Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ctfmona


  • This topic is locked This topic is locked
8 replies to this topic

#1 clik-it

clik-it

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 27 May 2008 - 03:18 PM

I downloaded the ctfmona virus and cannot remove it. Help please.

The HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:17 PM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seeberger.tripod.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9092 bytes


The DSS log:

Deckard's System Scanner v20071014.68
Run by HP_Owner on 2008-05-27 15:29:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
7: 2008-05-27 19:29:22 UTC - RP10 - Deckard's System Scanner Restore Point
6: 2008-05-27 18:39:30 UTC - RP9 - Restore Operation
5: 2008-05-27 11:31:45 UTC - RP8 - Software Distribution Service 3.0
4: 2008-05-26 16:06:24 UTC - RP7 - Shockwave Player
3: 2008-05-26 16:04:54 UTC - RP6 - Shockwave Player


-- First Restore Point --
1: 2008-05-26 01:43:22 UTC - RP4 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:35:18 PM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\HP_Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Owner.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seeberger.tripod.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9525 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Fko15 - c:\windows\system32\drivers\fko15.sys
R0 pxark - c:\windows\system32\drivers\pxark.sys <Not Verified; Prevx; Prevx CSI>
R0 rwB51 - c:\windows\system32\drivers\rwb51.sys

S3 PcdrNdisuio (PCDRNDISUIO Usermode I/O Protocol) - c:\windows\system32\drivers\pcdrndisuio.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 MSIServer (Windows Installer) - c:\docume~1\hp_owner\locals~1\temp\ixp000.tmp\msiexec.exe /v (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-23 18:00:01 408 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-05-23 16:18:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-20 07:15:37 442 --a------ C:\WINDOWS\Tasks\EasyShare Registration Task.job
2008-05-15 07:42:39 346 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-05-15 07:42:38 338 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-04-27 and 2008-05-27 -----------------------------

2008-05-27 15:23:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-27 15:23:28 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-27 15:23:26 0 d-------- C:\WINDOWS\LastGood
2008-05-27 15:12:30 0 d-------- C:\Program Files\Trend Micro
2008-05-27 14:36:21 0 d-------- C:\Program Files\PrevxCSI
2008-05-27 14:36:21 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-05-26 21:59:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-26 21:51:13 17408 --a------ C:\WINDOWS\system32\drivers\pxark.sys <Not Verified; Prevx; Prevx CSI>
2008-05-26 11:37:14 0 d-------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Application Data\Macromedia
2008-05-26 11:35:41 0 d-------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Application Data\Adobe
2008-05-25 20:08:08 27008 --a------ C:\WINDOWS\system32\drivers\Fko15.sys
2008-05-25 20:08:07 12288 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-05-22 20:43:32 0 d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\AXPFixer
2008-05-21 17:10:54 0 d-------- C:\WINDOWS\system32\Adobe
2008-05-21 06:54:05 14336 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2008-05-21 06:54:05 29056 --a------ C:\WINDOWS\system32\drivers\rwB51.sys
2008-05-21 06:53:46 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-05-20 07:34:24 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\HP
2008-05-19 12:28:13 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Internet Chess Club
2008-05-19 09:07:36 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Sun
2008-05-17 11:15:48 0 d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\AdobeUM
2008-05-16 20:35:43 0 d-------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Application Data\Macromedia
2008-05-16 20:31:57 0 d-------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Application Data\Adobe
2008-05-16 19:42:28 0 d--h----- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Templates
2008-05-16 19:42:28 0 dr------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Start Menu
2008-05-16 19:42:28 0 dr-h----- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\SendTo
2008-05-16 19:42:28 0 dr-h----- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Recent
2008-05-16 19:42:28 0 d--h----- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\PrintHood
2008-05-16 19:42:28 0 d--h----- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\NetHood
2008-05-16 19:42:28 0 dr------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\My Documents
2008-05-16 19:42:28 0 d--h----- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Local Settings
2008-05-16 19:42:28 0 dr------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Favorites
2008-05-16 19:42:28 0 d-------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Desktop
2008-05-16 19:42:28 0 d--hs---- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Cookies
2008-05-16 19:42:28 0 dr-h----- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Application Data
2008-05-16 19:42:28 0 d-------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Application Data\Symantec
2008-05-16 19:42:28 0 d-------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Application Data\SampleView
2008-05-16 19:42:28 0 d-------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Application Data\Real
2008-05-16 19:42:28 0 d---s---- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Application Data\Microsoft
2008-05-16 19:42:28 0 d-------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Application Data\InterMute
2008-05-16 19:42:28 0 d-------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Application Data\Identities
2008-05-16 19:42:28 0 d-------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Application Data\Apple Computer
2008-05-16 19:42:27 0 d-------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\WINDOWS
2008-05-16 19:42:27 1310720 --ah----- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\NTUSER.DAT
2008-05-16 19:13:49 0 d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\Adobe
2008-05-16 09:40:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2008-05-16 09:39:54 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Adobe
2008-05-15 07:47:01 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-05-15 07:41:26 0 d-------- C:\Program Files\Common Files\McAfee
2008-05-15 07:40:49 0 d-------- C:\Program Files\McAfee
2008-05-15 07:26:33 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-14 21:34:58 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-14 21:34:58 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-14 19:46:16 0 d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\Macromedia
2008-05-13 21:53:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-05-13 11:05:14 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Microsoft Web Folders
2008-05-13 10:30:24 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-13 03:16:18 0 d-------- C:\30426a026e72319f27
2008-05-13 02:27:24 0 d--h----- C:\Documents and Settings\Noelle\Local Settings
2008-05-13 02:11:27 0 dr------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Favorites
2008-05-13 02:11:27 0 d-------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Desktop
2008-05-13 02:11:27 0 d--hs---- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Cookies
2008-05-13 02:11:27 0 dr-h----- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Application Data
2008-05-13 02:11:27 0 d-------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Application Data\Symantec
2008-05-13 02:11:27 0 d-------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Application Data\SampleView
2008-05-13 02:11:27 0 d-------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Application Data\Real
2008-05-13 02:11:27 0 d---s---- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Application Data\Microsoft
2008-05-13 02:11:27 0 d-------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Application Data\InterMute
2008-05-13 02:11:27 0 d-------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Application Data\Identities
2008-05-13 02:11:27 0 d-------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Application Data\Apple Computer
2008-05-13 02:11:26 0 d-------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\WINDOWS
2008-05-13 02:11:26 0 d--h----- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Templates
2008-05-13 02:11:26 0 dr------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Start Menu
2008-05-13 02:11:26 0 dr-h----- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\SendTo
2008-05-13 02:11:26 0 dr-h----- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Recent
2008-05-13 02:11:26 0 d--h----- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\PrintHood
2008-05-13 02:11:26 1310720 --ah----- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\NTUSER.DAT
2008-05-13 02:11:26 0 d--h----- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\NetHood
2008-05-13 02:11:26 0 dr------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\My Documents
2008-05-13 02:11:26 0 d--h----- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Local Settings
2008-05-13 02:08:02 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\InterVideo
2008-05-13 01:53:30 0 d--hs---- C:\Documents and Settings\HP_Owner\UserData
2008-05-13 01:17:18 0 d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Linda
2008-05-13 01:12:20 0 dr------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Favorites
2008-05-13 01:12:20 0 d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Desktop
2008-05-13 01:12:20 0 d--hs---- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Cookies
2008-05-13 01:12:20 0 dr-h----- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data
2008-05-13 01:12:20 0 d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\Symantec
2008-05-13 01:12:20 0 d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\SampleView
2008-05-13 01:12:20 0 d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\Real
2008-05-13 01:12:20 0 d---s---- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\Microsoft
2008-05-13 01:12:20 0 d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\InterMute
2008-05-13 01:12:20 0 d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\Identities
2008-05-13 01:12:20 0 d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\Apple Computer
2008-05-13 01:12:19 0 d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\WINDOWS
2008-05-13 01:12:19 0 d--h----- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Templates
2008-05-13 01:12:19 0 dr------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Start Menu
2008-05-13 01:12:19 0 dr-h----- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\SendTo
2008-05-13 01:12:19 0 dr-h----- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Recent
2008-05-13 01:12:19 0 d--h----- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\PrintHood
2008-05-13 01:12:19 1835008 --ah----- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\NTUSER.DAT
2008-05-13 01:12:19 0 d--h----- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\NetHood
2008-05-13 01:12:19 0 dr------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\My Documents
2008-05-13 01:12:19 0 d--h----- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Local Settings
2008-05-12 19:29:21 0 dr-hs---- C:\cmdcons
2008-05-12 19:29:01 0 d-------- C:\WINDOWS\setupupd
2008-05-12 14:02:50 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Macromedia
2008-05-12 13:51:07 0 dr-h----- C:\Documents and Settings\HP_Owner\Recent
2008-05-12 13:47:49 0 dr------- C:\Documents and Settings\HP_Owner\Favorites
2008-05-12 13:47:49 0 d-------- C:\Documents and Settings\HP_Owner\Desktop
2008-05-12 13:47:49 0 d--hs---- C:\Documents and Settings\HP_Owner\Cookies
2008-05-12 13:47:49 0 dr-h----- C:\Documents and Settings\HP_Owner\Application Data
2008-05-12 13:47:49 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Symantec
2008-05-12 13:47:49 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\SampleView
2008-05-12 13:47:49 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Real
2008-05-12 13:47:49 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\InterMute
2008-05-12 13:47:49 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Identities
2008-05-12 13:47:49 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2008-05-12 13:47:48 0 d-------- C:\Documents and Settings\HP_Owner\WINDOWS
2008-05-12 13:47:48 0 d--h----- C:\Documents and Settings\HP_Owner\Templates
2008-05-12 13:47:48 0 dr------- C:\Documents and Settings\HP_Owner\Start Menu
2008-05-12 13:47:48 0 dr-h----- C:\Documents and Settings\HP_Owner\SendTo
2008-05-12 13:47:48 0 d--h----- C:\Documents and Settings\HP_Owner\PrintHood
2008-05-12 13:47:48 0 d--h----- C:\Documents and Settings\HP_Owner\NetHood
2008-05-12 13:47:48 0 dr------- C:\Documents and Settings\HP_Owner\My Documents
2008-05-12 13:47:48 0 d--h----- C:\Documents and Settings\HP_Owner\Local Settings
2008-05-12 13:47:47 2621440 --ah----- C:\Documents and Settings\HP_Owner\NTUSER.DAT
2008-05-12 13:32:36 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-12 11:49:20 0 dr-h----- C:\MSOCache
2008-05-12 11:47:30 0 dr-hs---- C:\WINDOWS\system32\dllcache
2008-05-07 08:51:03 6270976 --a------ C:\Documents and Settings\Robert\ntuser.dat
2008-05-07 08:45:08 0 d-------- C:\Program Files\Helper
2008-05-07 08:43:52 0 --a------ C:\1347863619
2008-05-03 15:38:30 0 d-------- C:\Documents and Settings\Crystal\Application Data\WinRAR


-- Find3M Report ---------------------------------------------------------------

2008-05-27 14:48:19 0 d-------- C:\Program Files\support.com
2008-05-26 06:54:37 0 d-------- C:\Program Files\Starware337
2008-05-22 07:09:41 0 d-------- C:\Program Files\AntiVirGear 3.8
2008-05-22 07:08:22 0 d-------- C:\Program Files\Starware316
2008-05-21 21:06:40 0 d-------- C:\Program Files\LimeWire
2008-05-16 09:06:26 0 d-------- C:\Program Files\Common Files
2008-05-15 14:04:18 0 d-------- C:\Program Files\Symantec
2008-05-15 09:54:08 0 d-------- C:\Program Files\McAfee.com
2008-05-15 08:44:36 0 d-------- C:\Program Files\Easy Internet signup
2008-05-13 11:28:10 0 d-------- C:\Program Files\XP Codec Pack
2008-05-13 11:04:54 0 d-------- C:\Program Files\microsoft frontpage
2008-05-12 12:04:56 0 d-------- C:\Program Files\Windows NT
2008-05-12 12:04:48 0 d-------- C:\Program Files\Movie Maker
2008-05-12 12:04:47 0 d-------- C:\Program Files\Messenger
2008-05-07 11:11:01 0 d-------- C:\Program Files\Plaxo


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/26/2005 01:34 AM]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [10/14/2004 04:54 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/06/2005 03:11 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/23/2005 01:31 PM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 08:00 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/06/2005 02:59 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [05/26/2008 08:58 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/5/2004 5:28:24 AM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/5/2004 5:50:52 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 3:05:56 PM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [7/29/2003 10:49:48 PM]
SpySubtract.lnk - C:\Program Files\InterMute\SpySubtract\sslaunch.exe [5/6/2005 3:13:37 AM]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [5/6/2005 3:15:24 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll 05/27/2008 02:37 PM 14336 C:\WINDOWS\system32\WinCtrl32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 05/27/2008 02:37 PM 12288 C:\WINDOWS\system32\WLCtrl32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fko15.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rwB51.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSIServer"=3 (0x3)
"MpfService"=2 (0x2)
"McNASvc"=2 (0x2)
"McAfee HackerWatch Service"=2 (0x2)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"CSIScanner"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-05-27 15:38:36 ------------

The DSS extra:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 3.06GHz
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 503.48 MiB / 173.19 MiB
Pagefile Memory (total/avail): 1985.25 MiB / 1537.48 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.7 MiB

C: is Fixed (NTFS) - 143.23 GiB total, 77.95 GiB free.
D: is Fixed (FAT32) - 9.52 GiB total, 8.73 GiB free.
E: is Fixed (FAT32) - 9.52 GiB total, 8.92 GiB free.
F: is Fixed (FAT32) - 5.8 GiB total, 0.37 GiB free.
G: is CDROM (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)

\\.\PHYSICALDRIVE1 - Maxtor 92048U8 - 19.07 GiB - 2 partitions
\PARTITION0 (bootable) - Unknown - 9.53 GiB - D:
\PARTITION1 - Extended w/Extended Int 13 - 9.53 GiB - E:

\\.\PHYSICALDRIVE0 - ST3160021A - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 5.81 GiB - F:
\PARTITION1 (bootable) - Installable File System - 143.23 GiB - C:

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee) Disabled
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Disabled:iTunes"
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FAMILY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Owner
LOGONSERVER=\\FAMILY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
USERDOMAIN=FAMILY
USERNAME=HP_Owner
USERPROFILE=C:\Documents and Settings\HP_Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

HP_Owner (admin)
Amanda.YOUR-F78BF48CE2 (admin)
Noelle.YOUR-F78BF48CE2 (admin)
Linda.YOUR-F78BF48CE2 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Agere Systems PCI Soft Modem --> agrsmdel
Blackhawk Striker 2 from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\58D1A004-6D3C-480A-9E0D-FAA58F3C2A62\Uninstall.exe"
Blasterball 2 from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\8C4E79CC-03E1-43AA-9910-9A5113F24603\Uninstall.exe"
Blasterball 2 Holidays from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B41503CB-5FE0-47E0-87C1-47BA8E660BCC\Uninstall.exe"
Blasterball 2 Remix from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B151D9AC-5E4E-4AD0-96C9-5A6C9EC23502\Uninstall.exe"
Bounce Symphony from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D11F7128-8CBD-408B-8BF8-034604DEDD42\Uninstall.exe"
Comcast High-Speed Internet Install Wizard --> C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Crystal Maze from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292\Uninstall.exe"
Final Drive Nitro from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\741C4983-B139-407A-AD4E-3D6C7B29704B\Uninstall.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Help and Support Additions --> WScript.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\eHelpSetup.jse eHelpUninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Boot Optimizer --> MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Image Zone 4.8.6 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.8.6 --> C:\Program Files\HP\Digital Imaging\{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photosmart Cameras 4.5 --> C:\Program Files\HP\Digital Imaging\{ABA2B37F-AB88-486e-870A-52454A23FEE0}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
HPIZplus450 --> MsiExec.exe /X{0E484A60-A429-49A8-982C-D6475F1E80A9}
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KBD --> C:\HP\KBD\KBD.EXE uninstalled
Lexibox Deluxe from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E2A4EA31-80A1-4460-9510-631AF4D6A636\Uninstall.exe"
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Dancer LE --> MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
muvee autoProducer 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC10C922-52E9-4739-ACD0-EB0FF035EE7E}\setup.exe" -l0x9
Overball from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6723E59E-322A-417A-8E03-27A61E18253C\Uninstall.exe"
PC-Doctor for Windows --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{19C989C4-50AE-43A4-B06E-8C70FFFF852F} /l1033
Phoenix Assault from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7CEF0F00-BA1B-4861-A102-38CC86CA622B\Uninstall.exe"
Photosmart 320,370,7400,8100,8400 Series --> C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
Polar Bowler from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\36317AE4-57EC-4F3E-B828-009A3DD96BE8\Uninstall.exe"
Polar Golfer from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B2D3332F-EA2D-42B3-8E4A-F74D052BCBC1\Uninstall.exe"
Prevx CSI --> "C:\Program Files\PrevxCSI\prevxcsi.exe" /prop UNINSTALL=Y
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove Microsoft Money 2005 installer --> c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Money\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Remove Quicken New User Edition installer --> c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Quicken_NUE\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shooting Stars Pool from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\14DD9322-0AAE-4DA4-90A9-EB42CF296127\Uninstall.exe"
Slyder from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A\Uninstall.exe"
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpySubtract --> C:\Program Files\InterMute\SpySubtract\SpySub.exe -uninstall
Super Granny from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\3F34F72F-9BB0-4B73-8312-558953ACF56F\Uninstall.exe"
Tradewinds from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F5215F01-DFC0-475D-A910-6F1AF94E807E\Uninstall.exe"
Updates from HP --> C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 309731
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
XP Codec Pack --> C:\Program Files\XP Codec Pack\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1485 / Warning
Event Submitted/Written: 05/27/2008 02:47:21 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
0x80070422(NULL)(NULL)(NULL)

Event Record #/Type1484 / Warning
Event Submitted/Written: 05/27/2008 02:47:20 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
{CE0C8CC5-E396-442B-A50E-D1D374A9E820}GalleryFramework{ECD95215-CDCE-4AAB-AFC2-717ECCB8DA52}(NULL)

Event Record #/Type1483 / Warning
Event Submitted/Written: 05/27/2008 02:47:20 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
{CE0C8CC5-E396-442B-A50E-D1D374A9E820}GalleryFramework{F7FB9315-0E31-4915-9BBD-59C29D295F12}c:\Program Files\Common Files\HP\Memories Disc\2.0\mpv\etc\hpodmpv_md\

Event Record #/Type1482 / Warning
Event Submitted/Written: 05/27/2008 02:45:58 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
0x80070422(NULL)(NULL)(NULL)

Event Record #/Type1481 / Warning
Event Submitted/Written: 05/27/2008 02:45:58 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
{CE0C8CC5-E396-442B-A50E-D1D374A9E820}GalleryFramework{ECD95215-CDCE-4AAB-AFC2-717ECCB8DA52}(NULL)



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3887 / Error
Event Submitted/Written: 05/27/2008 03:37:24 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service McAfee HackerWatch Service with arguments ""
in order to run the server:
{36C29AB6-FF73-4F74-A2D1-C5C09B54E5C9}

Event Record #/Type3886 / Error
Event Submitted/Written: 05/27/2008 03:37:24 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service McAfee HackerWatch Service with arguments ""
in order to run the server:
{36C29AB6-FF73-4F74-A2D1-C5C09B54E5C9}

Event Record #/Type3885 / Error
Event Submitted/Written: 05/27/2008 03:37:21 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service McAfee HackerWatch Service with arguments ""
in order to run the server:
{36C29AB6-FF73-4F74-A2D1-C5C09B54E5C9}

Event Record #/Type3884 / Error
Event Submitted/Written: 05/27/2008 03:37:20 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service McAfee HackerWatch Service with arguments ""
in order to run the server:
{36C29AB6-FF73-4F74-A2D1-C5C09B54E5C9}

Event Record #/Type3883 / Error
Event Submitted/Written: 05/27/2008 03:37:16 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service McAfee HackerWatch Service with arguments ""
in order to run the server:
{36C29AB6-FF73-4F74-A2D1-C5C09B54E5C9}



-- End of Deckard's System Scanner: finished at 2008-05-27 15:38:36 ------------

Thank You!!!

BC AdBot (Login to Remove)

 


m

#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 04 June 2008 - 02:26 PM

Hello click-it, my name is fenzodahl512 and welcome to Bleeping Computer..

If you still need our help, please post a fresh Deckard System Scanner log for further review..

Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 clik-it

clik-it
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 05 June 2008 - 07:00 AM

Thank you for your reply fenzodahl512

The new dss log follows-

Deckard's System Scanner v20071014.68
Run by HP_Owner on 2008-06-05 07:52:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:00 AM, on 6/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seeberger.tripod.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk.disabled
O4 - Global Startup: SpySubtract.lnk.disabled
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...308/mcfscan.cab
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\IXP000.TMP\MsiExec.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7453 bytes

-- Files created between 2008-05-05 and 2008-06-05 -----------------------------

2008-06-03 02:17:14 14336 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2008-06-02 22:07:10 0 d-------- C:\WINDOWS\McAfee.com
2008-06-02 08:24:30 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-06-01 20:48:42 0 d-------- C:\Documents and Settings\Administrator.FAMILY\Application Data\InterMute
2008-06-01 20:48:42 0 d-------- C:\Documents and Settings\Administrator.FAMILY\Application Data\Identities
2008-06-01 20:48:42 0 d-------- C:\Documents and Settings\Administrator.FAMILY\Application Data\Apple Computer
2008-06-01 20:48:41 0 d-------- C:\Documents and Settings\Administrator.FAMILY\WINDOWS
2008-06-01 20:48:41 0 d--h----- C:\Documents and Settings\Administrator.FAMILY\Templates <TEMPLA~1>
2008-06-01 20:48:41 0 dr------- C:\Documents and Settings\Administrator.FAMILY\Start Menu <STARTM~1>
2008-06-01 20:48:41 0 dr-h----- C:\Documents and Settings\Administrator.FAMILY\SendTo
2008-06-01 20:48:41 0 dr-h----- C:\Documents and Settings\Administrator.FAMILY\Recent
2008-06-01 20:48:41 0 d--h----- C:\Documents and Settings\Administrator.FAMILY\PrintHood <PRINTH~1>
2008-06-01 20:48:41 0 d--h----- C:\Documents and Settings\Administrator.FAMILY\NetHood
2008-06-01 20:48:41 0 dr------- C:\Documents and Settings\Administrator.FAMILY\My Documents <MYDOCU~1>
2008-06-01 20:48:41 0 d--h----- C:\Documents and Settings\Administrator.FAMILY\Local Settings <LOCALS~1>
2008-06-01 20:48:41 0 dr------- C:\Documents and Settings\Administrator.FAMILY\Favorites <FAVORI~1>
2008-06-01 20:48:41 0 d-------- C:\Documents and Settings\Administrator.FAMILY\Desktop
2008-06-01 20:48:41 0 d--hs---- C:\Documents and Settings\Administrator.FAMILY\Cookies
2008-06-01 20:48:41 0 dr-h----- C:\Documents and Settings\Administrator.FAMILY\Application Data <APPLIC~1>
2008-06-01 20:48:41 0 d-------- C:\Documents and Settings\Administrator.FAMILY\Application Data\Symantec
2008-06-01 20:48:41 0 d-------- C:\Documents and Settings\Administrator.FAMILY\Application Data\SampleView
2008-06-01 20:48:41 0 d-------- C:\Documents and Settings\Administrator.FAMILY\Application Data\Real
2008-06-01 20:48:41 0 d---s---- C:\Documents and Settings\Administrator.FAMILY\Application Data\Microsoft
2008-06-01 20:48:40 786432 --ah----- C:\Documents and Settings\Administrator.FAMILY\NTUSER.DAT
2008-06-01 20:32:30 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-06-01 20:32:30 0 d--h----- C:\Documents and Settings\Administrator\Templates <TEMPLA~1>
2008-06-01 20:32:30 0 dr------- C:\Documents and Settings\Administrator\Start Menu <STARTM~1>
2008-06-01 20:32:30 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-01 20:32:30 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-01 20:32:30 0 d--h----- C:\Documents and Settings\Administrator\PrintHood <PRINTH~1>
2008-06-01 20:32:30 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-01 20:32:30 0 dr------- C:\Documents and Settings\Administrator\My Documents <MYDOCU~1>
2008-06-01 20:32:30 0 d--h----- C:\Documents and Settings\Administrator\Local Settings <LOCALS~1>
2008-06-01 20:32:30 0 dr------- C:\Documents and Settings\Administrator\Favorites <FAVORI~1>
2008-06-01 20:32:30 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-01 20:32:30 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-01 20:32:30 0 dr-h----- C:\Documents and Settings\Administrator\Application Data <APPLIC~1>
2008-06-01 20:32:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-06-01 20:32:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-06-01 20:32:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-06-01 20:32:30 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-01 20:32:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterMute
2008-06-01 20:32:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-01 20:32:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-06-01 20:32:28 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-31 01:36:34 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\McAfee
2008-05-30 14:02:18 30720 --a------ C:\WINDOWS\system32\drivers\mrV73.sys
2008-05-29 22:54:07 385024 --a------ C:\WINDOWS\system32\wodSFTP.dll <Not Verified; WeOnlyDo! COM; wodSFTP Component>
2008-05-29 22:54:07 425984 --a------ C:\WINDOWS\system32\wodKeys.dll <Not Verified; WeOnlyDo! COM; wodKeys Component>
2008-05-29 22:54:07 1079808 --a------ C:\WINDOWS\system32\we.dll <Not Verified; AceBIT GmbH; >
2008-05-29 22:54:05 0 d-------- C:\Program Files\AceBIT
2008-05-29 22:50:49 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\1&1
2008-05-29 22:50:41 0 d-------- C:\Program Files\1&1
2008-05-29 22:30:37 453632 --a------ C:\WINDOWS\system32\stdvcl40.dll <Not Verified; Borland International; Standard VCL ActiveX Library>
2008-05-29 22:30:36 0 d-------- C:\Program Files\Web CEO
2008-05-27 15:23:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-27 15:23:28 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-27 15:12:30 0 d-------- C:\Program Files\Trend Micro
2008-05-27 14:36:21 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-05-26 21:59:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-26 11:37:14 0 d-------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Application Data\Macromedia
2008-05-26 11:35:41 0 d-------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Application Data\Adobe
2008-05-25 20:08:08 27008 --a------ C:\WINDOWS\system32\drivers\Fko15.sys
2008-05-22 20:43:32 0 d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\AXPFixer
2008-05-21 17:10:54 0 d-------- C:\WINDOWS\system32\Adobe
2008-05-20 07:34:24 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\HP
2008-05-19 12:28:13 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Internet Chess Club
2008-05-19 09:07:36 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Sun
2008-05-17 11:15:48 0 d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\AdobeUM
2008-05-16 20:35:43 0 d-------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Application Data\Macromedia
2008-05-16 20:31:57 0 d-------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Application Data\Adobe
2008-05-16 19:42:28 0 d--h----- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Templates <TEMPLA~1>
2008-05-16 19:42:28 0 dr------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Start Menu <STARTM~1>
2008-05-16 19:42:28 0 dr-h----- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\SendTo
2008-05-16 19:42:28 0 dr-h----- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Recent
2008-05-16 19:42:28 0 d--h----- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\PrintHood <PRINTH~1>
2008-05-16 19:42:28 0 d--h----- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\NetHood
2008-05-16 19:42:28 0 dr------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\My Documents <MYDOCU~1>
2008-05-16 19:42:28 0 d--h----- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Local Settings <LOCALS~1>
2008-05-16 19:42:28 0 dr------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Favorites <FAVORI~1>
2008-05-16 19:42:28 0 d-------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Desktop
2008-05-16 19:42:28 0 d--hs---- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Cookies
2008-05-16 19:42:28 0 dr-h----- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Application Data <APPLIC~1>
2008-05-16 19:42:28 0 d-------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Application Data\Symantec
2008-05-16 19:42:28 0 d-------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Application Data\SampleView
2008-05-16 19:42:28 0 d-------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Application Data\Real
2008-05-16 19:42:28 0 d---s---- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Application Data\Microsoft
2008-05-16 19:42:28 0 d-------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Application Data\InterMute
2008-05-16 19:42:28 0 d-------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Application Data\Identities
2008-05-16 19:42:28 0 d-------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Application Data\Apple Computer
2008-05-16 19:42:27 0 d-------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\WINDOWS
2008-05-16 19:42:27 1310720 --ah----- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\NTUSER.DAT
2008-05-16 19:13:49 0 d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\Adobe
2008-05-16 09:40:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2008-05-16 09:39:54 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Adobe
2008-05-15 07:41:26 0 d-------- C:\Program Files\Common Files\McAfee
2008-05-15 07:40:49 0 d-------- C:\Program Files\McAfee
2008-05-15 07:26:33 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-14 21:34:58 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-14 21:34:58 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-14 19:46:16 0 d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\Macromedia
2008-05-13 21:53:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-05-13 11:05:14 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Microsoft Web Folders
2008-05-13 10:30:24 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-13 03:16:18 0 d-------- C:\30426a026e72319f27
2008-05-13 02:27:24 0 d--h----- C:\Documents and Settings\Noelle\Local Settings <LOCALS~1>
2008-05-13 02:11:27 0 dr------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Favorites <FAVORI~1>
2008-05-13 02:11:27 0 d-------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Desktop
2008-05-13 02:11:27 0 d--hs---- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Cookies
2008-05-13 02:11:27 0 dr-h----- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Application Data <APPLIC~1>
2008-05-13 02:11:27 0 d-------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Application Data\Symantec
2008-05-13 02:11:27 0 d-------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Application Data\SampleView
2008-05-13 02:11:27 0 d-------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Application Data\Real
2008-05-13 02:11:27 0 d---s---- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Application Data\Microsoft
2008-05-13 02:11:27 0 d-------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Application Data\InterMute
2008-05-13 02:11:27 0 d-------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Application Data\Identities
2008-05-13 02:11:27 0 d-------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Application Data\Apple Computer
2008-05-13 02:11:26 0 d-------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\WINDOWS
2008-05-13 02:11:26 0 d--h----- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Templates <TEMPLA~1>
2008-05-13 02:11:26 0 dr------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Start Menu <STARTM~1>
2008-05-13 02:11:26 0 dr-h----- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\SendTo
2008-05-13 02:11:26 0 dr-h----- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Recent
2008-05-13 02:11:26 0 d--h----- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\PrintHood <PRINTH~1>
2008-05-13 02:11:26 1310720 --ah----- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\NTUSER.DAT
2008-05-13 02:11:26 0 d--h----- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\NetHood
2008-05-13 02:11:26 0 dr------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\My Documents <MYDOCU~1>
2008-05-13 02:11:26 0 d--h----- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Local Settings <LOCALS~1>
2008-05-13 02:08:02 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\InterVideo
2008-05-13 01:53:30 0 d--hs---- C:\Documents and Settings\HP_Owner\UserData
2008-05-13 01:17:18 0 d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Linda
2008-05-13 01:12:20 0 dr------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Favorites <FAVORI~1>
2008-05-13 01:12:20 0 d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Desktop
2008-05-13 01:12:20 0 d--hs---- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Cookies
2008-05-13 01:12:20 0 dr-h----- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data <APPLIC~1>
2008-05-13 01:12:20 0 d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\Symantec
2008-05-13 01:12:20 0 d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\SampleView
2008-05-13 01:12:20 0 d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\Real
2008-05-13 01:12:20 0 d---s---- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\Microsoft
2008-05-13 01:12:20 0 d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\InterMute
2008-05-13 01:12:20 0 d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\Identities
2008-05-13 01:12:20 0 d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\Apple Computer
2008-05-13 01:12:19 0 d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\WINDOWS
2008-05-13 01:12:19 0 d--h----- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Templates <TEMPLA~1>
2008-05-13 01:12:19 0 dr------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Start Menu <STARTM~1>
2008-05-13 01:12:19 0 dr-h----- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\SendTo
2008-05-13 01:12:19 0 dr-h----- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Recent
2008-05-13 01:12:19 0 d--h----- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\PrintHood <PRINTH~1>
2008-05-13 01:12:19 1835008 --ah----- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\NTUSER.DAT
2008-05-13 01:12:19 0 d--h----- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\NetHood
2008-05-13 01:12:19 0 dr------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\My Documents <MYDOCU~1>
2008-05-13 01:12:19 0 d--h----- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Local Settings <LOCALS~1>
2008-05-12 19:29:21 0 dr-hs---- C:\cmdcons
2008-05-12 19:29:01 0 d-------- C:\WINDOWS\setupupd
2008-05-12 14:02:50 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Macromedia
2008-05-12 13:51:07 0 dr-h----- C:\Documents and Settings\HP_Owner\Recent
2008-05-12 13:47:49 0 dr------- C:\Documents and Settings\HP_Owner\Favorites <FAVORI~1>
2008-05-12 13:47:49 0 d-------- C:\Documents and Settings\HP_Owner\Desktop
2008-05-12 13:47:49 0 d--hs---- C:\Documents and Settings\HP_Owner\Cookies
2008-05-12 13:47:49 0 dr-h----- C:\Documents and Settings\HP_Owner\Application Data <APPLIC~1>
2008-05-12 13:47:49 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Symantec
2008-05-12 13:47:49 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\SampleView
2008-05-12 13:47:49 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Real
2008-05-12 13:47:49 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\InterMute
2008-05-12 13:47:49 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Identities
2008-05-12 13:47:49 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2008-05-12 13:47:48 0 d-------- C:\Documents and Settings\HP_Owner\WINDOWS
2008-05-12 13:47:48 0 d--h----- C:\Documents and Settings\HP_Owner\Templates <TEMPLA~1>
2008-05-12 13:47:48 0 dr------- C:\Documents and Settings\HP_Owner\Start Menu <STARTM~1>
2008-05-12 13:47:48 0 dr-h----- C:\Documents and Settings\HP_Owner\SendTo
2008-05-12 13:47:48 0 d--h----- C:\Documents and Settings\HP_Owner\PrintHood <PRINTH~1>
2008-05-12 13:47:48 0 d--h----- C:\Documents and Settings\HP_Owner\NetHood
2008-05-12 13:47:48 0 dr------- C:\Documents and Settings\HP_Owner\My Documents <MYDOCU~1>
2008-05-12 13:47:48 0 d--h----- C:\Documents and Settings\HP_Owner\Local Settings <LOCALS~1>
2008-05-12 13:47:47 3145728 --ah----- C:\Documents and Settings\HP_Owner\NTUSER.DAT
2008-05-12 13:32:36 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-12 11:49:20 0 dr-h----- C:\MSOCache
2008-05-12 11:47:30 0 dr-hs---- C:\WINDOWS\system32\dllcache
2008-05-07 08:51:03 6270976 --a------ C:\Documents and Settings\Robert\ntuser.dat
2008-05-07 08:45:08 0 d-------- C:\Program Files\Helper
2008-05-07 08:43:52 0 --a------ C:\1347863619


-- Find3M Report ---------------------------------------------------------------

2008-05-29 22:54:04 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-27 14:48:19 0 d-------- C:\Program Files\support.com
2008-05-26 06:54:37 0 d-------- C:\Program Files\Starware337
2008-05-22 07:09:41 0 d-------- C:\Program Files\AntiVirGear 3.8
2008-05-22 07:08:22 0 d-------- C:\Program Files\Starware316
2008-05-21 21:06:40 0 d-------- C:\Program Files\LimeWire
2008-05-16 09:06:26 0 d-------- C:\Program Files\Common Files
2008-05-15 14:04:18 0 d-------- C:\Program Files\Symantec
2008-05-15 09:54:08 0 d-------- C:\Program Files\McAfee.com
2008-05-15 08:44:36 0 d-------- C:\Program Files\Easy Internet signup
2008-05-13 11:28:10 0 d-------- C:\Program Files\XP Codec Pack
2008-05-13 11:04:54 0 d-------- C:\Program Files\microsoft frontpage
2008-05-12 12:04:56 0 d-------- C:\Program Files\Windows NT
2008-05-12 12:04:48 0 d-------- C:\Program Files\Movie Maker
2008-05-12 12:04:47 0 d-------- C:\Program Files\Messenger
2008-05-07 11:11:01 0 d-------- C:\Program Files\Plaxo


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/26/2005 01:34 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/23/2005 01:31 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/06/2005 02:59 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [05/26/2008 08:58 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/5/2004 5:28:24 AM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/5/2004 5:50:52 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 3:05:56 PM]
Quicken Scheduled Updates.lnk.disabled [3/13/2006 12:31:18 AM]
SpySubtract.lnk.disabled [5/6/2005 3:13:38 AM]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [5/6/2005 3:15:24 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll 06/05/2008 07:24 AM 14336 C:\WINDOWS\system32\WinCtrl32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fko15.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mrV73.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rwB51.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McAfee HackerWatch Service"=2 (0x2)
"MPS9"=2 (0x2)
"McRedirector"=2 (0x2)
"Emproxy"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Wise-FTP Scheduler"=C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe
"1&1 EasyLogin"=C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
"DelayShred"=c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\HP_Owner\LOCALS~1\TEMPOR~1\Content.IE5\WT0RCLK4\INDEX_~2.SH!
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe




-- End of Deckard's System Scanner: finished at 2008-06-05 07:54:46 ------------

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 05 June 2008 - 08:43 AM

Hello, thanks for the reply.. Please do the following...

Please show hidden files and folders. Please visit HERE if you don't know how.

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
    • C:\WINDOWS\system32\drivers\mrV73.sys
  • Click on the submit button
  • Please post the results in your next reply.
If Jotti server is too busy, please submit the file to VirusTotal instead.




NEXT


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.



NEXT


Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.



Please post the following logs in your next reply..

1. Jotti result
2. SDFix
3. ComboFix
4. A fresh HijackThis (after ComboFix step)



Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 clik-it

clik-it
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 05 June 2008 - 09:46 PM

Results from jotti with the firewall disabled

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file.

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 06 June 2008 - 08:55 AM

Ok.. waiting for your SDFix and ComboFix logs.. :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 clik-it

clik-it
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 10 June 2008 - 06:54 AM

Sorry for the delay. My machine was shutting down during the sdfix scan. but finally

Report.txt


SDFix: Version 1.188
Run by Linda on Mon 06/09/2008 at 10:39 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
FKO15

Path :

FKO15 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\drivers\FKO15.sys - Deleted


Could Not Remove C:\WINDOWS\system32\WinCtrl32.dll

Folder C:\Program Files\Helper - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 05:40:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Disabled:iTunes"
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"

Remaining Files :

C:\WINDOWS\system32\WinCtrl32.dll Found

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 12 May 2008 213 A.SHR --- "C:\BOOT.BAK"
Wed 29 Mar 2006 435 A..H. --- "C:\Documents and Settings\Robert\IPH.BAK"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 30 Aug 2005 32 A.SH. --- "C:\WINDOWS\SMINST\HPCD.SYS"
Sat 26 Aug 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 17 Sep 2007 108,544 ...H. --- "C:\Documents and Settings\Amanda\My Documents\~WRL0005.tmp"
Sun 19 Nov 2006 41,472 ...H. --- "C:\Documents and Settings\Robert\My Documents\~WRL0004.tmp"
Mon 11 Sep 2006 1,645,568 ...H. --- "C:\Documents and Settings\Robert\My Documents\~WRL0501.tmp"
Thu 21 Sep 2006 1,283,584 ...H. --- "C:\Documents and Settings\Robert\My Documents\~WRL2059.tmp"
Tue 22 Aug 2006 3,529,216 ...H. --- "C:\Documents and Settings\Robert\My Documents\~WRL2420.tmp"
Tue 22 Aug 2006 3,530,240 ...H. --- "C:\Documents and Settings\Robert\My Documents\~WRL2680.tmp"
Tue 3 Jun 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Tue 3 Jun 2008 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Wed 14 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 20 May 2007 14,710 A..H. --- "C:\Documents and Settings\Robert\Local Settings\Temp\bmp15.tmp"
Mon 2 Oct 2006 50,280 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Mon 9 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT3.tmp"
Thu 15 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa7431e5b6c6ef5b2a4a86419ca21980\BIT16.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BITC.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Crystal\Application Data\U3\temp\Launchpad Removal.exe"
Sat 26 Aug 2006 4,348 A..H. --- "C:\Documents and Settings\Crystal\My Documents\My Music\License Backup\drmv1key.bak"
Sat 26 Aug 2006 20 A..H. --- "C:\Documents and Settings\Crystal\My Documents\My Music\License Backup\drmv1lic.bak"
Wed 19 Apr 2006 312 A.SH. --- "C:\Documents and Settings\Crystal\My Documents\My Music\License Backup\drmv2key.bak"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Linda\Application Data\U3\temp\Launchpad Removal.exe"
Fri 5 May 2006 26,112 ...H. --- "C:\Documents and Settings\Robert\Application Data\Microsoft\Templates\~WRL0004.tmp"
Tue 22 Aug 2006 4,700,160 ...H. --- "C:\Documents and Settings\Robert\Application Data\Microsoft\Word\~WRL0068.tmp"
Tue 22 Aug 2006 3,529,216 ...H. --- "C:\Documents and Settings\Robert\Application Data\Microsoft\Word\~WRL1000.tmp"
Thu 21 Sep 2006 1,285,120 ...H. --- "C:\Documents and Settings\Robert\Application Data\Microsoft\Word\~WRL1273.tmp"
Thu 21 Sep 2006 2,711,552 ...H. --- "C:\Documents and Settings\Robert\Application Data\Microsoft\Word\~WRL1552.tmp"
Thu 21 Sep 2006 1,284,096 ...H. --- "C:\Documents and Settings\Robert\Application Data\Microsoft\Word\~WRL2583.tmp"
Tue 22 Aug 2006 4,699,648 ...H. --- "C:\Documents and Settings\Robert\Application Data\Microsoft\Word\~WRL2593.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Robert\Application Data\U3\temp\Launchpad Removal.exe"
Thu 30 Aug 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080605075208\backup\WINDOWS\temp\jfwpv9h0.TMP"

Finished!


ComboFix.txt

ComboFix 08-06-05.3 - HP_Owner 2008-06-10 6:47:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.111 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Amanda\Application Data\FunWebProducts
C:\Documents and Settings\Amanda\Application Data\FunWebProducts\Data\Amanda\avatar.dat
C:\Documents and Settings\Amanda\Application Data\FunWebProducts\Data\Amanda\register.dat
C:\Documents and Settings\Guest\Application Data\FunWebProducts
C:\Documents and Settings\Guest\Application Data\FunWebProducts\Data\Guest\avatar.dat
C:\Documents and Settings\Linda\Application Data\FunWebProducts
C:\Documents and Settings\Linda\Application Data\FunWebProducts\Data\Linda\avatar.dat
C:\Documents and Settings\Noelle\Application Data\FunWebProducts
C:\Documents and Settings\Noelle\Application Data\FunWebProducts\Data\Noelle\avatar.dat
C:\Documents and Settings\Robert\Application Data\FunWebProducts
C:\Documents and Settings\Robert\Application Data\FunWebProducts\Data\Robert\avatar.dat
C:\Program Files\AntiVirGear 3.8
C:\Program Files\AntiVirGear 3.8\avrg.dat
C:\Program Files\AntiVirGear 3.8\blacklist.txt
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Cache\01744A17
C:\Program Files\FunWebProducts\ScreenSaver\Cache\01A602D9.jpg
C:\Program Files\FunWebProducts\ScreenSaver\Cache\files.ini
C:\Program Files\FunWebProducts\ScreenSaver\Images\0025C07D.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\00491171.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\01080FEA.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\01746465.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images\017A8D7C.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images\01A5A4AC.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\01A5FF9D.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\01A62CB8.dat
C:\Program Files\FunWebProducts\ScreenSaver\Images\0B3BB863.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\01A62CB8.jpg
C:\Program Files\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp
C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
C:\Program Files\FunWebProducts\Shared\01040ACD.dat
C:\Program Files\FunWebProducts\Shared\01A6A91C.dat
C:\Program Files\FunWebProducts\Shared\03AE024C.dat
C:\Program Files\FunWebProducts\Shared\096A0A85.dat
C:\Program Files\FunWebProducts\Shared\163CE8D3.dat
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MySignatureInsertBtn-new.html
C:\Program Files\FunWebProducts\Shared\Cache\MySignatureInsertBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MySignaturePreviewBtn-new.html
C:\Program Files\FunWebProducts\Shared\Cache\MySignaturePreviewBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\2.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\4.bin\c3IEStub.Dll
C:\Program Files\MyWebSearch\bar\5.bin\c3IEStub.Dll
C:\Program Files\MyWebSearch\bar\6.bin\c3IEStub.Dll
C:\Program Files\MyWebSearch\bar\7.bin\c3IEStub.Dll
C:\Program Files\MyWebSearch\bar\8.bin\c3IEStub.Dll
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\Program Files\MyWebSearch\bar\Cache\0029EAE5
C:\Program Files\MyWebSearch\bar\Cache\0061D614.bin
C:\Program Files\MyWebSearch\bar\Cache\0061D7BA.bin
C:\Program Files\MyWebSearch\bar\Cache\0061D97F.bin
C:\Program Files\MyWebSearch\bar\Cache\00CD8690
C:\Program Files\MyWebSearch\bar\Cache\00F8A6B9
C:\Program Files\MyWebSearch\bar\Cache\02B05273.bin
C:\Program Files\MyWebSearch\bar\Cache\0B3BA71D
C:\Program Files\MyWebSearch\bar\Cache\0B3BA8E2.bin
C:\Program Files\MyWebSearch\bar\Cache\0B3BAA97.bin
C:\Program Files\MyWebSearch\bar\Cache\0B3BACAB.bin
C:\Program Files\MyWebSearch\bar\Cache\0B3BADD4.bin
C:\Program Files\MyWebSearch\bar\Cache\0B662F4C.bin
C:\Program Files\MyWebSearch\bar\Cache\0B662FE8.bin
C:\Program Files\MyWebSearch\bar\Cache\0B663075.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\ActiveDesktop\bin\ActiveDesktopExe.exe
C:\Program Files\screensavers.com\SSSUninst.exe
C:\Program Files\Starware316
C:\Program Files\Starware337
C:\Program Files\Starware337\brand.bmp
C:\Program Files\Starware337\icons\star_16.ico
C:\Program Files\Starware337\icons\Thumbs.db
C:\Program Files\Starware337\Starware337Config.xml
C:\Program Files\Starware337\Thumbs.db
C:\WINDOWS\BM5365f770.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\drivers\mrV73.sys
C:\WINDOWS\system32\WinCtrl32.dl_
C:\WINDOWS\system32\WinCtrl32.dll
F:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MRV73
-------\Service_mrV73


((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))
.

2008-06-09 07:55 . 2008-06-09 08:06 <DIR> d-------- C:\Program Files\Evrsoft First Page 2006
2008-06-09 07:55 . 2005-09-23 17:02 887,296 --a------ C:\WINDOWS\system32\KsDHTMLEDLib.ocx
2008-06-08 14:32 . 2008-06-08 14:32 <DIR> d-------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Application Data\AdobeUM
2008-06-05 23:43 . 2008-06-05 23:43 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-05 22:47 . 2008-06-10 05:59 <DIR> d-------- C:\SDFix
2008-06-02 22:07 . 2008-06-02 22:07 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-06-02 08:25 . 2008-06-10 07:26 9,023 --a------ C:\WINDOWS\system32\Config.MPF
2008-06-02 08:24 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-06-02 08:18 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-06-02 08:18 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-06-02 08:18 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-06-02 08:18 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-06-02 08:18 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-06-02 08:18 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-06-01 20:48 . 2005-05-06 03:12 <DIR> d-------- C:\Documents and Settings\Administrator.FAMILY\WINDOWS
2008-06-01 20:48 . 2005-05-06 03:36 <DIR> d-------- C:\Documents and Settings\Administrator.FAMILY\Application Data\Symantec
2008-06-01 20:48 . 2005-05-06 03:27 <DIR> d-------- C:\Documents and Settings\Administrator.FAMILY\Application Data\SampleView
2008-06-01 20:48 . 2005-05-06 03:32 <DIR> d-------- C:\Documents and Settings\Administrator.FAMILY\Application Data\InterMute
2008-06-01 20:48 . 2005-05-06 03:11 <DIR> d-------- C:\Documents and Settings\Administrator.FAMILY\Application Data\Apple Computer
2008-06-01 20:48 . 2008-06-01 20:48 <DIR> d-------- C:\Documents and Settings\Administrator.FAMILY
2008-06-01 20:32 . 2005-05-06 03:12 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-06-01 20:32 . 2008-06-01 20:32 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-01 18:52 . 2008-06-01 18:52 38 --a------ C:\WINDOWS\AviSplitter.INI
2008-05-31 01:36 . 2008-05-31 01:36 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\McAfee
2008-05-29 22:54 . 2008-05-29 22:54 <DIR> d-------- C:\Program Files\AceBIT
2008-05-29 22:54 . 2003-08-29 16:36 1,079,808 --a------ C:\WINDOWS\system32\we.dll
2008-05-29 22:54 . 2003-07-22 03:40 430,080 --a------ C:\WINDOWS\system32\wodSFTP.ocx
2008-05-29 22:54 . 2003-07-22 03:38 425,984 --a------ C:\WINDOWS\system32\wodKeys.dll
2008-05-29 22:54 . 2003-07-22 03:37 385,024 --a------ C:\WINDOWS\system32\wodSFTP.dll
2008-05-29 22:50 . 2008-05-29 22:50 <DIR> d-------- C:\Program Files\1&1
2008-05-29 22:50 . 2008-05-29 22:50 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\1&1
2008-05-29 22:30 . 2008-05-29 22:31 <DIR> d-------- C:\Program Files\Web CEO
2008-05-29 22:30 . 2000-01-24 06:01 453,632 --a------ C:\WINDOWS\system32\stdvcl40.dll
2008-05-27 15:28 . 2008-05-27 15:28 <DIR> d-------- C:\Deckard
2008-05-27 15:23 . 2008-05-27 15:23 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-27 15:23 . 2008-05-27 15:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-27 15:12 . 2008-05-27 15:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-27 14:36 . 2008-06-03 08:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-05-26 21:59 . 2008-05-27 14:36 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-26 21:59 . 2008-05-27 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-23 19:33 . 2008-05-23 19:33 917,504 --a------ C:\WINDOWS\system32\FLASH.OCX
2008-05-22 20:43 . 2008-05-22 20:43 <DIR> d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\AXPFixer
2008-05-21 17:10 . 2008-05-26 12:04 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-21 06:53 . 2008-05-21 06:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-21 06:53 . 2008-05-21 06:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-20 07:37 . 2007-06-03 22:31 80,473 --------- C:\WINDOWS\HPHins08.dat.temp
2008-05-20 07:37 . 2005-06-01 12:23 4,011 --------- C:\WINDOWS\hphmdl08.dat.temp
2008-05-20 07:34 . 2008-05-20 07:34 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\HP
2008-05-19 19:54 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-19 19:54 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-19 12:28 . 2008-05-19 12:28 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Internet Chess Club
2008-05-17 11:15 . 2008-05-17 11:15 <DIR> d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\AdobeUM
2008-05-16 19:42 . 2005-05-06 03:12 <DIR> d-------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\WINDOWS
2008-05-16 19:42 . 2005-05-06 03:36 <DIR> d-------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Application Data\Symantec
2008-05-16 19:42 . 2005-05-06 03:27 <DIR> d-------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Application Data\SampleView
2008-05-16 19:42 . 2005-05-06 03:32 <DIR> d-------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Application Data\InterMute
2008-05-16 19:42 . 2005-05-06 03:11 <DIR> d-------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2\Application Data\Apple Computer
2008-05-16 19:42 . 2008-05-19 12:17 <DIR> d-------- C:\Documents and Settings\Amanda.YOUR-F78BF48CE2
2008-05-16 09:40 . 2008-05-16 09:40 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2008-05-15 07:41 . 2008-06-02 08:18 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-05-15 07:40 . 2008-06-03 15:34 <DIR> d-------- C:\Program Files\McAfee
2008-05-15 07:26 . 2008-06-02 08:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-15 06:58 . 2008-03-01 09:06 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-15 06:58 . 2007-04-17 05:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-15 06:58 . 2007-03-08 01:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-15 06:58 . 2008-03-01 09:06 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-15 06:58 . 2008-03-01 09:06 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-15 06:58 . 2008-03-01 09:06 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-15 06:58 . 2008-03-01 09:06 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-15 06:58 . 2008-03-01 09:06 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-15 06:58 . 2008-02-22 06:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-14 21:34 . 2008-05-14 21:34 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-14 21:34 . 2008-05-14 21:35 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-13 21:53 . 2008-05-13 22:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-05-13 11:05 . 2008-05-13 11:05 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Microsoft Web Folders
2008-05-13 03:16 . 2008-05-13 03:16 <DIR> d-------- C:\30426a026e72319f27
2008-05-13 03:06 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-13 02:27 . 2008-05-13 02:30 <DIR> d-------- C:\Documents and Settings\Noelle
2008-05-13 02:11 . 2005-05-06 03:12 <DIR> d-------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\WINDOWS
2008-05-13 02:11 . 2005-05-06 03:36 <DIR> d-------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Application Data\Symantec
2008-05-13 02:11 . 2005-05-06 03:27 <DIR> d-------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Application Data\SampleView
2008-05-13 02:11 . 2005-05-06 03:32 <DIR> d-------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Application Data\InterMute
2008-05-13 02:11 . 2005-05-06 03:11 <DIR> d-------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2\Application Data\Apple Computer
2008-05-13 02:11 . 2008-05-13 02:30 <DIR> d-------- C:\Documents and Settings\Noelle.YOUR-F78BF48CE2
2008-05-13 02:08 . 2008-05-13 02:08 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\InterVideo
2008-05-13 01:55 . 2007-02-28 05:10 2,180,352 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-05-13 01:55 . 2007-02-28 05:08 2,136,064 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-05-13 01:55 . 2007-02-28 04:38 2,057,600 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-05-13 01:55 . 2007-02-28 04:38 2,015,744 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-05-13 01:53 . 2008-05-13 01:53 <DIR> d--hs---- C:\Documents and Settings\HP_Owner\UserData
2008-05-13 01:17 . 2008-05-13 01:30 <DIR> d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Linda
2008-05-13 01:12 . 2005-05-06 03:12 <DIR> d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\WINDOWS
2008-05-13 01:12 . 2005-05-06 03:36 <DIR> d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\Symantec
2008-05-13 01:12 . 2005-05-06 03:27 <DIR> d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\SampleView
2008-05-13 01:12 . 2005-05-06 03:32 <DIR> d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\InterMute
2008-05-13 01:12 . 2005-05-06 03:11 <DIR> d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2\Application Data\Apple Computer
2008-05-13 01:12 . 2008-06-01 07:55 <DIR> d-------- C:\Documents and Settings\Linda.YOUR-F78BF48CE2
2008-05-12 13:50 . 2005-01-23 13:30 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2008-05-12 13:49 . 2004-08-04 08:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-12 13:48 . 2008-05-12 13:49 1,886 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_PX743AA-ABA a1110n_YC_0Pavi_QCNH524_E53NAheBLU2_47_IGuppy_SASUSTek Computer INC._V1.03_B3.08_T050509_WXH2_L409_M504_J20_7Intel_8Celeron_93.07_#060312_N10EC8139_Z11C1048C_G80862562_OHP DVD Writer 640c.MRK
2008-05-12 13:47 . 2005-05-06 03:12 <DIR> d-------- C:\Documents and Settings\HP_Owner\WINDOWS
2008-05-12 13:47 . 2005-05-06 03:36 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Symantec
2008-05-12 13:47 . 2005-05-06 03:27 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\SampleView
2008-05-12 13:47 . 2005-05-06 03:32 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\InterMute
2008-05-12 13:47 . 2005-05-06 03:11 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2008-05-12 13:47 . 2008-06-05 08:19 <DIR> d-------- C:\Documents and Settings\HP_Owner
2008-05-12 13:36 . 2005-05-06 03:12 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-05-12 13:36 . 2005-05-06 03:36 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-05-12 13:36 . 2005-05-06 03:27 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
2008-05-12 13:36 . 2005-05-06 03:32 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\InterMute
2008-05-12 13:36 . 2005-05-06 03:11 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Apple Computer
2008-05-12 13:28 . 2004-08-04 02:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-12 13:28 . 2004-08-04 02:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-12 11:49 . 2008-05-12 12:01 <DIR> dr-h----- C:\MSOCache
2008-05-12 11:47 . 2008-05-28 03:03 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 02:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-27 18:48 --------- d-----w C:\Program Files\support.com
2008-05-22 01:06 --------- d-----w C:\Program Files\LimeWire
2008-05-15 18:04 --------- d-----w C:\Program Files\Symantec
2008-05-15 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-15 13:54 --------- d-----w C:\Program Files\McAfee.com
2008-05-15 12:44 --------- d-----w C:\Program Files\Easy Internet signup
2008-05-13 15:28 --------- d-----w C:\Program Files\XP Codec Pack
2008-05-13 15:04 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-12 12:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-05-07 15:11 --------- d-----w C:\Program Files\Plaxo
2008-04-21 15:40 --------- d-----w C:\Documents and Settings\Robert\Application Data\U3
2008-03-22 20:40 52,976 -c--a-w C:\Documents and Settings\Amanda\Application Data\GDIPFONTCACHEV1.DAT
2007-11-18 20:54 52,976 ----a-w C:\Documents and Settings\Guest\Application Data\GDIPFONTCACHEV1.DAT
2007-09-05 15:52 52,976 -c--a-w C:\Documents and Settings\Linda\Application Data\GDIPFONTCACHEV1.DAT
2007-08-04 03:29 52,976 ----a-w C:\Documents and Settings\Noelle\Application Data\GDIPFONTCACHEV1.DAT
2007-06-04 20:13 52,976 -c--a-w C:\Documents and Settings\Robert\Application Data\GDIPFONTCACHEV1.DAT
2007-04-16 02:54 7,168 -csha-w C:\Program Files\Thumbs.db
2006-10-31 20:51 92,064 -c--a-w C:\Documents and Settings\Crystal\mqdmmdm.sys
2006-10-31 20:51 9,232 -c--a-w C:\Documents and Settings\Crystal\mqdmmdfl.sys
2006-10-31 20:51 79,328 -c--a-w C:\Documents and Settings\Crystal\mqdmserd.sys
2006-10-31 20:51 66,656 -c--a-w C:\Documents and Settings\Crystal\mqdmbus.sys
2006-10-31 20:51 6,208 -c--a-w C:\Documents and Settings\Crystal\mqdmcmnt.sys
2006-10-31 20:51 5,936 -c--a-w C:\Documents and Settings\Crystal\mqdmwhnt.sys
2006-10-31 20:51 4,048 -c--a-w C:\Documents and Settings\Crystal\mqdmcr.sys
2006-10-31 20:51 25,600 -c--a-w C:\Documents and Settings\Crystal\usbsermptxp.sys
2006-10-31 20:51 22,768 -c--a-w C:\Documents and Settings\Crystal\usbsermpt.sys
2006-10-26 16:34 52,456 -c--a-w C:\Documents and Settings\Devin\Application Data\GDIPFONTCACHEV1.DAT
2006-09-17 19:32 0 -c--a-w C:\Documents and Settings\Robert\Application Data\wklnhst.dat
2006-05-23 20:26 0 -c--a-w C:\Documents and Settings\Linda\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-05-26 20:58 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 01:34 245760]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 13:31 126976]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-05-06 02:59 180269]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 05:28:24 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-05 05:50:52 53248]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56 65588]
Quicken Scheduled Updates.lnk.disabled [2006-03-13 00:31:18 686]
SpySubtract.lnk.disabled [2005-05-06 03:13:38 810]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2005-05-06 03:15:24 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fko15.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rwB51.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McAfee HackerWatch Service"=2 (0x2)
"MPS9"=2 (0x2)
"McRedirector"=2 (0x2)
"Emproxy"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Wise-FTP Scheduler"=C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe
"1&1 EasyLogin"=C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
"DelayShred"=c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\HP_Owner\LOCALS~1\TEMPOR~1\Content.IE5\WT0RCLK4\INDEX_~2.SH!
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

S0 rwB51;rwB51;C:\WINDOWS\system32\Drivers\rwB51.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-05-30 20:18:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-03 11:14:01 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-05-15 11:42:39 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-06-01 05:00:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-06-04 22:00:01 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 07:31:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
C:\hp\KBD\KBD.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-06-10 7:45:02 - machine was rebooted [HP_Owner]
ComboFix-quarantined-files.txt 2008-06-10 11:44:45

Pre-Run: 85,241,413,632 bytes free
Post-Run: 89,936,994,304 bytes free

469 --- E O F --- 2008-06-10 09:09:36


hijackthis.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:28 AM, on 6/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seeberger.tripod.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk.disabled
O4 - Global Startup: SpySubtract.lnk.disabled
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...308/mcfscan.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7384 bytes


THank you for all of your help.

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 11 June 2008 - 04:19 AM

Hello, thanks for the reply.. Please do the following...

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::
rwB51

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post Combofix log into your next reply




NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.





Please post the following logs in your next reply.. Please post each log in separate post..

1. ComboFix
2. MalwareBytes'
3. A fresh HijackThis log (after MalwareBytes' step)


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 20 June 2008 - 09:47 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users