlatinum_Temp\
F:\Games\
F:\Gamin Maps\
F:\Memory-Map Data Files\
F:\msdownld.tmp\
F:\MTM\
F:\My Documents\Cheyney\
F:\My Documents\Family Photos\
F:\My Documents\Homedocs\
F:\My Documents\HRC\
F:\My Documents\HTM\
F:\My Documents\Maps\
F:\My Documents\Rec\
F:\My Documents\UU\
F:\RECYCLER\
F:\Steve Backups\
F:\System Volume Information\
F:\Temp\
F:\Video\
F:\WUTemp\
I:\a3b1f410f7f65898fda1cc09\
I:\Backups\
I:\CloneDVDTemp\
I:\data\
I:\documentation\
I:\languages
I:\RECYCLER\
I:\speech\
I:\System Volume Information\
Scan Statistics
Total number of scanned objects 238545
Number of viruses found 4
Number of infected objects 60
Number of suspicious objects 0
Duration of the scan process 04:35:28

Infected Object Name Virus Name Last Action
C:\data Infected: Trojan-Downloader.Win32.IstBar.nh skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Stephen Sander\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Stephen Sander\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Stephen Sander\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Stephen Sander\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Stephen Sander\Local Settings\History\History.IE5\MSHist012008050320080504\index.dat Object is locked skipped
C:\Documents and Settings\Stephen Sander\Local Settings\Temp\hsperfdata_Stephen Sander\1108 Object is locked skipped
C:\Documents and Settings\Stephen Sander\Local Settings\Temporary Internet Files\Content.IE5\G60HD37U\SDFix[1].htm Object is locked skipped
C:\Documents and Settings\Stephen Sander\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Stephen Sander\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Stephen Sander\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\dbxDgrevCheck.dll Infected: not-a-virus:AdWare.Win32.Agent.cb skipped
C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\mcxcnfgf.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\SYSTEM32\objhmyrw.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\SYSTEM32\ufoxlfmi.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt skipped
C:\WINDOWS\SYSTEM32\vdskekth.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_v1YAgaX7E9p1gfS Object is locked skipped
C:\WINDOWS\Temp\mcmsc_1Cxpwc2UXjIjeNi Object is locked skipped
C:\WINDOWS\Temp\mcmsc_Gc9WJjxARKVHUKS Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\000\Adobe Keygen Collection\Adobe Acrobat 3D 8.1 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe Acrobat 3D 8.1 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe Acrobat 3D 8.1 Keygen.exe Rsrc-Package: infected - 2 skipped
F:\000\Adobe Keygen Collection\Adobe Acrobat 8.0 Professional keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe Acrobat 8.0 Professional keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe Acrobat 8.0 Professional keygen.exe Rsrc-Package: infected - 2 skipped
F:\000\Adobe Keygen Collection\Adobe After Effects CS3 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe After Effects CS3 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe After Effects CS3 Keygen.exe Rsrc-Package: infected - 2 skipped
F:\000\Adobe Keygen Collection\Adobe Audition 2.0 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe Audition 2.0 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe Audition 2.0 Keygen.exe Rsrc-Package: infected - 2 skipped
F:\000\Adobe Keygen Collection\Adobe Captivate 3.0 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe Captivate 3.0 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe Captivate 3.0 Keygen.exe Rsrc-Package: infected - 2 skipped
F:\000\Adobe Keygen Collection\Adobe ColdFusion 8.0 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe ColdFusion 8.0 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe ColdFusion 8.0 Keygen.exe Rsrc-Package: infected - 2 skipped
F:\000\Adobe Keygen Collection\Adobe Contribute CS3 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe Contribute CS3 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe Contribute CS3 Keygen.exe Rsrc-Package: infected - 2 skipped
F:\000\Adobe Keygen Collection\Adobe CS3 Design Premium Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe CS3 Design Premium Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe CS3 Design Premium Keygen.exe Rsrc-Package: infected - 2 skipped
F:\000\Adobe Keygen Collection\Adobe CS3 Web Premium Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe CS3 Web Premium Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe CS3 Web Premium Keygen.exe Rsrc-Package: infected - 2 skipped
F:\000\Adobe Keygen Collection\Adobe Dreamweaver CS3 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe Dreamweaver CS3 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe Dreamweaver CS3 Keygen.exe Rsrc-Package: infected - 2 skipped
F:\000\Adobe Keygen Collection\Adobe Encore DVD 2.0 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe Encore DVD 2.0 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe Encore DVD 2.0 Keygen.exe Rsrc-Package: infected - 2 skipped
F:\000\Adobe Keygen Collection\Adobe Fireworks CS3 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe Fireworks CS3 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe Fireworks CS3 Keygen.exe Rsrc-Package: infected - 2 skipped
F:\000\Adobe Keygen Collection\Adobe Flash CS3 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe Flash CS3 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe Flash CS3 Keygen.exe Rsrc-Package: infected - 2 skipped
F:\000\Adobe Keygen Collection\Adobe Flex Builder 2.0 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe Flex Builder 2.0 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe Flex Builder 2.0 Keygen.exe Rsrc-Package: infected - 2 skipped
F:\000\Adobe Keygen Collection\Adobe FrameMaker 8.0 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe FrameMaker 8.0 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe FrameMaker 8.0 Keygen.exe Rsrc-Package: infected - 2 skipped
F:\000\Adobe Keygen Collection\Adobe GoLive CS3 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe GoLive CS3 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe GoLive CS3 Keygen.exe Rsrc-Package: infected - 2 skipped
F:\000\Adobe Keygen Collection\Adobe Graphics Server 2.1 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe Graphics Server 2.1 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe Graphics Server 2.1 Keygen.exe Rsrc-Package: infected - 2 skipped
F:\000\Adobe Keygen Collection\Adobe InCopy CS3 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe InCopy CS3 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped
F:\000\Adobe Keygen Collection\Adobe InCopy CS3 Keygen.exe Rsrc-Package: infected - 2 skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.

==============================


Thanks.

BC AdBot (Login to Remove)

 


#2 StevePA

StevePA
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 04 May 2008 - 03:33 PM

Here are the results of the DSS scan (which I finally got to work):

MAIN.TXT FOLLOWS:


Deckard's System Scanner v20071014.68
Run by Stephen Sander on 2008-05-04 15:52:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 2 Restore Point(s) --
2: 2008-05-03 19:47:24 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-05-03 13:57:34 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Stephen Sander.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:01:23 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\dllhost.exe
C:\Documents and Settings\Stephen Sander\Desktop\dss.exe
c:\PROGRA~1\mcafee\mpf\mc\mpfalert.exe
C:\DOCUME~1\STEPHE~1\Desktop\Stephen Sander.exe
C:\Program Files\Common Files\Real\Update_OB\rndal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///F:/My%20Documents/HTM/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.highstream.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~2\COPERN~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {60478fb2-808e-42e0-9d16-6556ddcc1e30} - C:\WINDOWS\system32\objhmyrw.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {acd6ed4a-c3f6-4927-9d0c-5e17f3e11530} - C:\WINDOWS\system32\mcxcnfgf.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~2\COPERN~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Opware15] "C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BM87dcd3e6] Rundll32.exe "C:\WINDOWS\system32\vdskekth.dll",s
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Support - {65EE8C2B-F2DB-4796-B6DA-39CC695CBB04} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {AEE68C9D-3764-45D3-B90C-22C57079869F} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {CD935E19-ACE5-463A-B781-89AE088E8D51} - http://www.comcast.net (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182456824562
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://wsc3.perfora.net/app/static/activex/msxml4.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/download/files/w...tall/isetup.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: bw+0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 25632 bytes

-- File Associations -----------------------------------------------------------

.ini - PFE32 - DefaultIcon - unable to read value
.ini - PFE32 - shell\open\command - "C:\Program Files\PFE\PFE32.EXE" "%1"
.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver2.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver2.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
S3 KMW_SYS (Kensington MouseWorks Mouse filter driver) - c:\windows\system32\drivers\kmw_sys.sys <Not Verified; Kensington Technology Group; KMW2k>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 navi (VeriSign Updater) - c:\program files\verisign\navi\naviagent.exe uimode=agentupdate <Not Verified; VeriSign, Inc.; NAVI Agent>

S2 Automatic LiveUpdate Scheduler - "c:\program files\symantec\liveupdate\aluschedulersvc.exe" (file missing)
S2 Symantec Core LC - "c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" (file missing)
S2 UMWdf (Windows User Mode Driver Framework) - c:\windows\system32\wdfmgr.exe (file missing)
S3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - c:\program files\magix\common\database\bin\fbserver.exe <Not Verified; MAGIX®; Firebird SQL Server - MAGIX Edition>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 UPnPService - c:\program files\common files\magix shared\upnpservice\upnpservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_IVI&PROD_VIRTUAL_CD&REV_0.5A\1&2AFD7D61&0&000
Manufacturer: (Standard CD-ROM drives)
Name: IVI Virtual CD SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_IVI&PROD_VIRTUAL_CD&REV_0.5A\1&2AFD7D61&0&000
Service: cdrom


-- Scheduled Tasks -------------------------------------------------------------

2008-05-03 22:49:01 1042 --a------ C:\WINDOWS\Tasks\Drive F Backup Part 1.job
2008-05-01 01:01:03 370 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-04-28 15:02:06 890 --a------ C:\WINDOWS\Tasks\Cheyney Backup.job
2008-04-25 01:07:03 986 --a------ C:\WINDOWS\Tasks\Drive C Backup.job
2008-04-22 22:39:32 1042 -----n--- C:\WINDOWS\Tasks\Drive F Backup Part 2.job
2008-04-15 01:22:06 368 -----n--- C:\WINDOWS\Tasks\McDefragTask.job
2007-10-01 05:01:23 858 -----n--- C:\WINDOWS\Tasks\HRC Backup.job


-- Files created between 2008-04-04 and 2008-05-04 -----------------------------

2008-05-03 10:02:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-03 10:02:02 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-03 08:14:34 0 dr-h----- C:\Documents and Settings\Stephen Sander\Recent
2008-05-03 07:35:56 0 d-------- C:\Documents and Settings\Stephen Sander\Application Data\McAfee
2008-04-30 11:24:03 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-30 11:23:33 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-30 11:23:32 0 d-------- C:\Documents and Settings\Stephen Sander\Application Data\SUPERAntiSpyware.com
2008-04-30 11:17:26 0 d-------- C:\Program Files\RogueRemover FREE
2008-04-30 06:24:19 0 d-------- C:\Program Files\Lavasoft
2008-04-30 06:24:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-30 01:19:56 107072 --a------ C:\WINDOWS\system32\mcxcnfgf.dll
2008-04-30 01:17:06 104512 --a------ C:\WINDOWS\system32\vdskekth.dll
2008-04-29 01:17:48 108608 --a------ C:\WINDOWS\system32\objhmyrw.dll
2008-04-29 01:17:39 104000 --a------ C:\WINDOWS\system32\ufoxlfmi.dll
2008-04-28 13:14:38 526381 --ahs---- C:\WINDOWS\system32\JQAyJkkj.ini2
2008-04-25 15:09:51 0 d-------- C:\Documents and Settings\Stephen Sander\Application Data\TuneUp Software
2008-04-25 15:09:18 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-04-25 15:09:03 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-04-15 19:52:01 0 d-------- C:\Program Files\Smart Projects
2008-04-09 09:15:15 0 d-------- C:\Program Files\SSA Benefit Calculator


-- Find3M Report ---------------------------------------------------------------

2008-05-04 15:42:52 0 d-------- C:\Program Files\Weather Watcher
2008-04-30 20:00:49 0 d-------- C:\Program Files\MSECache
2008-04-30 11:22:39 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 08:37:19 0 d-------- C:\Program Files\Java
2008-04-27 11:53:34 0 d-------- C:\Documents and Settings\Stephen Sander\Application Data\Alien Skin
2008-04-26 10:16:53 0 d-------- C:\Documents and Settings\Stephen Sander\Application Data\Vso
2008-04-25 09:24:26 0 d-------- C:\Program Files\Agent
2008-04-25 06:38:25 0 d-------- C:\Program Files\McAfee
2008-04-16 12:44:54 6831 -----n--- C:\WINDOWS\panose.bin
2008-04-15 07:49:19 0 d-------- C:\Program Files\Thumbs4
2008-04-07 12:36:11 151296 --a------ C:\Documents and Settings\Stephen Sander\Application Data\GDIPFONTCACHEV1.DAT
2008-04-05 08:41:50 0 d-------- C:\Program Files\PhoneTools
2008-04-05 08:41:37 0 -----n--- C:\WINDOWS\Capture
2008-04-05 06:02:00 0 d-------- C:\Program Files\Replay Radio 6
2008-04-05 06:00:40 0 --a------ C:\Documents and Settings\Stephen Sander\Application Data\sversion.ini
2008-03-24 08:04:44 0 d-------- C:\Program Files\Rosetta Stone
2008-03-23 13:40:06 0 d-------- C:\Documents and Settings\Stephen Sander\Application Data\TaxCut
2008-03-23 12:51:07 0 d-------- C:\Documents and Settings\Stephen Sander\Application Data\pdf995
2008-03-23 12:00:12 0 d-------- C:\Program Files\TaxCut07
2008-03-23 11:57:14 0 d-------- C:\Program Files\PDF995
2008-03-23 07:24:31 0 d-------- C:\Documents and Settings\Stephen Sander\Application Data\Adobe
2008-03-22 19:50:42 0 d-------- C:\Program Files\Common Files\Intuit
2008-03-20 11:09:38 0 d-------- C:\Program Files\Smith Micro
2008-03-18 14:55:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-04 06:18:06 0 d-------- C:\Documents and Settings\Stephen Sander\Application Data\U3
2008-02-24 14:26:41 23193 --a------ C:\Documents and Settings\Stephen Sander\Application Data\Tab Separated Values (Windows).ADR
2008-02-20 14:01:17 249856 -----n--- C:\WINDOWS\system32\pdfmona.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-02-20 14:01:17 51716 -----n--- C:\WINDOWS\system32\pdf995mon.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60478fb2-808e-42e0-9d16-6556ddcc1e30}]
04/29/2008 01:17 AM 108608 --a------ C:\WINDOWS\system32\objhmyrw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{acd6ed4a-c3f6-4927-9d0c-5e17f3e11530}]
04/30/2008 01:19 AM 107072 --a------ C:\WINDOWS\system32\mcxcnfgf.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellTouch"="C:\WINDOWS\DELLMMKB.EXE" [09/23/2001 09:14 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe" [03/29/2002 09:40 AM]
"Logitech Utility"="Logi_MwX.Exe" [11/07/2003 05:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"MaxtorOneTouch"="C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe" [12/22/2004 08:21 AM]
"MXOBG"="C:\WINDOWS\MXOALDR.EXE" [06/13/2006 01:31 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/2006 04:57 PM]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [01/12/2006 08:52 PM]
"@"="" []
"Opware15"="C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe" [07/06/2005 12:58 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 02:33 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"TrayServer"="C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe" [10/04/2006 04:41 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 05:34 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"BM87dcd3e6"="C:\WINDOWS\system32\vdskekth.dll" [04/30/2008 01:17 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherWatcher"="C:\Program Files\Weather Watcher\ww.exe" [02/12/2006 02:31 PM]
"AIM"="C:\PROGRA~1\AIM95\aim.exe" [08/01/2006 03:35 PM]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [07/26/2004 08:14 PM]

C:\Documents and Settings\Stephen Sander\Start Menu\Programs\Startup\
DESKTOP.INI [8/31/2001 11:02:02 AM]
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [12/26/2007 6:16:42 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [7/2/2006 7:14:38 AM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
DESKTOP.INI [8/31/2001 11:02:02 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=
"ClearRecentDocsOnExit"=1 (0x1)
"NoSMMyDocs"=1 (0x1)
"NoSMMyPictures"=1 (0x1)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoThemesTab"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoFind"=0 (0x0)
"NoSharedDocuments"=00000000
"NoLowDiskSpaceChecks"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkJyAQJ

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Camio Viewer 2000.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Camio Viewer 2000.lnk
backup=C:\WINDOWS\pss\Camio Viewer 2000.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Stephen Sander^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Stephen Sander\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
C:\Program Files\Creative\SBLive\Program\AHQInit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastSUPPORT]
C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXSHOW95.EXE]
EXSHOW95.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
???????\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\Money Express.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\Updreg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"84efe07a"=rundll32.exe "C:\WINDOWS\system32\lumgkajc.dll",b
"mmtask"=C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
"OpScheduler"="C:\Program Files\ScanSoft\OmniPage15.0\OpScheduler.exe"
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"BM87dcd3e6"=Rundll32.exe "C:\WINDOWS\system32\vdskekth.dll",s

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-05-04 16:04:07 ------------



EXTRA.TXT FOLLOWS:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.60GHz
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 511.01 MiB / 194.35 MiB
Pagefile Memory (total/avail): 2012.49 MiB / 1656.92 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1887.85 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.24 GiB total, 13.47 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 152.66 GiB total, 21.17 GiB free.
G: is CDROM (No Media)
H: is CDROM (No Media)
I: is Fixed (NTFS) - 189.92 GiB total, 47.62 GiB free.
J: is CDROM (No Media)
K: is CDROM (No Media)
L: is CDROM (No Media)
M: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - Maxtor 6Y160P0 - 152.66 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 152.66 GiB - F:

\\.\PHYSICALDRIVE0 - ST340016A - 37.27 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 37.24 GiB - C:

\\.\PHYSICALDRIVE2 - Maxtor OneTouch II USB Device - 189.92 GiB - 1 partition
\PARTITION0 - Installable File System - 189.92 GiB - I:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
FW: McAfee Personal Firewall v (McAfee)
FW: Norton Internet Security 2006 v2006 (Symantec Corporation)
AV: Norton Internet Security 2006 v2006 (Symantec Corporation)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"="C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component"
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"="C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Support.com\\bin\\tgcmd.exe"="C:\\Program Files\\Support.com\\bin\\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher"
"C:\\Program Files\\WS_FTP Pro\\wsftppro.exe"="C:\\Program Files\\WS_FTP Pro\\wsftppro.exe:*:Enabled:WS_FTP Pro Application"
"C:\\Program Files\\LimeWire\\LimeWire 4.0.8\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire 4.0.8\\LimeWire.exe:*:Enabled:LimeWire: The most advanced file sharing program on the planet."
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\World Online TV\\OnlineTV.exe"="C:\\Program Files\\World Online TV\\OnlineTV.exe:*:Disabled:World Online TV"
"mspeupx.exe"="mspeupx.exe:*:Enabled:mspeupx"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Disabled:RealOne Player"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"="C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"="C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Stephen Sander\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=STEVEDELL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Stephen Sander
JAVA_PLUGIN_WEBCONTROL_ENABLE=TCD Watershed Bit
LOGONSERVER=\\STEVEDELL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Smart Projects\IsoBuster
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp
USERDOMAIN=STEVEDELL
USERNAME=Stephen Sander
USERPROFILE=C:\Documents and Settings\Stephen Sander
VeriSign=C:\Program Files\VeriSign
VeriSignTemp=C:\Program Files\VeriSign\Temp
VRSN=C:\Program Files\VeriSign
VRSNTemp=C:\Program Files\VeriSign\Temp
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Stephen Sander (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Creative\SBLive\Program\Upddrv2k.EXE
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\News\CTNews.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\AudioHQ.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\CTMixer.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\HTML.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Midi.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\PlayCenter2\Player2.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Recorder\Recorder.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Restore.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\SoundFont.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\WaveStudio\Wstudio.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Uninstall\Installer.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WS_FTP Pro\uninst.isu"
--> C:\WINDOWS\UNAheadManual.exe /UNINSTALL
--> C:\WINDOWS\unmrw.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> C:\WINDOWS\UNNVEContent.exe /UNINSTALL
--> MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
--> MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ivx D4 4.0.3 (remove only) --> "C:\Program Files\3ivx\3ivx D4 4.0.3\uninstall.exe"
ACDSee 32 --> C:\PROGRA~1\ACDSee32\UNWISE.EXE C:\PROGRA~1\ACDSee32\INSTALL.LOG
ACDSee 4.0.1 Std Trial Version --> MsiExec.exe /I{E185B76C-A393-43F2-A665-9EDCAD932E3C}
Acoustica MP3 Audio Mixer 2.42 --> C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 7.0.9 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{8BC84ECC-EA87-49C0-93C0-2B5DF62745CD}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Bridge CS3 --> MsiExec.exe /I{68CF6DD2-8BA3-4A70-81D8-7CC5F24C9BA2}
Adobe Bridge Start Meeting --> MsiExec.exe /I{7F3A2319-79CF-4701-95FB-034E99281808}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{183B7569-90FB-4C56-9761-0EEB002CAB83}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{20B83B31-09C4-4F0E-9774-EF8A12A0A527}
Adobe Download Manager 2.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Dreamweaver CS3 --> C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3 --> MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8}
Adobe Extension Manager CS3 --> MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe GoLive 6.0 --> "C:\Program Files\InstallShield Installation Information\{97E38F11-0FBE-4BC2-9EE1-5B1421C76F27}\setup.exe"
Adobe Help Viewer CS3 --> MsiExec.exe /I{733D84D6-AAFD-4368-A1D0-F2734F6B9082}
Adobe Illustrator 9.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Illustrator 9.0\Uninst.isu" -c"C:\Program Files\Adobe\Illustrator 9.0\Uninst.dll"
Adobe Image Viewer Plugin 4.0 --> C:\Program Files\Common Files\Adobe\Acrobat 5.0\ImageViewer\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\Acrobat 5.0\ImageViewer\Install.log
Adobe InDesign CS2 --> msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
Adobe PageMaker 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\PageMaker 7.0\Uninst.isu" -c"C:\Program Files\Adobe\PageMaker 7.0\Uninst.dll"
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop 7.0.1 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Setup --> MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Streamline 4.0 --> C:\WINDOWS\uninst.exe -f"c:\program files\adobe\Streamline 4.0\DeIsL1.isu"
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB}
Advanced Directory Printer --> C:\Program Files\Advanced Directory Printer\uninstall.exe
Advanced Email Extractor --> C:\PROGRA~1\ADVANC~2\UNWISE.EXE C:\PROGRA~1\ADVANC~2\INSTALL.LOG
Advanced Replacer 2.5 --> C:\PROGRA~1\PearlFox\UNWISE.EXE C:\PROGRA~1\PearlFox\INSTALL.LOG
AI RoboForm --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
Alien Skin Blow Up --> C:\PROGRA~1\Adobe\PHOTOS~2.0\Plug-Ins\ALIENS~1\ALIENS~1\BLOWUP~1\Unwise32.exe C:\PROGRA~1\Adobe\PHOTOS~2.0\Plug-Ins\ALIENS~1\ALIENS~1\BLOWUP~1\INSTALL.LOG
Alien Skin Eye Candy 5 Nature --> C:\PROGRA~1\Adobe\PHOTOS~2.0\Plug-Ins\ALIENS~1\EYECAN~1\UNWISE.EXE C:\PROGRA~1\Adobe\PHOTOS~2.0\Plug-Ins\ALIENS~1\EYECAN~1\INSTALL.LOG
Alien Skin Eye Candy 5 Textures --> C:\PROGRA~1\Adobe\PHOTOS~2.0\Plug-Ins\ALIENS~1\EYECAN~2\UNWISE.EXE C:\PROGRA~1\Adobe\PHOTOS~2.0\Plug-Ins\ALIENS~1\EYECAN~2\INSTALL.LOG
Alien Skin Image Doctor --> C:\PROGRA~1\Adobe\PHOTOS~2.0\Plug-Ins\ALIENS~2\Unwise32.exe C:\PROGRA~1\Adobe\PHOTOS~2.0\Plug-Ins\ALIENS~2\INSTALL.LOG
Alien Skin Snap Art --> C:\PROGRA~1\Adobe\PHOTOS~2.0\Plug-Ins\ALIENS~1\SNAPAR~1\Unwise32.exe C:\PROGRA~1\Adobe\PHOTOS~2.0\Plug-Ins\ALIENS~1\SNAPAR~1\INSTALL.LOG
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Ant Movie Catalog --> "C:\Program Files\Ant Movie Catalog\unins000.exe"
Any to Icon --> C:\Program Files\Any to Icon\uninstall.exe
AOL Instant Messenger --> C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM=
Apollo DVD Copy 3.0.1 --> "C:\Program Files\Apollo DVD Copy\unins000.exe"
ArtIcons --> C:\Program Files\ArtIcons\uninstall.exe
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVI Codec Pack --> C:\Program Files\AVI Codec Pack\uninstall.exe
AVI Codec Pack Lite --> C:\Program Files\AVI Codec Pack\uninstall.exe
Calculator Powertoy for Windows XP --> MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
ClockWise 3.25b --> C:\Program Files\ClockWise\Uninstall.exe
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
CmdHere Powertoy For Windows XP --> MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}
CoffeeCup StyleSheet Maker --> C:\PROGRA~1\COFFEE~1\STYLES~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\STYLES~1\INSTALL.LOG
ComcastSUPPORT --> C:\PROGRA~1\Support.com\UNWISE.EXE C:\PROGRA~1\Support.com\INSTALL.LOG
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HCF V90 56K Data Fax PCI Modem --> C:\Program Files\UIU\UIU__MODEM_PCI_VEN_14F1&DEV_1033&SUBSYS_020D13E0\SETUP.EXE -U -CMODEM -BPCI -IVEN_14F1&DEV_1033&SUBSYS_020D13E0
Cool Edit Pro 2.0 --> C:\Program Files\coolpro2\cep2unin.exe
Cool Timer 2.1 --> "C:\Program Files\Cool Timer\unins000.exe"
Copernic Agent Professional --> "C:\WINDOWS\CopernicAgentUninstall.exe" /ARGSFILE="C:\Program Files\Copernic Agent\unwise.dat"
CueCard (remove only) --> "C:\Program Files\CueCard\uninst.exe"
Curves 3 --> C:\WINDOWS\Curves 3 Uninstaller.exe
dBpowerAMP Mp4 & AAC Decode Codec --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Mp4 & AAC Decode Codec.dat
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
DellTouch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{706D5382-7381-4680-9DD0-161832578252}\setup.exe"
DivX 5.0.3 Bundle --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\uninstal.log
DivX Player --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Player\uninstal.log
DVD Creator3 --> C:\Program Files\ImTOO\DVD Creator3\Uninstall.exe
DVD Ripper Platinum 4 --> C:\Program Files\ImTOO\DVD Ripper Platinum 4\Uninstall.exe
DVDFab Platinum 3.1.4.0 --> "C:\Program Files\DVDFab Platinum\unins000.exe"
e-Sword --> MsiExec.exe /I{F3E94E75-E6B5-47E9-B775-94B0E25405F8}
eBook d_earn-money-writing-for-newspapers --> C:\WINDOWS\dbrmdwb.exe "d_earn-money-writing-for-newspapers"
EncFlac 1.1.2 --> "C:\Program Files\Winamp\EncFlac-Uninstall.exe"
eReader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED8BB1CA-535A-408D-85C9-ED1986D2B85E}\setup.exe"
Extensis Intellihance Pro 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D187FF17-89F8-455F-ACC4-E7A70746A2C2}\Setup.exe" -l0x9 -uninst
Extensis PhotoTools 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{806D03FF-BC0F-48DB-8D94-4EE3E99E53B5}\Setup.exe" -l0x9 -uninst
Family Tree Maker 2006 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}\setup.exe" -l0x9
File Scavenger 3.0 --> "C:\Program Files\File Scavenger 3.0\unins000.exe"
Filter Forge 1.009 --> "C:\Program Files\Filter Forge\unins000.exe"
Finale Viewer --> C:\WINDOWS\unvise32.exe C:\Program Files\Finale Viewer\uninstal.log
Firebird SQL Server - MAGIX Edition 2.0.0.1 (US) --> C:\Program Files\MAGIX\Common\Database\uninstall.exe
FLAC Installer 1.1.0m (remove only) --> C:\Program Files\FLAC\uninstall.exe
FoneSync --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\FoneSync\Uninst.isu" -c"C:\Program Files\FoneSync\UninstSupport.dll"
Font Creator 5.0 --> "C:\Program Files\High-Logic\Font Creator\unins000.exe"
FontLab4 --> "C:\Program Files\FontLab\FontLab4\un-FontLab4.exe"
Forté Agent --> C:\PROGRA~1\Agent\UNWISE.EXE C:\PROGRA~1\Agent\INSTALL.LOG "Uninstall Forté Agent"
Function Grapher 2.7 --> "C:\Program Files\Function Grapher\unins000.exe"
Fx, Joiner --> C:\PROGRA~1\FX_SOU~1\FXJOIN~1\UNWISE.EXE C:\PROGRA~1\FX_SOU~1\FXJOIN~1\INSTALL.LOG
Garmin MapSource 5.4 --> "C:\Program Files\Garmin\MapSource\uninstall.exe"
Genuine Fractals 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC38B36B-90F8-4C1F-8AC9-236B851B8871}\setup.exe" -l0x9 -uninst -removeonly
Global Mapper 7 --> MsiExec.exe /X{F76B2189-D511-420E-8036-8FBEDE00CF93}
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
HijackThis 2.0.2 --> "C:\Documents and Settings\Stephen Sander\Desktop\HijackThis.exe" /uninstall
hp instant support --> C:\PROGRA~1\HEWLET~1\HPINST~1\Uninstall.exe CeS
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.2 - Scanjet 3970 Series --> MsiExec.exe /I{796ADAFF-7C5B-4CED-BA11-55A3644F1E0D}
HTML Slideshow Powertoy for Windows XP --> MsiExec.exe /I{4E475FD4-4513-4B1D-8DDA-43912B068C99}
Icon to Any --> C:\Program Files\Icon to Any\uninstall.exe
IconEdit32 --> C:\PROGRA~1\ICONED~1\UNWISE.EXE C:\PROGRA~1\ICONED~1\INSTALL.LOG
IconJack32 --> C:\PROGRA~1\ICONJA~1\UNWISE.EXE C:\PROGRA~1\ICONJA~1\INSTALL.LOG
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
InterVideo DVDCopy 4 --> "C:\Program Files\InstallShield Installation Information\{5F70EF2E-DE5D-4CE7-B92A-9F1FC0EE3CA7}\setup.exe" --u:{5F70EF2E-DE5D-4CE7-B92A-9F1FC0EE3CA7}
Ipswitch WS_FTP Pro --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\WS_FTP Pro\uninst.isu" -c"C:\Program Files\WS_FTP Pro\FTPInstUtils.dll"
IsoBuster 2.3 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
jv16 PowerTools 2005 --> "C:\Program Files\jv16 PowerTools 2005\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KnockOut 2 --> C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\Corel\KnockOut 2\UninstKO.isu"
Konica KD-20M User Manual --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45B945C8-289F-11D7-A27A-00055D0C7DC5}\install.exe" -l0x9 -uninst
L&H TTS3000 Español --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSSPE.inf, Uninstall
LimeWire Acceleration Patch 1.0 --> "C:\Program Files\LimeWire Acceleration Patch\unins000.exe"
LimeWire PRO 4.9.22 --> "C:\Program Files\LimeWire\uninstall.exe"
Lizardtech Express View Browser Plug-in --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F8D44E7-3F47-4002-AE6A-BCB6A46A1788}\Setup.exe" -l0x9
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.79 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
MagicDisc 2.5.79 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
MAGIX Audio Cleaning Lab 12 8.0.1.0 (US) --> C:\Program Files\MAGIX\Audio_Cleaning_Lab_12\instslct.exe
MAGIX Movie Edit Pro 12 demo 6.5.4.2 (US) --> C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\instslct.exe
Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover FREE\unins000.exe"
MaxBlast 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{639858DD-4966-40F3-A706-7C838BCF3A2B}\setup.exe"
Maxtor OneTouch --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{231F68F4-70E4-41A6-BEDA-7E7934169B54} /l1033
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Memory-Map OS Edition 2004 --> MsiExec.exe /X{584D986D-17C1-4788-A991-68D9ED421620}
Memory-Map OS Edition 2004 --> MsiExec.exe /X{ACA30291-46B5-4CB2-B8AC-9483BF3BA00A}
Microsoft AutoRoute 2005 --> MsiExec.exe /I{67E4EE98-59F4-4220-89A6-A20AF5BEC689}
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Location Finder --> MsiExec.exe /I{9D18F7F8-B984-4249-8512-CC621BC59F12}
Microsoft Office Converter Pack --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\convpack.isu
Microsoft Office Converter Pack --> MsiExec.exe /X{6EECB283-E65F-40EF-86D3-D51BF02A8D43}
Microsoft Office HTML Filter 2.0 --> MsiExec.exe /I{2BAC066E-F2E9-11D2-A171-00C04F6C9FA4}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft OpenType Font Properties Extension (Remove Only) --> RunDll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\System32\ShellExt\TTFExt.inf, UninstallNT
Microsoft Outlook Existing Items Converter --> MsiExec.exe /I{C72E41B0-240B-11D3-B7F8-00600895EA7E}
Microsoft Outlook Personal Folders Backup --> MsiExec.exe /X{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}
Microsoft Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Streets & Trips 2006 --> MsiExec.exe /I{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
Microsoft Works 2001 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2001\Setup\Launcher.exe E:\
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\SETUP.EXE" ControlPanel
Monkey's Audio --> "C:\Program Files\Monkey's Audio\unins000.exe"
Mosaic Creator 2.95 --> "C:\Program Files\MosaicCreator\unins000.exe"
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 CD Converter 3.02 --> "C:\Program Files\MP3 CD Converter\unins000.exe"
MP3 Surgeon 2.1 --> "C:\Program Files\MP3 Surgeon 2\unins000.exe"
MPEG Encoder 3 --> C:\Program Files\ImTOO\MPEG Encoder 3\Uninstall.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
NeroMIX --> C:\WINDOWS\UNNMIX.exe /UNINSTALL
NewsLeecher v3.8 Final --> "C:\Program Files\NewsLeecher\unins000.exe"
nRoute --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2D4ECAAA-28A3-4D3D-A030-E6025EB3E52C}\setup.exe" -l0x9 AddRemove
NTI CD-Maker 6 Platinum --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}
On2 VP3 Video for Windows Codec --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF59708F-60F4-11D5-866A-00A0D2183227}\Setup.exe" -l0x9
Ordix Mpack Professional 4.00 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Ordix Mpack Pro\ST6UNST.LOG"
OziExplorer 3.95 --> "C:\Program Files\OziExplorer\unins000.exe"
PagePainter --> "C:\Program Files\PagePainter\unins000.exe"
PDF Password Remover v2.2 --> "C:\Program Files\PDF Password Remover v2.2\unins000.exe"
PDF2Web v1.6 --> "C:\Program Files\PDF2Web v1.6\unins000.exe"
Pdf995 --> C:\Program Files\pdf995\setup.exe uninstall
PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C1}\setup.exe" ControlPanel
PhotoKit Color 2 Plug-In Module --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\Adobe Photoshop Only\PixelGenius\PixelGenius Toolbox Plug-In Module\pkc2_uninstal.log
PhotoKit Sharpener Plug-in Module --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\Adobe Photoshop Only\PixelGenius\PhotoKit SHARPENER Plug-in Module\uninstal.log
Plugin Commander Light --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\PICO_LIG.INF, DefaultUninstall.ntx86
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerPoint2DVD 2.1 --> "C:\Program Files\PowerPoint2DVD 2.1\unins000.exe"
PRO200WL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{280C7673-2DF8-4E74-B031-D8F108BE2A6D}\SETUP.EXE" -uninst
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
QuickTime for Windows (32-bit) --> C:\WINDOWS\QTW32DEL.EXE
RadLight MPC DirectShow Filter (remove only) --> "C:\WINDOWS\system32\RadLightMPCUninstall.exe"
RealOne Player --> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
Recover My Files --> "C:\Program Files\Recover My Files\unins000.exe"
RenameWiz Version 3.4.2 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\RenameWiz\ST6UNST.LOG"
Rosetta Stone V3 --> MsiExec.exe /X{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}
ROUTE 66 Route Europe 2005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9443D8A5-0CC2-43E2-9C30-76D17BCD7FAB}\setup.exe" -l0x9
ScanSoft OmniPage 15.0 --> MsiExec.exe /I{0B7DDCD3-D6D8-4366-A6D8-9B6495A2925E}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shockwave --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\INSTALL.LOG
Simple Little Utility for Generating Schemes (SLUGS) 2.1 --> "C:\Program Files\Slugs\unins000.exe"
Social Security Benefit Calculator --> MsiExec.exe /I{5E7FC920-890C-4806-A71F-EB768D453DF2}
Sound Blaster Live! Value --> C:\Program Files\Creative\Uninstall\CTUNINST.EXE /U:UNINST1.INI
Speed Video Converter 3.0.3 --> "C:\Program Files\Speed Video Converter\unins000.exe"
SSA Benefit Calculator --> MsiExec.exe /I{340D61BB-350A-40F4-8CFD-4F860E12066E}
StampManage 2005 --> C:\WINDOWS\iun6002.exe "C:\Program Files\StampManage\irunin.ini"
StuffIt Expander --> MsiExec.exe /X{57DC8980-73DA-481E-AFD4-5E2D44B7F1AD}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Supportsoft Web Controls --> "C:\Program Files\Support.com\unins000.exe"
Tag&Rename --> "C:\Program Files\TagRename\unins000.exe"
TaxCut Pennsylvania 2007 --> MsiExec.exe /X{F8E8BF1C-5AE4-4B36-8ACC-6DF7ED2D409F}
TaxCut Premium + State 2007 --> MsiExec.exe /X{663E217E-FC26-4249-9E8E-F190CD63E737}
Teleport Pro --> "C:\Program Files\Teleport Pro\Remove.exe" /U:"C:\Program Files\Teleport Pro\Remove.log"
The Digital Tradition Folksong Database 3.1 --> C:\Program Files\Digital Tradition\uninst.exe
The Playa --> "C:\Program Files\The Playa\uninstall.exe"
The Right Track Software --> C:\PROGRA~1\RTS\UNINST~1.EXE C:\PROGRA~1\RTS\INSTALL.LOG
The Rosetta Stone --> C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
ThumbsPlus version 5.01-R --> C:\PROGRA~1\Thumbs4\UNWISE.EXE C:\PROGRA~1\Thumbs4\INSTALL.LOG
ThumbsPlus version 6.0 --> C:\PROGRA~1\Thumbs4\UNWISE.EXE C:\PROGRA~1\Thumbs4\INSTALL.LOG
Time Zone Data Update Tool for Microsoft Office Outlook --> MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
TweakNow PowerPack 2006 Professional --> "C:\Program Files\TweakNow PowerPack 2006\unins000.exe"
Ulead COOL 3D 3.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA1BE991-D723-41BE-AD16-42EAFDA794EA}\Setup.exe"
Ulead VideoStudio 7 ESD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}\setup.exe" -l0x9
USB Storage Adapter FX (MXO) --> MXOun.exe MXOFX
VeriSign i-Nav and Components --> C:\Program Files\VeriSign\NAVI\naviagent.exe uninstall=i-nav uimode=uninstall
VideoLAN VLC media player 0.8.6b --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
ViewSonic INF and ICM Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6701B60-83D2-11D4-A9BD-E7B3F191CF63}\Setup.exe"
Weather Watcher --> "C:\Program Files\Weather Watcher\unins000.exe"
WillMaker 8 --> C:\WINDOWS\unvise32.exe C:\Program Files\WillMaker 8\uninstal.log
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format SDK Hotfix [See KB892906 for more information] --> C:\WINDOWS\$NtUninstallKB892906$\spuninst\spuninst.exe
WinMX --> C:\Program Files\WinMX\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WinZip Internet Browser Support --> "C:\PROGRA~1\WINZIP\winzip32.exe" /inetuninstall
Xara3D 5 --> C:\Program Files\Xara\Xara3D5\System\Uninstaller.exe
XviD 1.1 final uninstall --> "C:\Program Files\XviD\unins000.exe"
yEnc32 (remove only) --> "C:\Program Files\eSite Media\yEnc32\uninstall.exe"
ZBrush 1.13 --> C:\WINDOWS\iun506.exe C:\Program Files\ZBrush\irunin.ini


-- Application Event Log -------------------------------------------------------

Event Record #/Type22161 / Error
Event Submitted/Written: 05/04/2008 04:02:47 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type22160 / Error
Event Submitted/Written: 05/04/2008 04:02:01 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type22159 / Error
Event Submitted/Written: 05/04/2008 03:52:57 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application aim.exe, version 5.9.6089.0, faulting module unknown, version 0.0.0.0, fault address 0x1221254f.
Processing media-specific event for [aim.exe!ws!]

Event Record #/Type22153 / Error
Event Submitted/Written: 05/03/2008 10:00:34 PM
Event ID/Source: 12289 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{3cb10846-f8f2-11dc-8428-0080add0e34f},0xc0000000,0x00000003,...). hr = 0x80070005.

Event Record #/Type22152 / Error
Event Submitted/Written: 05/03/2008 10:00:34 PM
Event ID/Source: 12289 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{fc5db5ee-b3b9-11dc-8418-0080add0e34f},0xc0000000,0x00000003,...). hr = 0x80070005.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3311 / Warning
Event Submitted/Written: 05/04/2008 05:47:59 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type3298 / Warning
Event Submitted/Written: 05/03/2008 10:00:04 PM
Event ID/Source: 128 / Removable Storage Service
Event Description:
The device number of a(n) CdRom drive cannot be determined. This device failed to configure.
This event may be logged several times for the same device.

Event Record #/Type3297 / Warning
Event Submitted/Written: 05/03/2008 10:00:04 PM
Event ID/Source: 128 / Removable Storage Service
Event Description:
The device number of a(n) CdRom drive cannot be determined. This device failed to configure.
This event may be logged several times for the same device.

Event Record #/Type3296 / Warning
Event Submitted/Written: 05/03/2008 10:00:04 PM
Event ID/Source: 128 / Removable Storage Service
Event Description:
The device number of a(n) CdRom drive cannot be determined. This device failed to configure.
This event may be logged several times for the same device.

Event Record #/Type3295 / Warning
Event Submitted/Written: 05/03/2008 10:00:04 PM
Event ID/Source: 128 / Removable Storage Service
Event Description:
The device number of a(n) CdRom drive cannot be determined. This device failed to configure.
This event may be logged several times for the same device.



-- End of Deckard's System Scanner: finished at 2008-05-04 16:04:07 ------------



MOVED.TXT FOLLOWS:

Directories/Files moved to C:\Deckard\System Scanner\backup

2008-05-03 10:08:51 22196 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\b120x240.tmp
2008-05-03 10:08:51 22196 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\b120x600.tmp
2008-05-03 10:08:51 22196 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\b120x90.tmp
2008-05-03 10:08:51 22196 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\b125x125.tmp
2008-05-03 10:08:51 22196 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\b160x600.tmp
2008-05-03 10:08:51 22196 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\b180x150.tmp
2008-05-03 10:08:51 22196 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\b234x60.tmp
2008-05-03 10:08:51 22196 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\b240x400.tmp
2008-05-03 10:08:51 22196 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\b250x250.tmp
2008-05-03 10:08:51 22196 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\b300x100.tmp
2008-05-03 10:08:51 22196 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\b300x250.tmp
2008-05-03 10:08:51 22196 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\b336x280.tmp
2008-05-03 10:08:51 22196 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\b468x60.tmp
2008-05-03 10:08:51 22196 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\b720x300.tmp
2008-05-03 10:08:51 22196 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\b728x90.tmp
2008-05-03 08:51:15 0 d-------- C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\Citrix
2008-05-03 08:51:15 0 d-------- C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\CitrixLogs
2008-05-03 05:47:34 0 d-------- C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\Google Toolbar
2008-05-03 11:14:19 0 d-------- C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\hsperfdata_Stephen Sander
2008-05-03 09:39:08 2384 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\java_install_reg.log
2008-05-03 16:13:06 1197 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\jusched.log
2008-05-03 10:11:08 0 d-------- C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\KAV Updater update files
2008-05-03 07:43:31 44379 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\McAfeeUpdate.cab
2007-08-08 18:58:18 275776 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\McAfeeUpdate.exe <Verified; McAfee, Inc.; McAfee update utility>
2008-05-03 23:50:20 0 d-------- C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\msohtml1
2008-05-03 07:36:39 848409 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\mvt.cab
2008-05-03 08:47:45 836 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\mvtapp.log
2008-05-03 07:47:51 92 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\MVTDetection.log
2008-05-03 08:21:57 16384 --a-----t C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\Perflib_Perfdata_594.dat
2008-05-03 08:37:38 16384 --a-----t C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\Perflib_Perfdata_c4c.dat
2008-02-29 16:03:44 146672 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\SSUPDATE.EXE <Verified; SUPERAntiSpyware.com; SUPERAntiSpyware Update Application>
2008-05-03 07:54:06 8194 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\Supporatability.log
2007-10-23 06:32:33 0 d---s---- C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\Temporary Internet Files
2008-05-03 16:22:36 1097 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\TWAIN.LOG
2008-05-03 16:22:35 3 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\Twain001.Mtx
2008-05-03 16:22:34 156 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\Twunk001.MTX
2008-05-01 07:33:59 0 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\Twunk002.MTX
2008-05-01 05:53:21 0 d-------- C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\VBE
2008-05-02 06:26:47 120 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\wecerr.txt
1999-08-09 11:01:40 632328 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\wmaudio.exe <Verified; Microsoft Corporation; Windows Media Component Setup Application>
2002-12-11 14:11:50 4085904 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\wmf9.exe <Verified; Microsoft Corporation; Windows Media Component Setup Application>
2002-08-21 04:56:36 793536 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\wmpcdcs8.exe <Verified; Microsoft Corporation; Windows Media Component Setup Application>
2008-05-03 16:00:07 0 d--h----- C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\~bxkriou.tmp
2008-05-03 15:51:40 16384 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\~DFA30E.tmp
2008-05-03 05:33:44 16384 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\~DFBD54.tmp
2008-05-03 08:16:21 16384 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\~DFC5F6.tmp
2008-05-03 08:07:37 16384 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\~DFCD40.tmp
2008-05-03 08:33:02 16384 --a------ C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\~DFE4A0.tmp
2008-05-03 15:47:09 0 d--h----- C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\~vteibji.tmp
2008-04-28 00:07:41 127 --a------ C:\WINDOWS\temp\D653F3EC.TMP
2008-05-03 08:16:52 2048 --a-----t C:\WINDOWS\temp\mcafee_jJRzpfeNocIb1do
2008-05-03 15:52:14 2048 --a-----t C:\WINDOWS\temp\mcafee_qf1ix65qRvdNwCG
2008-05-03 08:43:50 2048 --a-----t C:\WINDOWS\temp\mcafee_v1YAgaX7E9p1gfS
2008-05-03 08:32:30 2048 --a-----t C:\WINDOWS\temp\mcafee_xe5lNJwqeP4cXUA
2008-05-03 05:34:33 0 d-------- C:\WINDOWS\temp\MCE00000
2008-05-03 08:06:52 0 d-------- C:\WINDOWS\temp\MCE00001
2008-05-03 08:16:53 0 d-------- C:\WINDOWS\temp\MCE00002
2008-05-03 08:32:20 0 d-------- C:\WINDOWS\temp\MCE00003
2008-05-03 08:43:45 0 d-------- C:\WINDOWS\temp\MCE00004
2008-05-03 15:52:11 0 d-------- C:\WINDOWS\temp\MCE00005
2008-05-03 16:08:15 0 d-------- C:\WINDOWS\temp\MCE00006
2008-05-03 10:14:38 1024 --a-----t C:\WINDOWS\temp\mcmsc_1Cxpwc2UXjIjeNi
2008-05-03 08:32:14 0 --a-----t C:\WINDOWS\temp\mcmsc_5oT05RJJxt6jHku
2008-05-03 08:32:51 1024 --a-----t C:\WINDOWS\temp\mcmsc_9yCuY19U4YzsJDO
2008-05-03 08:43:33 0 --a-----t C:\WINDOWS\temp\mcmsc_Gc9WJjxARKVHUKS
2008-05-03 15:51:50 0 --a-----t C:\WINDOWS\temp\mcmsc_GE3aIhRXOkoCFJX
2008-05-03 08:16:30 0 --a-----t C:\WINDOWS\temp\mcmsc_uD4bZrwOTqeFMDK
2008-05-03 16:07:56 66 --a------ C:\WINDOWS\temp\WGAErrLog.txt
2008-05-03 16:10:26 409 --a------ C:\WINDOWS\temp\WGANotify.settings
2002-07-25 13:21:34 167936 -----n--- C:\WINDOWS\Downloaded Program Files\iSetup.exe <Not Verified; InstallShield Software Corporation; InstallShield ®>
2008-04-17 15:53:54 147456 --a------ C:\WINDOWS\Downloaded Program Files\Uploader.exe <Not Verified; McAfee Inc.,; McAfee Virtual Technician>
2005-05-06 19:45:50 69632 -----n--- C:\WINDOWS\Downloaded Program Files\atl.dll <Not Verified; Microsoft Corporation; Microsoft ® Visual C++>
2006-02-08 02:00:00 288376 -----n--- C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll <Verified; Symantec Corporation; ECOM Server>
2004-08-23 16:18:14 87240 -----n--- C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
2002-07-25 13:21:56 24576 -----n--- C:\WINDOWS\Downloaded Program Files\iSetup.dll <Not Verified; InstallShield Software Corporation; InstallShield ®>
2004-10-27 15:10:26 111752 -----n--- C:\WINDOWS\Downloaded Program Files\LSSupCtl.dll <Verified; Symantec Corporation; LiveReg>
2008-04-17 15:56:58 117584 --a------ C:\WINDOWS\Downloaded Program Files\McContentMgr.dll <Verified; McAfee Inc.; McAfee Virtual Technician>
2008-04-17 15:56:16 354136 --a------ C:\WINDOWS\Downloaded Program Files\McHealthCheck.dll <Verified; McAfee Inc.; McAfee Virtual Technician>
2008-04-17 15:57:18 119112 --a------ C:\WINDOWS\Downloaded Program Files\McLogMgr.dll <Verified; McAfee Inc.; McAfee Virtual Technician>
2008-04-17 15:56:38 527696 --a------ C:\WINDOWS\Downloaded Program Files\McPlugins.dll <Verified; McAfee Inc.; McAfee Virtual Technician>
2008-04-17 15:57:38 238416 --a------ C:\WINDOWS\Downloaded Program Files\McProdMgr.dll <Verified; McAfee Inc.; McAfee Virtual Technician>
2005-05-06 19:45:50 413696 -----n--- C:\WINDOWS\Downloaded Program Files\msvcp60.dll <Verified; Microsoft Corporation; Microsoft ® Visual C++>
2008-04-17 15:55:34 291680 --a------ C:\WINDOWS\Downloaded Program Files\MVT.dll <Verified; McAfee Inc.; McAfee Virtual Technician>
2006-08-29 15:11:16 288768 -----n--- C:\WINDOWS\Downloaded Program Files\MVTFrameworkWrapper.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2006-08-29 15:11:42 314880 -----n--- C:\WINDOWS\Downloaded Program Files\MVTPlugins.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2006-02-08 02:00:00 124584 -----n--- C:\WINDOWS\Downloaded Program Files\naveng32.dll <Verified; Symantec Corporation; Symantec Antivirus Engine>
2006-02-08 02:00:00 788136 -----n--- C:\WINDOWS\Downloaded Program Files\navex32a.dll <Verified; Symantec Corporation; Symantec Antivirus Engine>
2006-08-29 15:10:56 184320 -----n--- C:\WINDOWS\Downloaded Program Files\SupportabilityFramework.dll <Not Verified; McAfee; Supportability>
2005-11-14 14:40:24 161384 -----n--- C:\WINDOWS\Downloaded Program Files\SymAData.dll <Verified; ; SymAData Module>
2006-02-21 12:56:10 246424 -----n--- C:\WINDOWS\Downloaded Program Files\unicows.dll <Verified; Microsoft Corporation; Microsoft ® Windows ® 95, Windows ® 98, and Windows ® Millennium Operating Systems>
2005-06-03 12:24:32 286720 -----n--- C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx <Not Verified; Snapfish; Snapfish Activia>

-*- End of Logfile -*-

#3 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 04 May 2008 - 04:13 PM

Hi

NO need to re-run Kaspersky ... yet

You've been downloading illegal cracks (Keygens) & thats where all your problems have come from ...

Download Malwarebytes' Anti-Malware from Here :-

http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

or here :-

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

THEN ...

Please follow these directions to run Combofix & post a log.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#4 StevePA

StevePA
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 05 May 2008 - 06:48 AM

ATTACHED ARE SOME OF THE LOGS:

===============
Malwarebytes' Anti-Malware 1.11 log:
===============
Malwarebytes' Anti-Malware 1.11
Database version: 716

Scan type: Quick Scan
Objects scanned: 39472
Time elapsed: 42 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM87dcd3e6 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\vdskekth.dll (Trojan.Agent) -> Delete on reboot.



==================
combofix log
==================

ComboFix 08-05-01.3 - Stephen Sander 2008-05-05 7:15:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.186 [GMT -4:00]
Running from: C:\Documents and Settings\Stephen Sander\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\SYSTEM32\cjakgmul.ini
C:\WINDOWS\system32\dbxDgrevCheck.dll
C:\WINDOWS\SYSTEM32\JQAyJkkj.ini
C:\WINDOWS\SYSTEM32\JQAyJkkj.ini2
C:\WINDOWS\system32\mcxcnfgf.dll
C:\WINDOWS\system32\objhmyrw.dll
C:\WINDOWS\system32\obynlnww.ini
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\ufoxlfmi.dll
I:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
.

2008-05-04 20:08 . 2008-05-04 20:08 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-04 20:08 . 2008-05-04 20:08 <DIR> d-------- C:\Documents and Settings\Stephen Sander\Application Data\Malwarebytes
2008-05-04 20:08 . 2008-05-04 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-03 15:46 . 2008-05-03 15:46 <DIR> d-------- C:\Deckard
2008-05-03 10:02 . 2008-05-03 10:02 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-05-03 10:02 . 2008-05-03 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-03 08:50 . 2008-05-03 08:50 61,224 --a------ C:\Documents and Settings\Stephen Sander\GoToAssistDownloadHelper.exe
2008-05-03 07:35 . 2008-05-03 07:35 <DIR> d-------- C:\Documents and Settings\Stephen Sander\Application Data\McAfee
2008-04-30 11:24 . 2008-04-30 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-30 11:23 . 2008-04-30 20:26 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-30 11:23 . 2008-04-30 11:23 <DIR> d-------- C:\Documents and Settings\Stephen Sander\Application Data\SUPERAntiSpyware.com
2008-04-30 11:17 . 2008-04-30 11:18 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-04-30 08:33 . 2008-03-25 02:37 69,632 --------- C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-04-30 06:24 . 2008-04-30 06:24 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-30 06:24 . 2008-04-30 06:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-29 01:17 . 2008-05-04 05:34 109,738 --------- C:\WINDOWS\BM87dcd3e6.xml
2008-04-25 15:09 . 2008-04-25 15:11 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-04-25 15:09 . 2008-04-25 15:09 <DIR> d-------- C:\Documents and Settings\Stephen Sander\Application Data\TuneUp Software
2008-04-25 15:09 . 2008-04-25 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-04-25 15:09 . 2008-04-25 15:09 354,560 --------- C:\WINDOWS\SYSTEM32\TuneUpDefragService.exe
2008-04-25 15:09 . 2008-04-04 14:51 28,416 --------- C:\WINDOWS\SYSTEM32\uxtuneup.dll
2008-04-22 20:26 . 2008-04-22 20:26 54,156 ---h----- C:\WINDOWS\QTFont.qfn
2008-04-22 20:26 . 2008-04-22 20:26 1,409 --------- C:\WINDOWS\QTFont.for
2008-04-15 19:52 . 2008-04-15 19:52 <DIR> d-------- C:\Program Files\Smart Projects
2008-04-09 09:15 . 2008-04-09 09:15 <DIR> d-------- C:\Program Files\SSA Benefit Calculator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 11:30 --------- d-----w C:\Program Files\Weather Watcher
2008-05-01 00:00 --------- d-----w C:\Program Files\MSECache
2008-04-30 15:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 12:37 --------- d-----w C:\Program Files\Java
2008-04-27 15:53 --------- d-----w C:\Documents and Settings\Stephen Sander\Application Data\Alien Skin
2008-04-26 14:16 --------- d-----w C:\Documents and Settings\Stephen Sander\Application Data\Vso
2008-04-25 13:24 --------- d-----w C:\Program Files\Agent
2008-04-25 10:38 --------- d-----w C:\Program Files\McAfee
2008-04-16 16:44 6,831 ------w C:\WINDOWS\panose.bin
2008-04-15 11:49 --------- d-----w C:\Program Files\Thumbs4
2008-04-07 16:36 151,296 ----a-w C:\Documents and Settings\Stephen Sander\Application Data\GDIPFONTCACHEV1.DAT
2008-04-05 12:41 --------- d-----w C:\Program Files\PhoneTools
2008-04-05 10:02 --------- d-----w C:\Program Files\Replay Radio 6
2008-03-31 17:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2008-03-24 12:04 --------- d-----w C:\Program Files\Rosetta Stone
2008-03-23 17:40 --------- d-----w C:\Documents and Settings\Stephen Sander\Application Data\TaxCut
2008-03-23 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2008-03-23 16:51 --------- d-----w C:\Documents and Settings\Stephen Sander\Application Data\pdf995
2008-03-23 16:00 --------- d-----w C:\Program Files\TaxCut07
2008-03-23 15:57 --------- d-----w C:\Program Files\PDF995
2008-03-23 15:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\TaxCut
2008-03-22 23:50 --------- d-----w C:\Program Files\Common Files\Intuit
2008-03-20 15:09 --------- d-----w C:\Program Files\Smith Micro
2008-03-20 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-18 18:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-29 09:36 87,608 ----a-w C:\Documents and Settings\Stephen Sander\Application Data\inst.exe
2007-06-29 09:36 47,360 ----a-w C:\Documents and Settings\Stephen Sander\Application Data\pcouffin.sys
2004-01-10 11:27 18,601 ------w C:\Program Files\setuplog.txt
2003-07-03 11:42 560 ------w C:\Program Files\Global.sw
.

#5 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 05 May 2008 - 02:47 PM

Please post the FULL Combofix log ...

This entry found by KASPERSKY

C:\data Infected: Trojan-Downloader.Win32.IstBar.nh

Is it a folder or a file, if it's a folder, what's in it ?

-
Delete this folder :-

F:\000\Adobe Keygen Collection ... it's where all the trojans are coming from ...

Then run and post a new KASPERSKY on-line scan

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#6 StevePA

StevePA
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 05 May 2008 - 03:25 PM

Please post the FULL Combofix log ...


--- Where would I find this. I thought I did it...here is what I have:
==============
Saturday, May 03, 2008 3:43:45 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/05/2008
Kaspersky Anti-Virus database records: 737090


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Folders
C:\
F:\000\
F:\001\
F:\002\
F:\003\
F:\DVDFabPlatinum_Temp\
F:\Games\
F:\Gamin Maps\
F:\Memory-Map Data Files\
F:\msdownld.tmp\
F:\MTM\
F:\My Documents\Cheyney\
F:\My Documents\Family Photos\
F:\My Documents\Homedocs\
F:\My Documents\HRC\
F:\My Documents\HTM\
F:\My Documents\Maps\
F:\My Documents\Rec\
F:\My Documents\UU\
F:\RECYCLER\
F:\Steve Backups\
F:\System Volume Information\
F:\Temp\
F:\Video\
F:\WUTemp\
I:\a3b1f410f7f65898fda1cc09\
I:\Backups\
I:\CloneDVDTemp\
I:\data\
I:\documentation\
I:\languages
I:\RECYCLER\
I:\speech\
I:\System Volume Information\

Scan Statistics
Total number of scanned objects 238545
Number of viruses found 4
Number of infected objects 60
Number of suspicious objects 0
Duration of the scan process 04:35:28

Infected Object Name Virus Name Last Action
C:\data Infected: Trojan-Downloader.Win32.IstBar.nh skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Stephen Sander\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Stephen Sander\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Stephen Sander\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Stephen Sander\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Stephen Sander\Local Settings\History\History.IE5\MSHist012008050320080504\index.dat Object is locked skipped

C:\Documents and Settings\Stephen Sander\Local Settings\Temp\hsperfdata_Stephen Sander\1108 Object is locked skipped

C:\Documents and Settings\Stephen Sander\Local Settings\Temporary Internet Files\Content.IE5\G60HD37U\SDFix[1].htm Object is locked skipped

C:\Documents and Settings\Stephen Sander\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Stephen Sander\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Stephen Sander\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edbtmp.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\dbxDgrevCheck.dll Infected: not-a-virus:AdWare.Win32.Agent.cb skipped

C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\mcxcnfgf.dll Infected: Packed.Win32.Monder.gen skipped

C:\WINDOWS\SYSTEM32\objhmyrw.dll Infected: Packed.Win32.Monder.gen skipped

C:\WINDOWS\SYSTEM32\ufoxlfmi.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt skipped

C:\WINDOWS\SYSTEM32\vdskekth.dll Infected: Packed.Win32.Monder.gen skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\mcafee_v1YAgaX7E9p1gfS Object is locked skipped

C:\WINDOWS\Temp\mcmsc_1Cxpwc2UXjIjeNi Object is locked skipped

C:\WINDOWS\Temp\mcmsc_Gc9WJjxARKVHUKS Object is locked skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

F:\000\Adobe Keygen Collection\Adobe Acrobat 3D 8.1 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe Acrobat 3D 8.1 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe Acrobat 3D 8.1 Keygen.exe Rsrc-Package: infected - 2 skipped

F:\000\Adobe Keygen Collection\Adobe Acrobat 8.0 Professional keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe Acrobat 8.0 Professional keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe Acrobat 8.0 Professional keygen.exe Rsrc-Package: infected - 2 skipped

F:\000\Adobe Keygen Collection\Adobe After Effects CS3 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe After Effects CS3 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe After Effects CS3 Keygen.exe Rsrc-Package: infected - 2 skipped

F:\000\Adobe Keygen Collection\Adobe Audition 2.0 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe Audition 2.0 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe Audition 2.0 Keygen.exe Rsrc-Package: infected - 2 skipped

F:\000\Adobe Keygen Collection\Adobe Captivate 3.0 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe Captivate 3.0 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe Captivate 3.0 Keygen.exe Rsrc-Package: infected - 2 skipped

F:\000\Adobe Keygen Collection\Adobe ColdFusion 8.0 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe ColdFusion 8.0 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe ColdFusion 8.0 Keygen.exe Rsrc-Package: infected - 2 skipped

F:\000\Adobe Keygen Collection\Adobe Contribute CS3 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe Contribute CS3 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe Contribute CS3 Keygen.exe Rsrc-Package: infected - 2 skipped

F:\000\Adobe Keygen Collection\Adobe CS3 Design Premium Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe CS3 Design Premium Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe CS3 Design Premium Keygen.exe Rsrc-Package: infected - 2 skipped

F:\000\Adobe Keygen Collection\Adobe CS3 Web Premium Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe CS3 Web Premium Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe CS3 Web Premium Keygen.exe Rsrc-Package: infected - 2 skipped

F:\000\Adobe Keygen Collection\Adobe Dreamweaver CS3 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe Dreamweaver CS3 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe Dreamweaver CS3 Keygen.exe Rsrc-Package: infected - 2 skipped

F:\000\Adobe Keygen Collection\Adobe Encore DVD 2.0 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe Encore DVD 2.0 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe Encore DVD 2.0 Keygen.exe Rsrc-Package: infected - 2 skipped

F:\000\Adobe Keygen Collection\Adobe Fireworks CS3 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe Fireworks CS3 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe Fireworks CS3 Keygen.exe Rsrc-Package: infected - 2 skipped

F:\000\Adobe Keygen Collection\Adobe Flash CS3 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe Flash CS3 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe Flash CS3 Keygen.exe Rsrc-Package: infected - 2 skipped

F:\000\Adobe Keygen Collection\Adobe Flex Builder 2.0 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe Flex Builder 2.0 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe Flex Builder 2.0 Keygen.exe Rsrc-Package: infected - 2 skipped

F:\000\Adobe Keygen Collection\Adobe FrameMaker 8.0 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe FrameMaker 8.0 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe FrameMaker 8.0 Keygen.exe Rsrc-Package: infected - 2 skipped

F:\000\Adobe Keygen Collection\Adobe GoLive CS3 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe GoLive CS3 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe GoLive CS3 Keygen.exe Rsrc-Package: infected - 2 skipped

F:\000\Adobe Keygen Collection\Adobe Graphics Server 2.1 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe Graphics Server 2.1 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe Graphics Server 2.1 Keygen.exe Rsrc-Package: infected - 2 skipped

F:\000\Adobe Keygen Collection\Adobe InCopy CS3 Keygen.exe/data0000.cab/is200079.exe Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe InCopy CS3 Keygen.exe/data0000.cab Infected: Packed.Win32.Monder.gen skipped

F:\000\Adobe Keygen Collection\Adobe InCopy CS3 Keygen.exe Rsrc-Package: infected - 2 skipped

F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
=================================

This entry found by KASPERSKY

C:\data Infected: Trojan-Downloader.Win32.IstBar.nh


It is some indeterminate type...4 Kb, from Nov 2005. Should I just permenantly delete it?

-
Delete this folder :-

F:\000\Adobe Keygen Collection ... it's where all the trojans are coming from ...

--- Already did this as soon as you mentioned the keygens as a source of the problem...thanks.

Then run and post a new KASPERSKY on-line scan


Will do

#7 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 05 May 2008 - 03:54 PM

Hi

This entry found by KASPERSKY

C:\data Infected: Trojan-Downloader.Win32.IstBar.nh

It is some indeterminate type...4 Kb, from Nov 2005. Should I just permenantly delete it?


Yes ... delete it.

Please post the FULL Combofix log ...

--- Where would I find this. I thought I did it...here is what I have:


That's the KASPERSKY log ... you'll find the Combofix log here :-

C:\Combofix.txt

there should be a lot more information after the part you posted ...

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#8 StevePA

StevePA
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 06 May 2008 - 04:29 AM

I have permenantly deleted c:\data as you said...though it might still show up in Kaspersky because I did it after running Kaspersky. The report is below.

I re-ran DSS.

I re-ran Combofix. The report is below.

======================================
KASPERSKY REPORT FOLLOWS
======================================
KASPERSKY ONLINE SCANNER REPORT
May 06, 2008 4:50:06 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/05/2008
Kaspersky Anti-Virus database records: 741235


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Folders
C:\
F:\000\
F:\001\
F:\002\
F:\003\
F:\Documents\Misc\HTM\
F:\Documents\Misc\Video\
F:\DVDFabPlatinum_Temp\
F:\Games\
F:\msdownld.tmp\
F:\MTM\
F:\My Documents\
F:\RECYCLER\
F:\System Volume Information\
F:\Temp\
F:\Video\
F:\WUTemp\
I:\a3b1f410f7f65898fda1cc09\
I:\Backups\
I:\CloneDVDTemp\
I:\data\
I:\documentation\
I:\Qoobox\
I:\RECYCLER\
I:\speech\
I:\System Volume Information\

Scan Statistics
Total number of scanned objects 272153
Number of viruses found 4
Number of infected objects 63
Number of suspicious objects 0
Duration of the scan process 04:43:11

Infected Object Name Virus Name Last Action
C:\data Infected: Trojan-Downloader.Win32.IstBar.nh skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Stephen Sander\Application Data\Aim\cxmemjlq\sanderathome\cert8.db Object is locked skipped

C:\Documents and Settings\Stephen Sander\Application Data\Aim\cxmemjlq\sanderathome\key3.db Object is locked skipped

C:\Documents and Settings\Stephen Sander\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Stephen Sander\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Stephen Sander\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Stephen Sander\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Stephen Sander\Local Settings\History\History.IE5\MSHist012008050520080506\index.dat Object is locked skipped

C:\Documents and Settings\Stephen Sander\Local Settings\temp\~DF78DE.tmp Object is locked skipped

C:\Documents and Settings\Stephen Sander\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Stephen Sander\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Stephen Sander\ntuser.dat.LOG Object is locked skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\dbxDgrevCheck.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.cb skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mcxcnfgf.dll.vir Infected: Trojan.Win32.Monder.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\objhmyrw.dll.vir Infected: Trojan.Win32.Monder.gen skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ufoxlfmi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt skipped

C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP4\A0002259.dll Infected: not-a-virus:AdWare.Win32.Agent.cb skipped

C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP4\A0002263.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP4\A0002264.dll Infected: Trojan.Win32.Monder.gen skipped

C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP4\A0002265.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt skipped

C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP4\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{651B3B73-824B-4380-A117-E1BC7ECA4C47}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\MsDtc\MSDTC.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\MsDtc\Trace\dtctrace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\mcafee_kT7ulLWlyLQxfXK Object is locked skipped

C:\WINDOWS\Temp\mcmsc_NkKRLlXvOR5vX9v Object is locked skipped

C:\WINDOWS\Temp\mcmsc_RZE2dQpTYE2Jw23 Object is locked skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002156.exe/data0000.cab/is200079.exe Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002156.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002156.exe Rsrc-Package: infected - 2 skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002157.exe/data0000.cab/is200079.exe Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002157.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002157.exe Rsrc-Package: infected - 2 skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002158.exe/data0000.cab/is200079.exe Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002158.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002158.exe Rsrc-Package: infected - 2 skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002159.exe/data0000.cab/is200079.exe Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002159.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002159.exe Rsrc-Package: infected - 2 skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002160.exe/data0000.cab/is200079.exe Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002160.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002160.exe Rsrc-Package: infected - 2 skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002161.exe/data0000.cab/is200079.exe Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002161.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002161.exe Rsrc-Package: infected - 2 skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002162.exe/data0000.cab/is200079.exe Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002162.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002162.exe Rsrc-Package: infected - 2 skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002163.exe/data0000.cab/is200079.exe Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002163.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002163.exe Rsrc-Package: infected - 2 skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002164.exe/data0000.cab/is200079.exe Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002164.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002164.exe Rsrc-Package: infected - 2 skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002165.exe/data0000.cab/is200079.exe Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002165.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002165.exe Rsrc-Package: infected - 2 skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002166.exe/data0000.cab/is200079.exe Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002166.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002166.exe Rsrc-Package: infected - 2 skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002167.exe/data0000.cab/is200079.exe Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002167.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002167.exe Rsrc-Package: infected - 2 skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002168.exe/data0000.cab/is200079.exe Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002168.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002168.exe Rsrc-Package: infected - 2 skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002169.exe/data0000.cab/is200079.exe Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002169.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002169.exe Rsrc-Package: infected - 2 skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002170.exe/data0000.cab/is200079.exe Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002170.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002170.exe Rsrc-Package: infected - 2 skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002171.exe/data0000.cab/is200079.exe Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002171.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002171.exe Rsrc-Package: infected - 2 skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002172.exe/data0000.cab/is200079.exe Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002172.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002172.exe Rsrc-Package: infected - 2 skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002173.exe/data0000.cab/is200079.exe Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002173.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP2\A0002173.exe Rsrc-Package: infected - 2 skipped

F:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP4\change.log Object is locked skipped

I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

I:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP4\change.log Object is locked skipped

Scan process completed.


===========================
COMBOFIX REPORT FOLLOWS
===========================
ComboFix 08-05-01.3 - Stephen Sander 2008-05-06 5:04:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.145 [GMT -4:00]Running from: C:\Documents and Settings\Stephen Sander\Desktop\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\SYSTEM32\cjakgmul.ini
C:\WINDOWS\system32\dbxDgrevCheck.dll
C:\WINDOWS\SYSTEM32\JQAyJkkj.ini
C:\WINDOWS\SYSTEM32\JQAyJkkj.ini2
C:\WINDOWS\system32\mcxcnfgf.dll
C:\WINDOWS\system32\objhmyrw.dll
C:\WINDOWS\system32\obynlnww.ini
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\ufoxlfmi.dll
I:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 )))))))))))))))))))))))))))))))
.

2008-05-04 20:08 . 2008-05-04 20:08 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-04 20:08 . 2008-05-04 20:08 <DIR> d-------- C:\Documents and Settings\Stephen Sander\Application Data\Malwarebytes
2008-05-04 20:08 . 2008-05-04 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-03 15:46 . 2008-05-03 15:46 <DIR> d-------- C:\Deckard
2008-05-03 10:02 . 2008-05-03 10:02 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-05-03 10:02 . 2008-05-03 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-03 08:50 . 2008-05-03 08:50 61,224 --a------ C:\Documents and Settings\Stephen Sander\GoToAssistDownloadHelper.exe
2008-05-03 07:35 . 2008-05-03 07:35 <DIR> d-------- C:\Documents and Settings\Stephen Sander\Application Data\McAfee
2008-04-30 11:24 . 2008-04-30 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-30 11:23 . 2008-04-30 20:26 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-30 11:23 . 2008-04-30 11:23 <DIR> d-------- C:\Documents and Settings\Stephen Sander\Application Data\SUPERAntiSpyware.com
2008-04-30 11:17 . 2008-04-30 11:18 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-04-30 08:33 . 2008-03-25 02:37 69,632 --------- C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-04-30 06:24 . 2008-04-30 06:24 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-30 06:24 . 2008-04-30 06:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-29 01:17 . 2008-05-04 05:34 109,738 --------- C:\WINDOWS\BM87dcd3e6.xml
2008-04-25 15:09 . 2008-04-25 15:11 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-04-25 15:09 . 2008-04-25 15:09 <DIR> d-------- C:\Documents and Settings\Stephen Sander\Application Data\TuneUp Software
2008-04-25 15:09 . 2008-04-25 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-04-25 15:09 . 2008-04-25 15:09 354,560 --------- C:\WINDOWS\SYSTEM32\TuneUpDefragService.exe
2008-04-25 15:09 . 2008-04-04 14:51 28,416 --------- C:\WINDOWS\SYSTEM32\uxtuneup.dll
2008-04-22 20:26 . 2008-04-22 20:26 54,156 ---h----- C:\WINDOWS\QTFont.qfn
2008-04-22 20:26 . 2008-04-22 20:26 1,409 --------- C:\WINDOWS\QTFont.for
2008-04-15 19:52 . 2008-04-15 19:52 <DIR> d-------- C:\Program Files\Smart Projects
2008-04-09 09:15 . 2008-04-09 09:15 <DIR> d-------- C:\Program Files\SSA Benefit Calculator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-06 08:48 --------- d-----w C:\Program Files\Weather Watcher
2008-05-01 00:00 --------- d-----w C:\Program Files\MSECache
2008-04-30 15:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 12:37 --------- d-----w C:\Program Files\Java
2008-04-27 15:53 --------- d-----w C:\Documents and Settings\Stephen Sander\Application Data\Alien Skin
2008-04-26 14:16 --------- d-----w C:\Documents and Settings\Stephen Sander\Application Data\Vso
2008-04-25 13:24 --------- d-----w C:\Program Files\Agent
2008-04-25 10:38 --------- d-----w C:\Program Files\McAfee
2008-04-16 16:44 6,831 ------w C:\WINDOWS\panose.bin
2008-04-15 11:49 --------- d-----w C:\Program Files\Thumbs4
2008-04-07 16:36 151,296 ----a-w C:\Documents and Settings\Stephen Sander\Application Data\GDIPFONTCACHEV1.DAT
2008-04-05 12:41 --------- d-----w C:\Program Files\PhoneTools
2008-04-05 10:02 --------- d-----w C:\Program Files\Replay Radio 6
2008-03-31 17:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2008-03-24 12:04 --------- d-----w C:\Program Files\Rosetta Stone
2008-03-23 17:40 --------- d-----w C:\Documents and Settings\Stephen Sander\Application Data\TaxCut
2008-03-23 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2008-03-23 16:51 --------- d-----w C:\Documents and Settings\Stephen Sander\Application Data\pdf995
2008-03-23 16:00 --------- d-----w C:\Program Files\TaxCut07
2008-03-23 15:57 --------- d-----w C:\Program Files\PDF995
2008-03-23 15:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\TaxCut
2008-03-22 23:50 --------- d-----w C:\Program Files\Common Files\Intuit
2008-03-20 15:09 --------- d-----w C:\Program Files\Smith Micro
2008-03-20 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-18 18:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-29 09:36 87,608 ----a-w C:\Documents and Settings\Stephen Sander\Application Data\inst.exe
2007-06-29 09:36 47,360 ----a-w C:\Documents and Settings\Stephen Sander\Application Data\pcouffin.sys
2004-01-10 11:27 18,601 ------w C:\Program Files\setuplog.txt
2003-07-03 11:42 560 ------w C:\Program Files\Global.sw
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherWatcher"="C:\Program Files\Weather Watcher\ww.exe" [2006-02-12 14:31 937984]
"AIM"="C:\PROGRA~1\AIM95\aim.exe" [2006-08-01 15:35 67112]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 20:14 1867776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellTouch"="C:\WINDOWS\DELLMMKB.EXE" [2001-09-23 09:14 163840]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe" [2002-03-29 09:40 146432]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 05:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"MaxtorOneTouch"="C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe" [2004-12-22 08:21 823296]
"MXOBG"="C:\WINDOWS\MXOALDR.EXE" [2006-06-13 13:31 94208]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]
"Opware15"="C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe" [2005-07-06 00:58 69632]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 02:33 582992]
"TrayServer"="C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe" [2006-10-04 16:41 86016]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

C:\Documents and Settings\Stephen Sander\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-12-26 18:16:42 557568]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-07-02 07:14:38 25214]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMFUprogramsList"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
"VIDC.I263"= i263_32.drv
"vidc.VP31"= vp31vfw.dll
"aux1"= ctwdm32.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"vidc.3ivx"= 3ivxVfWCodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Camio Viewer 2000.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Camio Viewer 2000.lnk
backup=C:\WINDOWS\pss\Camio Viewer 2000.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Stephen Sander^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Stephen Sander\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
--------- 2001-03-28 03:00 102400 C:\Program Files\Creative\SBLive\Program\AHQInit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastSUPPORT]
--------- 2001-11-21 01:49 57344 C:\Program Files\Support.com\bin\tgkill.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXSHOW95.EXE]
--------- 2001-09-07 18:18 45056 C:\WINDOWS\SYSTEM32\exshow95.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
C:\Program Files\Microsoft Money\System\Money Express.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--------- 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--------- 2006-09-01 16:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--------- 2002-04-17 10:42 69632 c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--------- 2002-03-29 09:40 146432 C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 03:00 90112 C:\WINDOWS\Updreg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"84efe07a"=rundll32.exe "C:\WINDOWS\system32\lumgkajc.dll",b
"mmtask"=C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
"OpScheduler"="C:\Program Files\ScanSoft\OmniPage15.0\OpScheduler.exe"
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"BM87dcd3e6"=Rundll32.exe "C:\WINDOWS\system32\vdskekth.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Support.com\\bin\\tgcmd.exe"=
"C:\\Program Files\\WS_FTP Pro\\wsftppro.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"mspeupx.exe"= mspeupx.exe:mspeupx
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\AIM95\\aim.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"<NO NAME>"=

R2 Nhksrv;Netropa NHK Server;C:\WINDOWS\Nhksrv.exe [2001-08-06 15:41]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 03:56]
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2001-08-31 02:40]
R3 Msikbd2k;DellTouch;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2000-10-03 17:18]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-29 01:59]
S3 ati2mpaa;ati2mpaa;C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys [2001-08-17 14:48]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]
S3 KID_USB;Kensington Input Devices USB filter driver;C:\WINDOWS\system32\DRIVERS\KID_USB.sys [2001-09-05 13:42]
S3 KMW_SYS;Kensington MouseWorks Mouse filter driver;C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys [2001-09-07 19:10]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-25 15:09]
S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 18:00]
S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 15:52]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-05-05 19:01:24 C:\WINDOWS\Tasks\Cheyney Backup.job"
- C:\WINDOWS\system32\ntbackup.exenbackup
"2008-05-05 04:22:25 C:\WINDOWS\Tasks\Drive C Backup.job"
- C:\WINDOWS\system32\ntbackup.exenbackup
"2008-05-04 02:49:01 C:\WINDOWS\Tasks\Drive F Backup Part 1.job"
- C:\WINDOWS\system32\ntbackup.exeTbackup
"2008-04-23 02:39:32 C:\WINDOWS\Tasks\Drive F Backup Part 2.job"
- C:\WINDOWS\system32\ntbackup.exeTbackup
"2007-10-01 09:01:23 C:\WINDOWS\Tasks\HRC Backup.job"
- C:\WINDOWS\system32\ntbackup.exeKbackup
"2008-04-15 05:22:06 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-05-01 05:01:03 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 05:14:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\MPR.dll
.
Completion time: 2008-05-06 5:24:38
ComboFix-quarantined-files.txt 2008-05-06 09:23:26

Pre-Run: 14,427,570,176 bytes free
Post-Run: 14,419,922,944 bytes free

253 --- E O F --- 2008-05-02 07:03:12

#9 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 06 May 2008 - 10:35 AM

HI

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
File::
C:\WINDOWS\BM87dcd3e6.xml

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"84efe07a"=-
"BM87dcd3e6"=-


Save this as "CFScript.txt"

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

steam

Edited by steamwiz, 06 May 2008 - 10:36 AM.

MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#10 StevePA

StevePA
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 06 May 2008 - 12:03 PM

I pasted the code, created the file, dragged it to ComboFix.

Before I show the results, I have a question or two?

(1) When the combofix.txt file displayed, the desktop icons, status bar, etc., disappeared. I had to reboot. Hope that wasn't a problem.

(2) You mentioned a hijackthis log. How do I generate that?

(3) Is my McAfee AV supposed to be off when I do all this...because it hasn't been.

(4) I never was able to enable the Windows XP Recovery Console...am I taking a major risk?

Thanks.

==================
combofix.txt follows
==================

ComboFix 08-05-01.3 - Stephen Sander 2008-05-06 12:39:54.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.171 [GMT -4:00]
Running from: C:\Documents and Settings\Stephen Sander\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Stephen Sander\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\BM87dcd3e6.xml
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Stephen Sander\Application Data\inst.exe
C:\WINDOWS\BM87dcd3e6.xml
C:\WINDOWS\system32\W007T32W.DLL
I:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 )))))))))))))))))))))))))))))))
.

2008-05-04 20:08 . 2008-05-04 20:08 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-04 20:08 . 2008-05-04 20:08 <DIR> d-------- C:\Documents and Settings\Stephen Sander\Application Data\Malwarebytes
2008-05-04 20:08 . 2008-05-04 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-03 15:46 . 2008-05-03 15:46 <DIR> d-------- C:\Deckard
2008-05-03 10:02 . 2008-05-03 10:02 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-05-03 10:02 . 2008-05-03 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-03 08:50 . 2008-05-03 08:50 61,224 --a------ C:\Documents and Settings\Stephen Sander\GoToAssistDownloadHelper.exe
2008-05-03 07:35 . 2008-05-03 07:35 <DIR> d-------- C:\Documents and Settings\Stephen Sander\Application Data\McAfee
2008-04-30 11:24 . 2008-04-30 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-30 11:23 . 2008-04-30 20:26 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-30 11:23 . 2008-04-30 11:23 <DIR> d-------- C:\Documents and Settings\Stephen Sander\Application Data\SUPERAntiSpyware.com
2008-04-30 11:17 . 2008-04-30 11:18 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-04-30 08:33 . 2008-03-25 02:37 69,632 --------- C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-04-30 06:24 . 2008-04-30 06:24 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-30 06:24 . 2008-04-30 06:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-25 15:09 . 2008-04-25 15:11 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-04-25 15:09 . 2008-04-25 15:09 <DIR> d-------- C:\Documents and Settings\Stephen Sander\Application Data\TuneUp Software
2008-04-25 15:09 . 2008-04-25 15:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-04-25 15:09 . 2008-04-25 15:09 354,560 --------- C:\WINDOWS\SYSTEM32\TuneUpDefragService.exe
2008-04-25 15:09 . 2008-04-04 14:51 28,416 --------- C:\WINDOWS\SYSTEM32\uxtuneup.dll
2008-04-22 20:26 . 2008-04-22 20:26 54,156 ---h----- C:\WINDOWS\QTFont.qfn
2008-04-22 20:26 . 2008-04-22 20:26 1,409 --------- C:\WINDOWS\QTFont.for
2008-04-15 19:52 . 2008-04-15 19:52 <DIR> d-------- C:\Program Files\Smart Projects
2008-04-09 09:15 . 2008-04-09 09:15 <DIR> d-------- C:\Program Files\SSA Benefit Calculator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-06 08:48 --------- d-----w C:\Program Files\Weather Watcher
2008-05-01 00:00 --------- d-----w C:\Program Files\MSECache
2008-04-30 15:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 12:37 --------- d-----w C:\Program Files\Java
2008-04-27 15:53 --------- d-----w C:\Documents and Settings\Stephen Sander\Application Data\Alien Skin
2008-04-26 14:16 --------- d-----w C:\Documents and Settings\Stephen Sander\Application Data\Vso
2008-04-25 13:24 --------- d-----w C:\Program Files\Agent
2008-04-25 10:38 --------- d-----w C:\Program Files\McAfee
2008-04-16 16:44 6,831 ------w C:\WINDOWS\panose.bin
2008-04-15 11:49 --------- d-----w C:\Program Files\Thumbs4
2008-04-07 16:36 151,296 ----a-w C:\Documents and Settings\Stephen Sander\Application Data\GDIPFONTCACHEV1.DAT
2008-04-05 12:41 --------- d-----w C:\Program Files\PhoneTools
2008-04-05 10:02 --------- d-----w C:\Program Files\Replay Radio 6
2008-03-31 17:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2008-03-24 12:04 --------- d-----w C:\Program Files\Rosetta Stone
2008-03-23 17:40 --------- d-----w C:\Documents and Settings\Stephen Sander\Application Data\TaxCut
2008-03-23 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2008-03-23 16:51 --------- d-----w C:\Documents and Settings\Stephen Sander\Application Data\pdf995
2008-03-23 16:00 --------- d-----w C:\Program Files\TaxCut07
2008-03-23 15:57 --------- d-----w C:\Program Files\PDF995
2008-03-23 15:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\TaxCut
2008-03-22 23:50 --------- d-----w C:\Program Files\Common Files\Intuit
2008-03-20 15:09 --------- d-----w C:\Program Files\Smith Micro
2008-03-20 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-18 18:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-20 18:01 51,716 ------w C:\WINDOWS\SYSTEM32\pdf995mon.dll
2008-02-20 18:01 249,856 ------w C:\WINDOWS\SYSTEM32\pdfmona.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-02-16 22:29 3,059,712 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-02-15 09:23 18,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2007-06-29 09:36 47,360 ----a-w C:\Documents and Settings\Stephen Sander\Application Data\pcouffin.sys
2004-01-10 11:27 18,601 ------w C:\Program Files\setuplog.txt
2003-07-03 11:42 560 ------w C:\Program Files\Global.sw
.

((((((((((((((((((((((((((((( snapshot@2008-05-06_ 5.22.36.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-06 07:55:42 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2008-05-06 12:47:08 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2008-05-06 07:55:42 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2008-05-06 12:47:08 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherWatcher"="C:\Program Files\Weather Watcher\ww.exe" [2006-02-12 14:31 937984]
"AIM"="C:\PROGRA~1\AIM95\aim.exe" [2006-08-01 15:35 67112]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 20:14 1867776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellTouch"="C:\WINDOWS\DELLMMKB.EXE" [2001-09-23 09:14 163840]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe" [2002-03-29 09:40 146432]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 05:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"MaxtorOneTouch"="C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe" [2004-12-22 08:21 823296]
"MXOBG"="C:\WINDOWS\MXOALDR.EXE" [2006-06-13 13:31 94208]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]
"Opware15"="C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe" [2005-07-06 00:58 69632]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 02:33 582992]
"TrayServer"="C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe" [2006-10-04 16:41 86016]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

C:\Documents and Settings\Stephen Sander\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-12-26 18:16:42 557568]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-07-02 07:14:38 25214]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMFUprogramsList"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
"VIDC.I263"= i263_32.drv
"vidc.VP31"= vp31vfw.dll
"aux1"= ctwdm32.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"vidc.3ivx"= 3ivxVfWCodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Camio Viewer 2000.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Camio Viewer 2000.lnk
backup=C:\WINDOWS\pss\Camio Viewer 2000.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Stephen Sander^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Stephen Sander\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
--------- 2001-03-28 03:00 102400 C:\Program Files\Creative\SBLive\Program\AHQInit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastSUPPORT]
--------- 2001-11-21 01:49 57344 C:\Program Files\Support.com\bin\tgkill.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXSHOW95.EXE]
--------- 2001-09-07 18:18 45056 C:\WINDOWS\SYSTEM32\exshow95.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
C:\Program Files\Microsoft Money\System\Money Express.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--------- 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--------- 2006-09-01 16:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--------- 2002-04-17 10:42 69632 c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--------- 2002-03-29 09:40 146432 C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 03:00 90112 C:\WINDOWS\Updreg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"84efe07a"=rundll32.exe "C:\WINDOWS\system32\lumgkajc.dll",b
"mmtask"=C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
"OpScheduler"="C:\Program Files\ScanSoft\OmniPage15.0\OpScheduler.exe"
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"BM87dcd3e6"=Rundll32.exe "C:\WINDOWS\system32\vdskekth.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Support.com\\bin\\tgcmd.exe"=
"C:\\Program Files\\WS_FTP Pro\\wsftppro.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"mspeupx.exe"= mspeupx.exe:mspeupx
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\AIM95\\aim.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"<NO NAME>"=

R2 Nhksrv;Netropa NHK Server;C:\WINDOWS\Nhksrv.exe [2001-08-06 15:41]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 03:56]
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2001-08-31 02:40]
R3 Msikbd2k;DellTouch;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2000-10-03 17:18]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-29 01:59]
S3 ati2mpaa;ati2mpaa;C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys [2001-08-17 14:48]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]
S3 KID_USB;Kensington Input Devices USB filter driver;C:\WINDOWS\system32\DRIVERS\KID_USB.sys [2001-09-05 13:42]
S3 KMW_SYS;Kensington MouseWorks Mouse filter driver;C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys [2001-09-07 19:10]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-25 15:09]
S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 18:00]
S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 15:52]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-05-05 19:01:24 C:\WINDOWS\Tasks\Cheyney Backup.job"
- C:\WINDOWS\system32\ntbackup.exenbackup
"2008-05-05 04:22:25 C:\WINDOWS\Tasks\Drive C Backup.job"
- C:\WINDOWS\system32\ntbackup.exenbackup
"2008-05-04 02:49:01 C:\WINDOWS\Tasks\Drive F Backup Part 1.job"
- C:\WINDOWS\system32\ntbackup.exeTbackup
"2008-04-23 02:39:32 C:\WINDOWS\Tasks\Drive F Backup Part 2.job"
- C:\WINDOWS\system32\ntbackup.exeTbackup
"2007-10-01 09:01:23 C:\WINDOWS\Tasks\HRC Backup.job"
- C:\WINDOWS\system32\ntbackup.exeKbackup
"2008-04-15 05:22:06 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-05-01 05:01:03 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 12:46:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-06 12:51:26
ComboFix-quarantined-files.txt 2008-05-06 16:51:19

Pre-Run: 14,324,940,800 bytes free
Post-Run: 14,309,359,616 bytes free

259 --- E O F --- 2008-05-02 07:03:12

#11 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 06 May 2008 - 03:02 PM

HI

When Combofix deletes files/makes fixes ... it makes many changes to your computer, it also has to terminate certain processes in order to do it's job. One thing it terminates is the running of explorer.exe ( which causes your desktop icons, taskbar etc to disappear) ... when Combofix has finished it restarts the processes (usually through a restart of the computer...) I noticed you had left your av running in the last log, it is possible that any realtime monitor, anti-spyware or anti-virus can interfere with the running of Combofix, looks like that was possibly the reason you had to reboot & Combofix did not do it automatically .... whatever, it wasn't a problem ...

RE hijackthis...

when you ran the DSS scan, it downloaded hijackthis & placed a shortcut to it on your desktop ...

C:\DOCUME~1\STEPHE~1\Desktop\Stephen Sander.exe

Run the Stephen Sander.exe on your desktop & it will run hijackthis ...

It is an advantage at times to have the Windows XP Recovery Console installed, because with todays malware, removing it more & more can lead to unforeseen problems, sometimes the only way to get into your computer to effect repairs in with the Recovery Console. So to answer your question, you're not taking any extra risk by not having the Recovery Console, but if you do get a bad infection, it may be needed to effect repairs.

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#12 StevePA

StevePA
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 06 May 2008 - 03:32 PM

(BTW...in case I did already do this...I appreciate the time and help.)

Ran HijackThis but did not have it fix anything...here's the log. Let me know if you want a log AFTER I had it fix the stuff.

----------------------------------------------
HIJACK THIS (StephenSander.exe) LOG
----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:31:36 PM, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Netropa\OSD.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Stephen Sander\Desktop\Stephen Sander.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///F:/My%20Documents/HTM/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~2\COPERN~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~2\COPERN~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Opware15] "C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Support - {65EE8C2B-F2DB-4796-B6DA-39CC695CBB04} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {AEE68C9D-3764-45D3-B90C-22C57079869F} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {CD935E19-ACE5-463A-B781-89AE088E8D51} - http://www.comcast.net (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182456824562
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://wsc3.perfora.net/app/static/activex/msxml4.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/download/files/w...tall/isetup.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: bw+0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 24984 bytes

#13 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 06 May 2008 - 04:08 PM

HI

There are NO malware entries to fix in hijackthis, however there is a glitch in the Logitech\Desktop Messenger program ...

Run hijackthis & fix ALL the O18 entries similar to this one :-

O18 - Protocol: bw+0 - {89DEB978-D23C-49C0-BF28-D8F0431D1F3C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

reboot & run hijackthis again, tell me if the entries were removed ?

THEN ...

I need you to purge System restore on your C:\ & F:\ drives ...

This will clear all your infected restore points...

Turn off (Disable) System Restore in XP :-

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer.

Then...

Turn on (enable) System Restore :-

Follow the same procedure, but this time uncheck Turn off System Restore

if you have any problem with this... here's a link to instructions :-


Disabling or enabling Windows XP System Restore >

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Then ...

Go to Start > Run > copy and paste ComboFix /u into the Open: box & press OK

Posted Image

Finally ...

Run & post a new KASPERSKY ONLINE SCANNER REPORT

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#14 StevePA

StevePA
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 06 May 2008 - 07:09 PM

Making progress...

HijackThis seems to have fixed those O18 items (see log below).

Just to be sure, I will await your OK (after looking at the log below) before proceeding with the purging the system restore points and running ComboFix.

Steve

=======================
HIJACKTHIS REPORT
=======================


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:48 PM, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Stephen Sander\Desktop\Stephen Sander.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///F:/My%20Documents/HTM/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~2\COPERN~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~2\COPERN~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Opware15] "C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Support - {65EE8C2B-F2DB-4796-B6DA-39CC695CBB04} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {AEE68C9D-3764-45D3-B90C-22C57079869F} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {CD935E19-ACE5-463A-B781-89AE088E8D51} - http://www.comcast.net (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182456824562
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://wsc3.perfora.net/app/static/activex/msxml4.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/download/files/w...tall/isetup.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 13107 bytes

#15 StevePA

StevePA
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 06 May 2008 - 07:13 PM

One more thing I just noticed...there seem to be a couple of remnants (O16 items) from Synmentec -- I used to have Norton AV installed.

Should I have HijackThis fix/remove them, or (since they are not harming anything), just ignore them?

Steve




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users