Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Darksma,fishdown,virtumonde....


  • This topic is locked This topic is locked
17 replies to this topic

#1 kykys

kykys

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 23 July 2008 - 12:35 PM

2 Darksma and 1 Fishdown ,a lot of Trojan

Hello and Good Day to everybody , well I let my Brother use my computer and when I return Home It just wasn't working, when I try to go to the internet sometimes do nothing and other times just open the home page and nothing else ,then it freeze and I have to disconnected because nothing works ,another times I can go to the internet for 10 minutes but with a lot of Pop Us! and from no where there are these sound commercials that I closed everything but I still heard them , to open a website last about 5 minutes,sometimes to work in my documents or other part with out internet is possible .... when I want to write something is too slow that some letters does not show.... well I am having a lot of problems,I run McAFee antivirus but it said that is nothing, so I decided to bu Webroot Spy Sweeper an antivirus and I run it and showed some Trojan and Adwares , but the computer still doing the same and I Run Yahoo anti-spy and this one showed me that there are 2 Darksma and 1 Fishdown ,a lot of Trojan and some adwares.... I click delete but noting happened they return! Can you help me Please? I really need the computer I learn not to let my 15 years old brothers use it when I am not watching what they are downloading :thumbsup: These are the reports generated by DSS and Kaspersky scan.... I hope all the information you need is in here..
Kykys



Deckard's System Scanner v20071014.68
Run by user on 2008-07-23 06:05:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-07-23 13:06:04 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 82% (more than 75%).
Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-23 06:10:11
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\AOL\1203613709\ee\aolsoftware.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Documents and Settings\user\winlogon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\user\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\user\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://phoenix.cox.net/cci/home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: {34e6220b-d4fd-8768-d144-683b0e9b48a3} - {3a84b9e0-b386-441d-8678-df4db0226e43} - C:\WINDOWS\system32\jszkwf.dll
O2 - BHO: (no name) - {4533B7A9-F432-4F9F-9BF2-5DEFC981F854} - C:\WINDOWS\system32\jkkIXqrS.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A039C8A1-D08C-46FC-8DCA-8373F36F12E6} - C:\WINDOWS\system32\iifcDWoo.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D37C6D94-CF10-E3AF-583A-45F98AC40C35} - C:\WINDOWS\Eengiotq.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Search - {A997752A-AAF0-7EFC-9AB9-5D12C74EDD15} - C:\WINDOWS\Eengiotq.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1203613709\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\user\winlogon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [BM4fc18a60] Rundll32.exe "C:\WINDOWS\system32\hqeclppw.dll",s
O4 - HKLM\..\Run: [4cf2b9fc] rundll32.exe "C:\WINDOWS\system32\hgmysuiu.dll",b
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\user\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\user\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - CmdMapping - (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: about://internet (HKCU)
O15 - Trusted Zone: http://mcafee.com (HKCU)
O15 - Trusted Zone: https://mcafee.com (HKCU)
O16 - DPF: Yahoo! Blackjack () - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Chat () - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Checkers () - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Chess () - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Chinese Checkers () - http://download.games.yahoo.com/games/clients/y/cct0_x.cab
O16 - DPF: Yahoo! Poker () - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 () - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: Yahoo! Pyramids () - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: Yahoo! Reversi () - http://download.games.yahoo.com/games/clients/y/rt0_x.cab
O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/8/B...42/wmsp9dmo.cab
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/msaud.cab
O16 - DPF: {00000162-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/0/B...4B9/wma9dmo.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} (SentinelVE3D Class) - http://download.microsoft.com/download/a/f...tualEarth3D.cab
O16 - DPF: {0DB0E34A-E2CA-4748-AC02-087E2662CBEA} (DirectPrint.PrintAXView) - http://www.fultonhomes.com/ContractDocs/DirectPrint.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - https://liverep.esignal.com/netagent/objects/custappx3.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cab
O16 - DPF: {27EB254C-C724-43B1-8DD8-F3AC9ED761B2} (Wavexpress Cab Helper) - http://client2.tvtonic.com/Webservice/Publ...8/TVTStage1.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {40D230B5-7444-441A-9852-F71FB050FA8E} (MozillaPluginHostCtrl Class) - http://www.t-mobilepictures.com/photos/tmi/tmiplugin_ie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v44/bl...x/blockwerx.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132082332484
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast.com/hostClientIE.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://www.visitrenotahoe.com/plan_your_tr.../webcam/AMC.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} () - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.techsmith.com/codec/tsccinst.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX28.cab
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://www.webcamcancun.com/WinWebPush.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7C22D9BF-8917-496B-8F4C-BB52C88BF844} (Convergent.LocalAPI) - http://208.34.84.160/intro_volvo/Convergent/VolvoAPI.CAB
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://65.116.147.218/activex/AxisCamControl.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/...8025.7180902778
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidO...PhotoOnline.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} () - http://download.yahoo.com/dl/installs/yab_af.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/flash...ent/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DE3F1566-A06D-11D0-ACD5-00A02417B281} (ApplicationXtender View Control) - http://www.fultonhomes.com/ContractDocs/aexview.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} () - http://camera1.jupiterfoundation.org/activex/AMC.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/bingame/rmcb/default/RumbleCube.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{D8EC24DC-3D6C-486C-873C-4538A9FB304D}: NameServer = 151.164.1.8,206.13.28.12
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: tv - {9E754710-6158-11D5-B6CE-0050DAAEA668} - (no file)
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: hgGywVmM - C:\WINDOWS\system32\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - C:\WINDOWS\system32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe


--
End of file - 23516 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S3 C-Dilla - c:\windows\system32\drivers\cdant.sys (file missing)
S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing)
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 SymEvent - c:\program files\symantec\symevent.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 GEARSecurity - system32\gearsec.exe <Not Verified; GEAR Software; gearsec>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-23 05:41:00 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-07-16 11:38:34 434 --a------ C:\WINDOWS\Tasks\EasyShare Registration Task.job
2008-07-02 15:44:19 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-05 21:12:11 338 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-05-05 21:12:10 330 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-06-23 and 2008-07-23 -----------------------------

2008-07-22 19:05:31 102400 --a------ C:\WINDOWS\system32\jszkwf.dll
2008-07-22 19:05:27 102400 --a------ C:\WINDOWS\system32\qfnwthnn.dll
2008-07-22 19:03:26 84480 --a------ C:\WINDOWS\system32\hgmysuiu.dll
2008-07-22 19:02:58 93184 --a------ C:\WINDOWS\system32\hqeclppw.dll
2008-07-22 08:57:17 32256 --a------ C:\WINDOWS\system32\cbXQGAQG.dll
2008-07-21 19:14:22 81920 -----n--- C:\WINDOWS\system32\ohjprryf.dll
2008-07-21 19:04:02 102400 --a------ C:\WINDOWS\system32\nbchcs.dll
2008-07-21 19:03:57 102400 --a------ C:\WINDOWS\system32\oqsfkcjv.dll
2008-07-21 08:27:24 32256 --a------ C:\WINDOWS\system32\byXPGVoP.dll
2008-07-21 08:27:21 32256 --a------ C:\WINDOWS\system32\fccddETk.dll
2008-07-20 08:31:22 32256 --a------ C:\WINDOWS\system32\ljJYRHBR.dll
2008-07-20 08:31:19 32256 --a------ C:\WINDOWS\system32\hgGxUNHX.dll
2008-07-19 08:26:45 32256 --a------ C:\WINDOWS\system32\wvUlkLCt.dll
2008-07-19 08:26:42 32256 --a------ C:\WINDOWS\system32\fcccBRjJ.dll
2008-07-19 08:26:41 0 d-------- C:\WINDOWS\system32\carH18
2008-07-18 16:18:36 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-07-18 14:21:28 0 d-------- C:\Program Files\Common Files\Webroot Shared
2008-07-18 14:21:09 102912 --a------ C:\WINDOWS\system32\wnxtaq.dll
2008-07-18 14:20:59 102912 --a------ C:\WINDOWS\system32\lfdblgor.dll
2008-07-18 14:19:13 93696 --a------ C:\WINDOWS\system32\tvekggfs.dll
2008-07-18 06:38:39 32256 --a------ C:\WINDOWS\system32\pmnlijii.dll
2008-07-17 11:39:39 81408 --a------ C:\WINDOWS\system32\dultblyv.dll
2008-07-17 11:35:45 102912 --a------ C:\WINDOWS\system32\qpfzvf.dll
2008-07-17 11:35:42 102912 --a------ C:\WINDOWS\system32\rxqfbyds.dll
2008-07-17 07:33:05 102912 --a------ C:\WINDOWS\system32\texodx.dll
2008-07-17 07:32:55 102912 --a------ C:\WINDOWS\system32\wrlhewwp.dll
2008-07-17 07:30:38 32256 --a------ C:\WINDOWS\system32\wvUmliJb.dll
2008-07-17 07:30:18 32256 --a------ C:\WINDOWS\system32\yayxyaxy.dll
2008-07-17 07:29:52 852236 --ahs---- C:\WINDOWS\system32\SrqXIkkj.ini2
2008-07-17 07:29:24 283136 --a------ C:\WINDOWS\system32\jkkIXqrS.dll
2008-07-16 08:31:26 0 d-------- C:\WINDOWS\system32\aumsDK18
2008-07-16 08:31:22 32256 --a------ C:\WINDOWS\system32\xxyyxyXP.dll
2008-07-15 18:22:16 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-15 14:16:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Geek Squad
2008-07-15 13:51:15 0 d-------- C:\Program Files\Sun
2008-07-14 12:37:25 0 d--h----- C:\Documents and Settings\LocalService\SendTo
2008-07-14 12:36:20 0 dr------- C:\Documents and Settings\LocalService\My Documents <MYDOCU~1>
2008-07-14 12:35:58 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-07-14 09:57:06 164 --a------ C:\install.dat
2008-07-13 20:53:37 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-13 20:53:03 0 d-------- C:\Program Files\Webroot
2008-07-13 20:53:03 0 d-------- C:\Documents and Settings\user\Application Data\Webroot
2008-07-13 20:53:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-12 08:55:13 0 d-------- C:\Program Files\Exterminate It!
2008-07-08 15:22:35 721257 --ahs---- C:\WINDOWS\system32\ooWDcfii.ini2
2008-07-08 15:16:17 53248 ---hs---- C:\Documents and Settings\user\winlogon.exe
2008-07-08 12:11:44 0 d-------- C:\WINDOWS\wb
2008-07-08 12:11:44 87552 --a------ C:\WINDOWS\system\url.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-07-08 12:11:44 9728 --a------ C:\WINDOWS\system\rnaph.dll <Not Verified; Microsoft Corporation; Microsoft® Windows™ Operating System>


-- Find3M Report ---------------------------------------------------------------

2008-07-22 16:43:23 114301 --a------ C:\logfile
2008-07-22 08:57:05 0 d-------- C:\Documents and Settings\user\Application Data\mjusbsp
2008-07-18 14:21:28 0 d-------- C:\Program Files\Common Files
2008-07-15 18:22:33 0 d-------- C:\Documents and Settings\user\Application Data\Lavasoft
2008-07-15 13:49:25 0 d-------- C:\Program Files\Java
2008-07-10 09:42:19 0 d-------- C:\Program Files\Common Files\Scanner
2008-07-10 09:41:58 0 d-------- C:\Program Files\Yahoo!
2008-07-10 08:17:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-09 13:45:14 110 --a------ C:\WINDOWS\Victoria
2008-06-25 14:17:31 0 d-------- C:\Program Files\DivX
2008-06-06 11:36:28 0 d-------- C:\Documents and Settings\user\Application Data\Google
2008-05-30 16:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 16:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-28 18:01:08 0 d-------- C:\Program Files\Windows Live
2008-05-27 14:58:20 0 d-------- C:\Program Files\Windows Live Toolbar
2008-05-27 14:57:14 0 d-------- C:\Program Files\Windows Live Favorites
2008-05-27 14:53:21 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-27 14:45:31 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-26 11:09:03 0 d-------- C:\Documents and Settings\user\Application Data\U3
2008-05-22 15:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 15:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 15:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 15:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3a84b9e0-b386-441d-8678-df4db0226e43}]
07/22/2008 07:05 PM 102400 --a------ C:\WINDOWS\system32\jszkwf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4533B7A9-F432-4F9F-9BF2-5DEFC981F854}]
07/17/2008 07:29 AM 283136 --a------ C:\WINDOWS\system32\jkkIXqrS.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A039C8A1-D08C-46FC-8DCA-8373F36F12E6}]
C:\WINDOWS\system32\iifcDWoo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D37C6D94-CF10-E3AF-583A-45F98AC40C35}]
C:\WINDOWS\Eengiotq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
04/01/2008 05:18 AM 160496 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [08/04/2004 12:56 AM C:\WINDOWS\system32\rundll32.exe]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [06/08/2005 04:24 PM]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [06/08/2005 04:14 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 06:34 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/20/2006 06:34 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 06:34 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 07:05 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 11:56 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1203613709\ee\AOLSoftware.exe" [09/25/2006 05:52 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/07/2008 03:25 AM]
"YMailAdvisor"="C:\Program Files\Yahoo!\Common\YMailAdvisor.exe" [02/26/2008 09:26 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"Windows Logon Applicationedc"="C:\Documents and Settings\user\winlogon.exe" [06/27/2008 06:38 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]
"BM4fc18a60"="C:\WINDOWS\system32\hqeclppw.dll" [07/22/2008 07:02 PM]
"4cf2b9fc"="C:\WINDOWS\system32\hgmysuiu.dll" [07/22/2008 07:03 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [11/30/2006 10:49 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"Google Update"="C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [07/14/2008 08:46 AM]
"cdloader"="C:\Documents and Settings\user\Application Data\mjusbsp\cdloader2.exe" [06/12/2008 12:37 PM]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [08/09/2007 01:56 PM]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
YouTube Uploader.lnk - C:\Documents and Settings\user\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [11/9/2007 2:33:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [9/19/2007 5:33:46 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGywVmM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkIXqrS

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\autorun.exe
phone\command- D:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f56723c-e10a-11dc-a958-00038a000015}]
AutoRun\command- D:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-07-23 06:12:04 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 3000+
Percentage of Memory in Use: 85%
Physical Memory (total/avail): 447.48 MiB / 65.71 MiB
Pagefile Memory (total/avail): 1058.38 MiB / 521.63 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.37 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 149.05 GiB total, 106.59 GiB free.
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
K: is CDROM (UDF)
L: is CDROM (No Media)
M: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600AB-22DYA0 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.05 GiB - C:

\\.\PHYSICALDRIVE1 - eM Bay Reader USB Device

\\.\PHYSICALDRIVE2 - eM Bay Reader USB Device

\\.\PHYSICALDRIVE3 - eM Bay Reader USB Device

\\.\PHYSICALDRIVE4 - eM Bay Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: Spy Sweeper with AntiVirus v5.5.7.124 (Webroot Software Inc) Disabled
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America Online 9.0a\\waol.exe:*:Enabled:America Online 9.0a"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPager.exe"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\Tutorial\\Tutorial.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\Tutorial\\Tutorial.exe:*:Enabled:Kodak EasyShare software tutorial"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe"="C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe:*:Enabled:Ad-Aware SE Personal"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"="C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe:*:Enabled:Acrobat Reader 5.0"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\eSignal\\winros.exe"="C:\\Program Files\\eSignal\\winros.exe:*:Enabled:eSignal Data Manager"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Schwab\\SSProSim\\SSProSim.exe"="C:\\Program Files\\Schwab\\SSProSim\\SSProSim.exe:*:Enabled:StreetSmart Pro®"
"C:\\Program Files\\DealBook 360\\DealBookFX.exe"="C:\\Program Files\\DealBook 360\\DealBookFX.exe:*:Enabled:DealBookFX"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\1stWORKS\\hotCommLite\\BIN\\HotComm.exe"="C:\\Program Files\\1stWORKS\\hotCommLite\\BIN\\HotComm.exe:*:Enabled:hotComm Lite Client"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\AOL\\RC\\regclient.exe"="C:\\Program Files\\AOL\\RC\\regclient.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\\Program Files\\Common Files\\AOL\\1203576117\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1203576117\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL System Information"
"C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Documents and Settings\\user\\Application Data\\mjusbsp\\magicJack.exe"="C:\\Documents and Settings\\user\\Application Data\\mjusbsp\\magicJack.exe:*:Enabled:magicJack"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\user\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-PD3MH0ABGS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\user
LOGONSERVER=\\YOUR-PD3MH0ABGS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Ulead Systems\Mpeg;C:\Program Files\MBTrading\MBT Navigator;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\user\LOCALS~1\Temp
TMP=C:\DOCUME~1\user\LOCALS~1\Temp
USERDOMAIN=YOUR-PD3MH0ABGS
USERNAME=user
USERPROFILE=C:\Documents and Settings\user
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

user (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\SBC Yahoo!\umuninst.exe" /S
--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
3D Groove Playback Engine --> RunDll32 C:\WINDOWS\DOWNLO~1\CONFLICT.1\GrooveAX.dll,_RemoveGroove@16
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATT-AACE --> C:\PROGRA~1\ATT\UNWISE.EXE C:\PROGRA~1\ATT\INSTALL.LOG
Autodesk Design Review 2008 --> MsiExec.exe /I{FACF203E-0F4D-489A-B80C-D185253C8FCB}
AXIS Media Control --> rundll32 "C:\Program Files\Axis Communications\AXIS Media Control\AxisMediaControl.dll",UninstallMe
BUM --> MsiExec.exe /I{55937F00-A69B-4049-8D3A-1C7729742B6F}
CA Yahoo! Anti-Spy (remove only) --> "C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Chessmaster 7000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Chessmaster 7000\CMUninst.isu"
Chutes and Ladders --> C:\WINDOWS\uninst.exe -fC:\PROGRA~1\HASBRO~1\Chutes\DeIsL1.isu
Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Corel Painter Essentials 3 --> MsiExec.exe /I{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}
Corel Snapfire Plus --> MsiExec.exe /I{C8283917-C24D-45E3-A84A-A5A084283218}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
GoToMeeting/GoToWebinar 3.0.0.190 --> C:\Program Files\Citrix\GoToMeeting\190\G2MUninstall.exe /uninstall
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment Standard Edition v1.3.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1\Uninst.isu"
Java 2 Runtime Environment Standard Edition v1.3.1_02 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_02\Uninst.isu"
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java 2 Runtime Environment, SE v1.4.2_13 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142130}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KODAK EASYSHARE Gallery Easy Upload, v2.1 --> C:\Documents and Settings\user\Local Settings\Application Data\KodakGallery\EasyShareSetup\$SETUP_140007_24a2b34\Setup.exe /APR-REMOVE
KODAK EASYSHARE Gallery Upload ActiveX Control --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\Downloaded Program Files\axofupld.inf, Uninstall
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0002_4ab974\Setup.exe /APR-REMOVE
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Let's Go Read - An Island Adventure --> C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Let's Go Read - An Island Adventure\Uninstall.xml"
Lexmark Z700-P700 Series --> C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBLUN5C.EXE -dLexmark Z700-P700 Series
Little Bear Rainy Day Activities --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative Wonders\Little Bear Rainy Day Activities\Uninst.isu"
Logitech QuickCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Magic 3D Coloring Book Amazing Animals --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM and Crayola\Amazing Animals\Uninst.isu"
Magma Burner --> "C:\Program Files\Magma Burner\unins000.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
MathPlayer --> C:\Program Files\Design Science\MathPlayer\Setup.exe -u
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Merriam-Webster 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Merriam-Webster\setup.exe" -l0x9
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office Access MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0015-0C0A-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0016-0C0A-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 Trial --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-001A-0C0A-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0018-0C0A-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional 2007 --> MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Professional 2007 Versión de Evaluación --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Proof (Basque) 2007 --> MsiExec.exe /X{90120000-001F-042D-0000-0000000FF1CE}
Microsoft Office Proof (Catalan) 2007 --> MsiExec.exe /X{90120000-001F-0403-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Galician) 2007 --> MsiExec.exe /X{90120000-001F-0456-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing (Spanish) 2007 --> MsiExec.exe /X{90120000-002C-0C0A-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0019-0C0A-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-006E-0C0A-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-001B-0C0A-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Move Networks Media Player for Internet Explorer --> C:\Program Files\J River\Esmas Player\MoveTV\Uninst.exe
Move Networks Player for Internet Explorer --> "C:\Documents and Settings\user\Application Data\Move Networks\ie_bin\unins000.exe"
MSN Cartoon (Beta) --> MsiExec.exe /I{B7A703FC-5057-421C-A7A8-7456968D375F}
Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe" -l0x9
netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuaudio.exe UninstallGUI
NVIDIA nForce Drivers --> C:\WINDOWS\System32\nvuninst.exe Uninstall C:\WINDOWS\System32\NVU001.nvu,NVIDIA nForce Drivers
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0 --> "C:\Program Files\Orban\AAC-aacPlus Plugin\unins000.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
TerraExplorer --> C:\Program Files\Skyline\TerraExplorer\Setup.exe [OP]/U
tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
TVTonic --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D38FA80-7D18-11D5-A814-00508BCC413D}\setup.exe" -l0x9 UNINSTALL
Update for Office 2007 (KB932080) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtual Earth 3D (Beta) --> MsiExec.exe /I{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Wal-Mart Music Downloads Store --> MsiExec.exe /I{7EE454FB-531E-47F9-BA45-ED65496EEB09}
Window Washer --> C:\WINDOWS\Unwash6.exe
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Yahoo! Mail Advisor --> C:\PROGRA~1\Yahoo!\Common\UNINST~1.EXE
YouTube Uploader --> MsiExec.exe /X{171818BA-E0AD-313D-B45A-1BC9D77ADA86}


-- Application Event Log -------------------------------------------------------

Event Record #/Type332656 / Warning
Event Submitted/Written: 07/23/2008 06:08:32 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{1A15507A-8551-4626-915D-3D5FA095CC1B}', feature '_ISUS' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Event Record #/Type332655 / Warning
Event Submitted/Written: 07/23/2008 06:08:32 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{1A15507A-8551-4626-915D-3D5FA095CC1B}', feature '_ISUS', component '{ACD935F6-53F3-469B-842F-2CE17B80840C}' failed. The resource 'HKEY_CURRENT_USER\Software\Corel\Auto Update\{1A15507A-8551-4626-915D-3D5FA095CC1B}\Interval' does not exist.

Event Record #/Type332654 / Warning
Event Submitted/Written: 07/23/2008 06:08:32 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{1A15507A-8551-4626-915D-3D5FA095CC1B}', feature '_ISUS' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Event Record #/Type332653 / Warning
Event Submitted/Written: 07/23/2008 06:08:32 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{1A15507A-8551-4626-915D-3D5FA095CC1B}', feature '_ISUS', component '{ACD935F6-53F3-469B-842F-2CE17B80840C}' failed. The resource 'HKEY_CURRENT_USER\Software\Corel\Auto Update\{1A15507A-8551-4626-915D-3D5FA095CC1B}\Interval' does not exist.

Event Record #/Type332652 / Warning
Event Submitted/Written: 07/23/2008 06:08:32 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{1A15507A-8551-4626-915D-3D5FA095CC1B}', feature '_ISUS' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type245180 / Error
Event Submitted/Written: 07/23/2008 06:11:03 AM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The SmartLinkService service has reported an invalid current state 0.

Event Record #/Type245175 / Error
Event Submitted/Written: 07/23/2008 05:41:00 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type245174 / Error
Event Submitted/Written: 07/23/2008 04:41:00 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type245173 / Error
Event Submitted/Written: 07/23/2008 03:41:00 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type245172 / Error
Event Submitted/Written: 07/23/2008 02:41:00 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}



-- End of Deckard's System Scanner: finished at 2008-07-23 06:12:04 ------------




KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, July 22, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, July 22, 2008 23:34:08
Records in database: 987374


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area Critical Areas
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\user\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics
Files scanned 64025
Threat name 7
Infected objects 17
Suspicious objects 0
Duration of the scan 01:51:56

File name Threat name Threats count
C:\WINDOWS\system32\jkkIXqrS.dll/C:\WINDOWS\system32\jkkIXqrS.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aaue 2

C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b 1

C:\WINDOWS\system32\byXPGVoP.dll Infected: Trojan.Win32.Monderb.ny 1

C:\WINDOWS\system32\cbXQGAQG.dll Infected: Trojan.Win32.Monderb.ny 1

C:\WINDOWS\system32\dultblyv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.abje 1

C:\WINDOWS\system32\fcccBRjJ.dll Infected: Trojan.Win32.Monderb.ny 1

C:\WINDOWS\system32\fccddETk.dll Infected: Trojan.Win32.Monderb.ny 1

C:\WINDOWS\system32\hgGxUNHX.dll Infected: Trojan.Win32.Monderb.ny 1

C:\WINDOWS\system32\jkkIXqrS.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aaue 1

C:\WINDOWS\system32\ljJYRHBR.dll Infected: Trojan.Win32.Monderb.ny 1

C:\WINDOWS\system32\pmnlijii.dll Infected: Trojan.Win32.Monderb.lu 1

C:\WINDOWS\system32\wvUlkLCt.dll Infected: Trojan.Win32.Monderb.ny 1

C:\WINDOWS\system32\wvUmliJb.dll Infected: Trojan.Win32.Monderb.gn 1

C:\WINDOWS\system32\xxyyxyXP.dll Infected: Trojan.Win32.Monderb.gn 1

C:\WINDOWS\system32\yayxyaxy.dll Infected: Trojan.Win32.Monderb.gn 1

The selected area was scanned.





MY COMPUTER
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, July 22, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, July 22, 2008 23:34:08
Records in database: 987374


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
F:\
G:\
H:\
I:\
K:\
L:\
M:\

Scan statistics
Files scanned 112424
Threat name 10
Infected objects 24
Suspicious objects 0
Duration of the scan 02:21:31

File name Threat name Threats count
C:\WINDOWS\system32\jkkIXqrS.dll/C:\WINDOWS\system32\jkkIXqrS.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aaue 3

ctfmon.exe\hqeclppw.dll/ctfmon.exe\hqeclppw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.abnb 1

rundll32.exe\hqeclppw.dll/rundll32.exe\hqeclppw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.abnb 1

C:\Genesis\Navigator Suite\Ftp\Backup\UPGRD40.GZP Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110 1

C:\Genesis\Navigator Suite\Ftp\Backup\UPGRD40.GZP Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1

C:\Genesis\Navigator Suite\Info\Remote\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1

C:\Genesis\Navigator Suite\Info\RemoteNew\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1

C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b 1

C:\WINDOWS\system32\byXPGVoP.dll Infected: Trojan.Win32.Monderb.ny 1

C:\WINDOWS\system32\cbXQGAQG.dll Infected: Trojan.Win32.Monderb.ny 1

C:\WINDOWS\system32\dultblyv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.abje 1

C:\WINDOWS\system32\fcccBRjJ.dll Infected: Trojan.Win32.Monderb.ny 1

C:\WINDOWS\system32\fccddETk.dll Infected: Trojan.Win32.Monderb.ny 1

C:\WINDOWS\system32\hgGxUNHX.dll Infected: Trojan.Win32.Monderb.ny 1

C:\WINDOWS\system32\jkkIXqrS.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aaue 1

C:\WINDOWS\system32\ljJYRHBR.dll Infected: Trojan.Win32.Monderb.ny 1

C:\WINDOWS\system32\pmnlijii.dll Infected: Trojan.Win32.Monderb.lu 1

C:\WINDOWS\system32\wvUlkLCt.dll Infected: Trojan.Win32.Monderb.ny 1

C:\WINDOWS\system32\wvUmliJb.dll Infected: Trojan.Win32.Monderb.gn 1

C:\WINDOWS\system32\xxyyxyXP.dll Infected: Trojan.Win32.Monderb.gn 1

C:\WINDOWS\system32\yayxyaxy.dll Infected: Trojan.Win32.Monderb.gn 1

The selected area was scanned.

FOLDER

KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, July 23, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, July 22, 2008 23:34:08
Records in database: 987374


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area Folder
C:\

Scan statistics
Files scanned 112014
Threat name 9
Infected objects 19
Suspicious objects 0
Duration of the scan 02:10:05

File name Threat name Threats count
C:\Genesis\Navigator Suite\Ftp\Backup\UPGRD40.GZP Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110 1

C:\Genesis\Navigator Suite\Ftp\Backup\UPGRD40.GZP Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1

C:\Genesis\Navigator Suite\Info\Remote\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1

C:\Genesis\Navigator Suite\Info\RemoteNew\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1

C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b 1

C:\WINDOWS\system32\byXPGVoP.dll Infected: Trojan.Win32.Monderb.ny 1

C:\WINDOWS\system32\cbXQGAQG.dll Infected: Trojan.Win32.Monderb.ny 1

C:\WINDOWS\system32\dultblyv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.abje 1

C:\WINDOWS\system32\fcccBRjJ.dll Infected: Trojan.Win32.Monderb.ny 1

C:\WINDOWS\system32\fccddETk.dll Infected: Trojan.Win32.Monderb.ny 1

C:\WINDOWS\system32\hgGxUNHX.dll Infected: Trojan.Win32.Monderb.ny 1

C:\WINDOWS\system32\jkkIXqrS.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aaue 1

C:\WINDOWS\system32\ljJYRHBR.dll Infected: Trojan.Win32.Monderb.ny 1

C:\WINDOWS\system32\pmnlijii.dll Infected: Trojan.Win32.Monderb.lu 1

C:\WINDOWS\system32\wvUlkLCt.dll Infected: Trojan.Win32.Monderb.ny 1

C:\WINDOWS\system32\wvUmliJb.dll Infected: Trojan.Win32.Monderb.gn 1

C:\WINDOWS\system32\xxyyxyXP.dll Infected: Trojan.Win32.Monderb.gn 1

C:\WINDOWS\system32\yayxyaxy.dll Infected: Trojan.Win32.Monderb.gn 1

The selected area was scanned.

Fix code tags. Also fixed some spelling for clarity. ~ OB

Edited by Orange Blossom, 23 July 2008 - 08:57 PM.


BC AdBot (Login to Remove)

 


m

#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 24 July 2008 - 07:15 PM

Hello, my name is fenzodahl512 and welcome to BC., Please do the following....


Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.





NEXT


Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.




Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 kykys

kykys
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 25 July 2008 - 12:05 AM

fenzodahl512 Thankyou for your time, I followed the instructions and I think I did what you told me , please let me know what you see....
This is the Combo Fix report
ComboFix 08-07-24.1 - user 2008-07-24 20:24:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.190 [GMT -7:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\lswmv.ini
C:\Program Files\Common Files\uninstall information
C:\WINDOWS\BM4fc18a60.txt
C:\WINDOWS\cdmxtras
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\pskt.ini
C:\WINDOWS\system\msvbvm60.dll
C:\WINDOWS\system32\byXPGVoP.dll
C:\WINDOWS\system32\cache329
C:\WINDOWS\system32\cache329\B_329_0_0_105300.htm
C:\WINDOWS\system32\cache329\B_329_0_0_106800.htm
C:\WINDOWS\system32\cache329\B_329_0_0_107400.htm
C:\WINDOWS\system32\cache329\B_329_1_0_449200.gif
C:\WINDOWS\system32\cache329\B_329_1_0_449600.gif
C:\WINDOWS\system32\cache329\B_329_1_0_454300.gif
C:\WINDOWS\system32\cache329\B_329_2_0_105300.htm
C:\WINDOWS\system32\cache329\B_329_2_0_106800.htm
C:\WINDOWS\system32\cache329\B_329_2_0_107400.htm
C:\WINDOWS\system32\cache329\B_329_3_0_105300.htm
C:\WINDOWS\system32\cache329\B_329_3_0_106800.htm
C:\WINDOWS\system32\cache329\B_329_3_0_107400.htm
C:\WINDOWS\system32\cache329\B_329_4_0_111600.htm
C:\WINDOWS\system32\cache329\B_329_4_0_152400.htm
C:\WINDOWS\system32\cache329\B_329_4_0_155300.htm
C:\WINDOWS\system32\cache329\B_329_4_0_164100.htm
C:\WINDOWS\system32\cache329\t_B_329_0_0_105300.htm
C:\WINDOWS\system32\cache329\t_B_329_0_0_106800.htm
C:\WINDOWS\system32\cache329\t_B_329_0_0_107400.htm
C:\WINDOWS\system32\cache329\t_B_329_2_0_105300.htm
C:\WINDOWS\system32\cache329\t_B_329_2_0_106800.htm
C:\WINDOWS\system32\cache329\t_B_329_2_0_107400.htm
C:\WINDOWS\system32\cache329\t_B_329_3_0_105300.htm
C:\WINDOWS\system32\cache329\t_B_329_3_0_106800.htm
C:\WINDOWS\system32\cache329\t_B_329_3_0_107400.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_111600.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_152400.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_155300.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_164100.htm
C:\WINDOWS\system32\cbXQGAQG.dll
C:\WINDOWS\system32\dultblyv.dll
C:\WINDOWS\system32\fcccBRjJ.dll
C:\WINDOWS\system32\fccddETk.dll
C:\WINDOWS\system32\hgGxUNHX.dll
C:\WINDOWS\system32\hgmysuiu.dll
C:\WINDOWS\system32\jszkwf.dll
C:\WINDOWS\system32\kfmekwnt.ini
C:\WINDOWS\system32\krmvfqku.ini
C:\WINDOWS\system32\lfdblgor.dll
C:\WINDOWS\system32\ljJYRHBR.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nbchcs.dll
C:\WINDOWS\system32\ooWDcfii.ini
C:\WINDOWS\system32\ooWDcfii.ini2
C:\WINDOWS\system32\opybvbvj.ini
C:\WINDOWS\system32\oqsfkcjv.dll
C:\WINDOWS\system32\orwojslq.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnlijii.dll
C:\WINDOWS\system32\qfnwthnn.dll
C:\WINDOWS\system32\qpfzvf.dll
C:\WINDOWS\system32\rxqfbyds.dll
C:\WINDOWS\system32\stvwa.bak1
C:\WINDOWS\system32\texodx.dll
C:\WINDOWS\system32\tuvWpPGW.dll
C:\WINDOWS\system32\tvekggfs.dll
C:\WINDOWS\system32\uiusymgh.ini
C:\WINDOWS\system32\vylbtlud.ini
C:\WINDOWS\system32\wnxtaq.dll
C:\WINDOWS\system32\wrlhewwp.dll
C:\WINDOWS\system32\wvUlkLCt.dll
C:\WINDOWS\system32\wvUmliJb.dll
C:\WINDOWS\system32\xxyyxyXP.dll
C:\WINDOWS\system32\yayvTmnk.dll
C:\WINDOWS\system32\yayxyaxy.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))
.

2008-07-23 07:52 . 2008-07-24 08:11 <DIR> d-------- C:\WINDOWS\system32\kBin02
2008-07-23 07:52 . 2008-07-23 07:52 <DIR> d-------- C:\Temp\epr1
2008-07-23 06:05 . 2008-07-23 06:05 <DIR> d-------- C:\Deckard
2008-07-21 19:14 . 2008-07-22 16:42 43,873 --ahs---- C:\WINDOWS\system32\fyrrpjho.ini
2008-07-19 08:26 . 2008-07-22 08:57 <DIR> d-------- C:\WINDOWS\system32\carH18
2008-07-19 08:26 . 2008-07-19 08:26 <DIR> d-------- C:\Temp\btxv15
2008-07-18 16:18 . 2008-07-22 12:04 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-07-18 14:21 . 2008-07-18 14:21 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared
2008-07-18 14:20 . 2007-08-09 13:56 69,960 --a------ C:\WINDOWS\Unwash6.exe
2008-07-17 07:29 . 2008-07-24 11:18 345 --ahs---- C:\WINDOWS\system32\SrqXIkkj.ini
2008-07-16 08:31 . 2008-07-18 06:38 <DIR> d-------- C:\WINDOWS\system32\aumsDK18
2008-07-16 08:31 . 2008-07-16 08:31 <DIR> d-------- C:\Temp\zpv201
2008-07-16 08:12 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-07-15 18:22 . 2008-07-15 18:22 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-15 14:16 . 2008-07-15 14:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Geek Squad
2008-07-15 13:51 . 2008-07-15 13:51 <DIR> d-------- C:\Program Files\Sun
2008-07-14 15:58 . 2008-07-14 15:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-14 15:58 . 2008-07-14 15:58 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-14 09:57 . 2008-07-14 09:57 164 --a------ C:\install.dat
2008-07-13 20:53 . 2008-07-18 14:21 <DIR> d-------- C:\Program Files\Webroot
2008-07-13 20:53 . 2008-07-18 14:21 <DIR> d-------- C:\Documents and Settings\user\Application Data\Webroot
2008-07-13 20:53 . 2008-07-13 20:53 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-13 20:53 . 2008-07-18 14:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-13 20:53 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-13 20:53 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-13 20:53 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-07-13 20:53 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-13 20:53 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-12 08:55 . 2008-07-13 08:02 <DIR> d-------- C:\Program Files\Exterminate It!
2008-07-11 15:05 . 2008-07-11 15:05 406 --ahs---- C:\WINDOWS\system32\itfoijhh.ini
2008-07-11 14:28 . 2008-07-11 14:28 1,728,735 --ahs---- C:\WINDOWS\system32\itfoijhh.tmp
2008-07-09 08:19 . 2008-07-23 09:42 110,473 --a------ C:\WINDOWS\BM4fc18a60.xml
2008-07-08 15:16 . 2008-06-27 18:38 53,248 ---hs---- C:\Documents and Settings\user\winlogon.exe
2008-07-08 12:11 . 2008-07-08 12:11 <DIR> d-------- C:\WINDOWS\wb
2008-07-08 12:11 . 1996-08-16 12:44 87,552 --a------ C:\WINDOWS\system\url.dll
2008-07-08 12:11 . 1996-09-30 11:32 9,728 --a------ C:\WINDOWS\system\rnaph.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 18:33 --------- d-----w C:\Documents and Settings\user\Application Data\mjusbsp
2008-07-16 01:22 --------- d-----w C:\Documents and Settings\user\Application Data\Lavasoft
2008-07-15 20:49 --------- d-----w C:\Program Files\Java
2008-07-15 02:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-10 16:42 --------- d-----w C:\Program Files\Common Files\Scanner
2008-07-10 16:41 --------- d-----w C:\Program Files\Yahoo!
2008-07-10 15:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 21:17 --------- d-----w C:\Program Files\DivX
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-29 01:01 --------- d-----w C:\Program Files\Windows Live
2008-05-27 21:58 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-27 21:57 --------- d-----w C:\Program Files\Windows Live Favorites
2008-05-27 21:53 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-27 21:45 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-27 21:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-26 18:09 --------- d-----w C:\Documents and Settings\user\Application Data\U3
2008-05-17 02:35 90,112 ----a-w C:\WINDOWS\DUMP93b4.tmp
2008-05-08 18:17 61,224 ----a-w C:\Documents and Settings\user\GoToAssistDownloadHelper.exe
2007-12-01 22:16 87,608 ----a-w C:\Documents and Settings\user\Application Data\inst.exe
2007-12-01 22:16 47,360 ----a-w C:\Documents and Settings\user\Application Data\pcouffin.sys
2006-11-28 02:49 56,912 ----a-w C:\Documents and Settings\user\g2mdlhlpx.exe
2005-02-14 17:23 184,680 ----a-w C:\Documents and Settings\user\Application Data\shb.dat
2006-05-05 17:56 152 --sh--r C:\WINDOWS\system32\4FA3CB7A5F.sys
2006-12-22 06:11 328 --sh--r C:\WINDOWS\system32\5F7ACBA34F.sys
2006-12-22 06:11 12,524 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88ec68f7-fc39-03dc-6552-95413396b201}]
2008-07-08 08:08 158208 --a------ C:\WINDOWS\system32\iztzmmpidi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-04-01 05:18 160496 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2006-11-30 22:49 4662776]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Google Update"="C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-07-14 08:46 119280]
"cdloader"="C:\Documents and Settings\user\Application Data\mjusbsp\cdloader2.exe" [2008-06-12 12:37 50520]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2007-08-09 13:56 1261384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"Windows Logon Applicationedc"="C:\Documents and Settings\user\winlogon.exe" [2008-06-27 18:38 53248]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 00:19 4640768]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14 217088]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 18:34 86960]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
"HostManager"="C:\Program Files\Common Files\AOL\1203613709\ee\AOLSoftware.exe" [2006-09-25 17:52 50736]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-07 03:25 39792]
"YMailAdvisor"="C:\Program Files\Yahoo!\Common\YMailAdvisor.exe" [2008-02-26 09:26 132376]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"{f755e522-f6fe-0aa0-93b0-59bdc050811b}"="C:\WINDOWS\system32\iztzmmpidi.dll" [2008-07-08 08:08 158208]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
YouTube Uploader.lnk - C:\Documents and Settings\user\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [2007-11-09 14:33:08 71152]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 05:33:46 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{094133C8-1D3D-4785-8A56-531CC89612EF}"= "C:\WINDOWS\system32\opnonkJy.dll" [2008-07-24 20:42 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnonkJy]
2008-07-24 20:42 32768 C:\WINDOWS\system32\opnonkJy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1203576117\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\AOL 9.0a\\waol.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\user\\Application Data\\mjusbsp\\magicJack.exe"=

R2 cmdService;Command Service;C:\WINDOWS\dXNlcg\command.exe [2005-08-02 16:58]
R2 Network Monitor;Network Monitor;C:\Program Files\Network Monitor\netmon.exe service []
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-08-09 13:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autorun.exe
\Shell\phone\command - D:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f56723c-e10a-11dc-a958-00038a000015}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

*Newly Created Service* - CMDSERVICE
*Newly Created Service* - MSTEEE
*Newly Created Service* - NETWORK_MONITOR
.
Contents of the 'Scheduled Tasks' folder
"2008-07-23 23:24:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-25 03:41:56 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-07-16 18:38:34 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exe
"2008-05-06 04:12:11 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-05-06 04:12:10 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{A039C8A1-D08C-46FC-8DCA-8373F36F12E6} - C:\WINDOWS\system32\iifcDWoo.dll
BHO-{D37C6D94-CF10-E3AF-583A-45F98AC40C35} - C:\WINDOWS\Eengiotq.dll
Toolbar-{A997752A-AAF0-7EFC-9AB9-5D12C74EDD15} - C:\WINDOWS\Eengiotq.dll
HKLM-Run-BM4fc18a60 - C:\WINDOWS\system32\hqeclppw.dll
HKLM-Run-runner1 - C:\WINDOWS\mrofinu1188.exe
ShellExecuteHooks-{E91C2855-AC7E-4ED9-B488-0F78FAE8AD2D} - (no file)
ShellExecuteHooks-{B4977567-6B39-4AFA-9CD2-47A20209F5FE} - (no file)
ShellExecuteHooks-{59AAD935-DB8D-4289-A0A3-67E2B3B55BAB} - (no file)
ShellExecuteHooks-{04F27F39-1C1B-4A4F-8B5A-A531E364B7A6} - (no file)
ShellExecuteHooks-{37E10337-6A37-45BB-BB1A-146C7D2A6E73} - (no file)
Notify-hgGywVmM - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://phoenix.cox.net/cci/home
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKLM-Main,Search Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyServer = http=127.0.0.1:9022
R1 -: HKCU-Internet Settings,ProxyOverride = ;127.0.0.1;www.lazyboy.com;;www.msnusers.com;www.lazyboy.com;www.msnusers.com;pcs.adam.com;;localhost;<local>
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{D8EC24DC-3D6C-486C-873C-4538A9FB304D}: NameServer = 151.164.1.8,206.13.28.12

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
C:\WINDOWS\Downloaded Program Files\Yahoo! Chat.osd

O16 -: {0DB0E34A-E2CA-4748-AC02-087E2662CBEA} - hxxp://www.fultonhomes.com/ContractDocs/DirectPrint.cab
C:\WINDOWS\Downloaded Program Files\DirectPrint.INF
C:\WINDOWS\system32\MSVBVM60.DLL
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\OLEPRO32.DLL
C:\WINDOWS\system32\ASYCFILT.DLL
C:\WINDOWS\system32\stdole2.tlb
C:\WINDOWS\system32\COMCAT.DLL
C:\WINDOWS\Downloaded Program Files\DirectPrint.ocx

O16 -: {40D230B5-7444-441A-9852-F71FB050FA8E} - hxxp://www.t-mobilepictures.com/photos/tmi/tmiplugin_ie.cab
C:\WINDOWS\Downloaded Program Files\tmiplugin_ie.inf
C:\WINDOWS\Downloaded Program Files\tmihostctrl.dll

O16 -: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://www.visitrenotahoe.com/plan_your_trip/outdoors/reno_river_fest/webcam/AMC.cab
C:\WINDOWS\Downloaded Program Files\setup.inf

O16 -: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} - hxxp://www.techsmith.com/codec/tsccinst.cab
C:\WINDOWS\Downloaded Program Files\tsccinst.inf
C:\WINDOWS\Downloaded Program Files\tsccinst.dll

O16 -: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} - hxxp://www.webcamcancun.com/WinWebPush.cab
C:\WINDOWS\Downloaded Program Files\WinWeb.dll

O16 -: {7C22D9BF-8917-496B-8F4C-BB52C88BF844} - hxxp://208.34.84.160/intro_volvo/Convergent/VolvoAPI.CAB
C:\WINDOWS\Downloaded Program Files\VolvoAPI.INF
C:\WINDOWS\system32\objsafe.tlb
C:\WINDOWS\system32\MSVBVM60.DLL
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\OLEPRO32.DLL
C:\WINDOWS\system32\ASYCFILT.DLL
C:\WINDOWS\system32\stdole2.tlb
C:\WINDOWS\system32\COMCAT.DLL
C:\WINDOWS\system32\msado25.tlb
C:\WINDOWS\system32\VolvoAPI.dll

O16 -: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - hxxp://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
C:\WINDOWS\Downloaded Program Files\RealArcadeRdxIE.dll

O16 -: {DE3F1566-A06D-11D0-ACD5-00A02417B281} - hxxp://www.fultonhomes.com/ContractDocs/aexview.cab
C:\WINDOWS\Downloaded Program Files\aexview.inf
C:\WINDOWS\system32\MFC71.dll
C:\WINDOWS\system32\msvcr71.dll
C:\WINDOWS\system32\msvcp71.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\OLEPRO32.DLL
C:\WINDOWS\Downloaded Program Files\aexdex32.dll
C:\WINDOWS\Downloaded Program Files\il.dll
C:\WINDOWS\Downloaded Program Files\virtimg.dll
C:\WINDOWS\Downloaded Program Files\ImageObjects.dll
C:\WINDOWS\Downloaded Program Files\aexview.ocx

O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://camera1.jupiterfoundation.org/activex/AMC.cab
C:\WINDOWS\Downloaded Program Files\setup.inf


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 20:33:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc240.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\opnonkJy.dll
-> C:\Documents and Settings\user\winlogon.exe
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\gearsec.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\kBin02\kBin022328.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu1000106.exe
.
**************************************************************************
.
Completion time: 2008-07-24 20:56:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-25 03:56:12

Pre-Run: 113,801,809,920 bytes free
Post-Run: 114,495,262,720 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

384 --- E O F --- 2008-07-16 23:58:41





And this is the Other report I think the HijackThis log

Deckard's System Scanner v20071014.68
Run by user on 2008-07-24 20:59:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:41 PM, on 7/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Documents and Settings\user\winlogon.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\AOL\1203613709\ee\AOLSoftware.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Documents and Settings\user\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\kBin02\kBin022328.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\dXNlcg\command.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\mrofinu.exe
C:\WINDOWS\mrofinu.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://phoenix.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;www.lazyboy.com;;www.msnusers.com;www.lazyboy.com;www.msnusers.com;pcs.adam.com;;localhost;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: targetedbanner browser optimizer - {88ec68f7-fc39-03dc-6552-95413396b201} - C:\WINDOWS\system32\iztzmmpidi.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\user\winlogon.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1203613709\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [{f755e522-f6fe-0aa0-93b0-59bdc050811b}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\iztzmmpidi.dll" DllStart
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\user\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\user\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tmi: C:\Program Files\Internet Explorer\PLUGINS\NPTmiPlay.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/games/clients/y/cct0_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0DB0E34A-E2CA-4748-AC02-087E2662CBEA} (DirectPrint.PrintAXView) - http://www.fultonhomes.com/ContractDocs/DirectPrint.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - https://liverep.esignal.com/netagent/objects/custappx3.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {27EB254C-C724-43B1-8DD8-F3AC9ED761B2} (Wavexpress Cab Helper) - http://client2.tvtonic.com/Webservice/Publ...8/TVTStage1.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {40D230B5-7444-441A-9852-F71FB050FA8E} (MozillaPluginHostCtrl Class) - http://www.t-mobilepictures.com/photos/tmi/tmiplugin_ie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v44/bl...x/blockwerx.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132082332484
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast.com/hostClientIE.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://www.visitrenotahoe.com/plan_your_tr.../webcam/AMC.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.techsmith.com/codec/tsccinst.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX28.cab
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://www.webcamcancun.com/WinWebPush.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7C22D9BF-8917-496B-8F4C-BB52C88BF844} (Convergent.LocalAPI) - http://208.34.84.160/intro_volvo/Convergent/VolvoAPI.CAB
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://65.116.147.218/activex/AxisCamControl.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidO...PhotoOnline.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DE3F1566-A06D-11D0-ACD5-00A02417B281} (ApplicationXtender View Control) - http://www.fultonhomes.com/ContractDocs/aexview.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://camera1.jupiterfoundation.org/activex/AMC.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/bingame/rmcb/default/RumbleCube.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8EC24DC-3D6C-486C-873C-4538A9FB304D}: NameServer = 151.164.1.8,206.13.28.12
O18 - Protocol hijack: tv - {9E754710-6158-11D5-B6CE-0050DAAEA668}
O20 - Winlogon Notify: opnonkJy - C:\WINDOWS\SYSTEM32\opnonkJy.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dXNlcg\command.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 20771 bytes

-- Files created between 2008-06-24 and 2008-07-24 -----------------------------

2008-07-24 21:00:17 0 d-------- C:\Program Files\Trend Micro
2008-07-24 20:46:56 687592 --a------ C:\WINDOWS\system32\atmtd.dll
2008-07-24 20:46:12 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2008-07-24 20:45:44 1989 --a------ C:\WINDOWS\uninstall_nmon.vbs
2008-07-24 20:45:43 0 d-------- C:\Program Files\Network Monitor
2008-07-24 20:45:12 64841 --a------ C:\WINDOWS\system32\vqqanrpzpdjshtgd.exe
2008-07-24 20:44:12 86144 --a------ C:\WINDOWS\system32\drivers\msteee.sys
2008-07-24 20:43:47 0 d-------- C:\WINDOWS\system32\revs
2008-07-24 20:43:47 0 d-------- C:\WINDOWS\system32\n32
2008-07-24 20:43:47 0 d-------- C:\WINDOWS\system32\cog1
2008-07-24 20:42:24 32768 --a------ C:\WINDOWS\system32\xxyyaWon.dll
2008-07-24 20:42:23 32768 --a------ C:\WINDOWS\system32\opnonkJy.dll
2008-07-24 20:23:52 0 d-------- C:\cmdcons
2008-07-24 20:18:27 68096 --a------ C:\WINDOWS\zip.exe
2008-07-24 20:18:27 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-24 20:18:27 98816 --a------ C:\WINDOWS\sed.exe
2008-07-24 20:18:27 80412 --a------ C:\WINDOWS\grep.exe
2008-07-24 20:18:26 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-24 20:18:26 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-24 20:18:26 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-24 20:18:25 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-23 12:54:18 44544 -ra------ C:\WINDOWS\mrofinu1000106.exe
2008-07-23 07:52:22 0 d-------- C:\WINDOWS\system32\kBin02
2008-07-19 08:26:41 0 d-------- C:\WINDOWS\system32\carH18
2008-07-18 16:18:36 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-07-18 14:21:28 0 d-------- C:\Program Files\Common Files\Webroot Shared
2008-07-16 08:31:26 0 d-------- C:\WINDOWS\system32\aumsDK18
2008-07-15 18:22:16 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-15 14:16:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Geek Squad
2008-07-15 13:51:15 0 d-------- C:\Program Files\Sun
2008-07-14 12:37:25 0 d--h----- C:\Documents and Settings\LocalService\SendTo
2008-07-14 12:36:20 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-07-14 12:35:58 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-07-14 09:57:06 164 --a------ C:\install.dat
2008-07-13 20:53:37 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-13 20:53:03 0 d-------- C:\Program Files\Webroot
2008-07-13 20:53:03 0 d-------- C:\Documents and Settings\user\Application Data\Webroot
2008-07-13 20:53:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-12 08:55:13 0 d-------- C:\Program Files\Exterminate It!
2008-07-08 15:16:17 53248 ---hs---- C:\Documents and Settings\user\winlogon.exe
2008-07-08 12:11:44 0 d-------- C:\WINDOWS\wb
2008-07-08 12:11:44 87552 --a------ C:\WINDOWS\system\url.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-07-08 12:11:44 9728 --a------ C:\WINDOWS\system\rnaph.dll <Not Verified; Microsoft Corporation; Microsoft® Windows™ Operating System>
2008-07-08 08:08:28 158208 --a------ C:\WINDOWS\system32\iztzmmpidi.dll


-- Find3M Report ---------------------------------------------------------------

2008-07-24 20:43:41 115821 --a------ C:\logfile
2008-07-24 20:26:08 0 d-------- C:\Program Files\Common Files
2008-07-24 11:33:18 0 d-------- C:\Documents and Settings\user\Application Data\mjusbsp
2008-07-15 18:22:33 0 d-------- C:\Documents and Settings\user\Application Data\Lavasoft
2008-07-15 13:49:25 0 d-------- C:\Program Files\Java
2008-07-10 09:42:19 0 d-------- C:\Program Files\Common Files\Scanner
2008-07-10 09:41:58 0 d-------- C:\Program Files\Yahoo!
2008-07-10 08:17:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-09 13:45:14 110 --a------ C:\WINDOWS\Victoria
2008-06-25 14:17:31 0 d-------- C:\Program Files\DivX
2008-06-06 11:36:28 0 d-------- C:\Documents and Settings\user\Application Data\Google
2008-05-30 16:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 16:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-28 18:01:08 0 d-------- C:\Program Files\Windows Live
2008-05-27 14:58:20 0 d-------- C:\Program Files\Windows Live Toolbar
2008-05-27 14:57:14 0 d-------- C:\Program Files\Windows Live Favorites
2008-05-27 14:53:21 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-27 14:45:31 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-26 11:09:03 0 d-------- C:\Documents and Settings\user\Application Data\U3
2008-05-22 15:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 15:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 15:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 15:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88ec68f7-fc39-03dc-6552-95413396b201}]
07/08/2008 08:08 AM 158208 --a------ C:\WINDOWS\system32\iztzmmpidi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
04/01/2008 05:18 AM 160496 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Logon Applicationedc"="C:\Documents and Settings\user\winlogon.exe" [06/27/2008 06:38 PM]
"NvCplDaemon"="RUNDLL32.exe" [08/04/2004 12:56 AM C:\WINDOWS\system32\rundll32.exe]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [06/08/2005 04:24 PM]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [06/08/2005 04:14 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 06:34 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/20/2006 06:34 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 06:34 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 07:05 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 11:56 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1203613709\ee\AOLSoftware.exe" [09/25/2006 05:52 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/07/2008 03:25 AM]
"YMailAdvisor"="C:\Program Files\Yahoo!\Common\YMailAdvisor.exe" [02/26/2008 09:26 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"{f755e522-f6fe-0aa0-93b0-59bdc050811b}"="C:\WINDOWS\system32\iztzmmpidi.dll" [07/08/2008 08:08 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [11/30/2006 10:49 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"Google Update"="C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [07/14/2008 08:46 AM]
"cdloader"="C:\Documents and Settings\user\Application Data\mjusbsp\cdloader2.exe" [06/12/2008 12:37 PM]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [08/09/2007 01:56 PM]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
YouTube Uploader.lnk - C:\Documents and Settings\user\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [11/9/2007 2:33:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [9/19/2007 5:33:46 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{094133C8-1D3D-4785-8A56-531CC89612EF}"= C:\WINDOWS\system32\opnonkJy.dll [07/24/2008 08:42 PM 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnonkJy]
opnonkJy.dll 07/24/2008 08:42 PM 32768 C:\WINDOWS\system32\opnonkJy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\autorun.exe
phone\command- D:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f56723c-e10a-11dc-a958-00038a000015}]
AutoRun\command- D:\LaunchU3.exe -a

*Newly Created Service* - CMDSERVICE
*Newly Created Service* - MSTEEE
*Newly Created Service* - NETWORK_MONITOR



-- End of Deckard's System Scanner: finished at 2008-07-24 21:03:15 ------------

Edited by Orange Blossom, 26 July 2008 - 06:58 PM.
Fix code tags. ~ OB


#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 25 July 2008 - 12:53 AM

Hello, please don't alter your logs.. Don't put color or use code/quote tag.. Just post logs as it is.. Only attach it if requested..


Please show hidden files and folders. Please visit HERE if you don't know how.
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
    • C:\WINDOWS\system\url.dll
      C:\WINDOWS\system\rnaph.dll
      C:\WINDOWS\system32\drivers\msteee.sys
  • Click on the Upload button. You can only submit one file per round..
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
If VirScan server is too busy, please submit the file to VirusTotal instead.





NEXT


1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
cmdService
Network Monitor

File::
C:\WINDOWS\system32\fyrrpjho.ini
C:\WINDOWS\system32\SrqXIkkj.ini
C:\WINDOWS\system32\itfoijhh.ini
C:\WINDOWS\system32\itfoijhh.tmp
C:\WINDOWS\BM4fc18a60.xml
C:\Documents and Settings\user\winlogon.exe
C:\WINDOWS\system32\iztzmmpidi.dll
C:\WINDOWS\system32\opnonkJy.dll
D:\autorun.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\vqqanrpzpdjshtgd.exe

Folder::
C:\WINDOWS\system32\kBin02
C:\Temp\epr1
C:\WINDOWS\system32\carH18
C:\Temp\btxv15
C:\WINDOWS\system32\aumsDK18
C:\Temp\zpv201
C:\Program Files\Network Monitor
C:\WINDOWS\dXNlcg
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\WINDOWS\system32\revs
C:\WINDOWS\system32\n32
C:\WINDOWS\system32\cog1

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88ec68f7-fc39-03dc-6552-95413396b201}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{f755e522-f6fe-0aa0-93b0-59bdc050811b}"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{094133C8-1D3D-4785-8A56-531CC89612EF}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnonkJy]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • VirScan.org/VirusTotal results
  • Combofix.txt
  • A new HijackThis log.

Edited by fenzodahl512, 25 July 2008 - 12:54 AM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 kykys

kykys
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 25 July 2008 - 03:58 PM

Hello , Thankyou for your help , well I did the VirSCAN.org I upload the three files but the last one C:\WINDOWS\system32\drivers\msteee.sys it says that it couldn't found it ,but here are the result....

VirSCAN.org Scanned Report :
Scanned time : 2008/07/25 12:13:04 (MST)
Scanner results: All Scanners reported not find malware!
File Name : url.dll
File Size : 87552 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 0798d8a8878fa459ce13f91f0949eab1
SHA1 : e3b0b424348cfc9d8ea1b60a8929424360e50156
Online report : http://virscan.org/report/b33842b163defb21...f7be197585.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.22 2008.07.24 2008-07-24 2.37 -
AhnLab V3 2008.07.26.00 2008.07.26 2008-07-26 0.85 -
AntiVir 7.8.1.12 7.0.5.173 2008-07-25 2.11 -
Arcavir 1.0.5 200807241848 2008-07-24 1.17 -
AVAST! 3.0.1 080725-1 2008-07-25 0.01 -
AVG 7.5.51.442 270.5.6/1572 2008-07-25 1.48 -
BitDefender 7.60825.1389053 7.20196 2008-07-25 2.58 -
CA (VET) 9.0.0.143 31.6.5981 2008-07-25 0.64 -
ClamAV 0.93.3 7826 2008-07-25 0.02 -
Comodo 2.11 2.0.0.596 2008-07-25 0.42 -
CP Secure 1.1.0.715 2008.07.25 2008-07-25 5.49 -
Dr.Web 4.44.0.9170 2008.07.25 2008-07-25 2.99 -
ewido 4.0.0.2 2008.07.25 2008-07-25 2.30 -
F-Prot 4.4.4.56 20080724 2008-07-24 0.97 -
F-Secure 5.51.6100 2008.07.25.05 2008-07-25 0.04 -
Fortinet 2.81-3.11 9.355 2008-07-25 1.62 -
ViRobot 20080725 2008.07.25 2008-07-25 0.41 -
Ikarus T3.1.01.34 2008.07.25.71159 2008-07-25 3.05 -
JiangMin 11.0.706 2008.07.25 2008-07-25 1.14 -
Kaspersky 5.5.10 2008.07.25 2008-07-25 0.03 -
KingSoft 2008.1.14.15 2008.7.25.18 2008-07-25 0.64 -
McAfee 5.2.00 5346 2008-07-24 2.16 -
Microsoft 1.3704 2008.07.25 2008-07-25 6.09 -
mks_vir 2.01 2008.07.25 2008-07-25 2.46 -
Norman 5.93.01 5.93.00 2008-07-24 4.74 -
Panda 9.05.01 2008.07.24 2008-07-24 1.50 -
Trend Micro 8.700-1004 5.434.05 2008-07-25 0.03 -
Quick Heal 9.50 2008.07.25 2008-07-25 2.10 -
Rising 20.0 20.54.42.00 2008-07-25 0.73 -
Sophos 2.75.4 4.31 2008-07-25 1.87 -
Sunbelt 3.1.1536.1 2156 2008-07-18 0.46 -
Symantec 1.3.0.24 20080724.024 2008-07-24 0.71 -
nProtect 2008-07-25.00 1702673 2008-07-25 3.15 -
The Hacker 6.2.96 v00389 2008-07-24 0.40 -
VBA32 3.12.8.1 20080725.0854 2008-07-25 1.10 -
VirusBuster 4.5.11.10 10.82.22/596792 2008-07-25 0.84 -







File information
File Name : rnaph.dll
File Size : 9728 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : cec0bb32d83b4f574b53e83e7df112ab
SHA1 : 6c3ed5858984ac7dbb9d37cc4fd780067417b652

Scanner results
Scanner results : All Scanners reported not find malware!
Time : 2008/07/25 12:17:21 (MST)


Scanner Engine Ver Sig Ver Sig Date Scan result Time
a-squared 3.5.0.22 2008.07.24 2008-07-24 - 2.164
AhnLab V3 2008.07.26.00 2008.07.26 2008-07-26 - 0.847
AntiVir 7.8.1.12 7.0.5.173 2008-07-25 - 2.124
Arcavir 1.0.5 200807241848 2008-07-24 - 1.195
AVAST! 3.0.1 080725-1 2008-07-25 - 0.651
AVG 7.5.51.442 270.5.6/1572 2008-07-25 - 1.487
BitDefender 7.60825.1389053 7.20196 2008-07-25 - 2.561
CA (VET) 9.0.0.143 31.6.5981 2008-07-25 - 0.713
ClamAV 0.93.3 7826 2008-07-25 - 0.006
Comodo 2.11 2.0.0.596 2008-07-25 - 0.419
CP Secure 1.1.0.715 2008.07.25 2008-07-25 - 5.467
Dr.Web 4.44.0.9170 2008.07.25 2008-07-25 - 3.035
ewido 4.0.0.2 2008.07.25 2008-07-25 - 2.290
F-Prot 4.4.4.56 20080724 2008-07-24 - 0.966
F-Secure 5.51.6100 2008.07.25.05 2008-07-25 - 2.785
Fortinet 2.81-3.11 9.355 2008-07-25 - 1.613
Ikarus T3.1.01.34 2008.07.25.71159 2008-07-25 - 3.039
JiangMin 11.0.706 2008.07.25 2008-07-25 - 1.133
Kaspersky 5.5.10 2008.07.25 2008-07-25 - 0.027
KingSoft 2008.1.14.15 2008.7.25.18 2008-07-25 - 0.640
McAfee 5.2.00 5346 2008-07-24 - 2.161
Microsoft 1.3704 2008.07.25 2008-07-25 - 4.506
mks_vir 2.01 2008.07.25 2008-07-25 - 2.528
Norman 5.93.01 5.93.00 2008-07-24 - 4.592
nProtect 2008-07-25.00 1702673 2008-07-25 - 3.143
Panda 9.05.01 2008.07.24 2008-07-24 - 1.921
Quick Heal 9.50 2008.07.25 2008-07-25 - 1.573
Rising 20.0 20.54.42.00 2008-07-25 - 0.732
Sophos 2.75.4 4.31 2008-07-25 - 1.885
Sunbelt 3.1.1536.1 2156 2008-07-18 - 0.393
Symantec 1.3.0.24 20080724.024 2008-07-24 - 0.048
The Hacker 6.2.96 v00389 2008-07-24 - 0.394
Trend Micro 8.700-1004 5.434.05 2008-07-25 - 0.024
VBA32 3.12.8.1 20080725.0854 2008-07-25 - 1.103
ViRobot 20080725 2008.07.25 2008-07-25 - 0.404
VirusBuster 4.5.11.10 10.82.22/596792 2008-07-25 - 0.782







ComboFix 08-07-24.1 - user 2008-07-25 12:40:50.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.197 [GMT -7:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\user\winlogon.exe
C:\WINDOWS\BM4fc18a60.xml
C:\WINDOWS\mrofinu.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\fyrrpjho.ini
C:\WINDOWS\system32\itfoijhh.ini
C:\WINDOWS\system32\itfoijhh.tmp
C:\WINDOWS\system32\iztzmmpidi.dll
C:\WINDOWS\system32\opnonkJy.dll
C:\WINDOWS\system32\SrqXIkkj.ini
C:\WINDOWS\system32\vqqanrpzpdjshtgd.exe
C:\WINDOWS\uninstall_nmon.vbs
D:\autorun.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\user\Application Data\inst.exe
C:\Documents and Settings\user\g2mdlhlpx.exe
C:\Documents and Settings\user\winlogon.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\btxv15
C:\Temp\epr1
C:\Temp\epr1\K19i.log
C:\temp\tn3
C:\Temp\zpv201
C:\WINDOWS\BM4fc18a60.xml
C:\WINDOWS\dXNlcg
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\atmtd.dll.tmp
C:\WINDOWS\system32\aumsDK18
C:\WINDOWS\system32\byXQigGX.dll
C:\WINDOWS\system32\carH18
C:\WINDOWS\system32\cog1
C:\WINDOWS\system32\cog1\GI410DNGU.exe
C:\WINDOWS\system32\fyrrpjho.ini
C:\WINDOWS\system32\geBtUmKc.dll
C:\WINDOWS\system32\itfoijhh.ini
C:\WINDOWS\system32\itfoijhh.tmp
C:\WINDOWS\system32\iztzmmpidi.dll
C:\WINDOWS\system32\kBin02
C:\WINDOWS\system32\kBin02\kBin022328.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\n32
C:\WINDOWS\system32\n32\netGRU667.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\revs
C:\WINDOWS\system32\revs\EPctver3.exe
C:\WINDOWS\system32\SrqXIkkj.ini
C:\WINDOWS\system32\vqqanrpzpdjshtgd.exe
C:\WINDOWS\system32\XGgiQXyb.ini
C:\WINDOWS\system32\XGgiQXyb.ini2
C:\WINDOWS\system32\xxyxXPjJ.dll
C:\WINDOWS\system32\xxyyaWon.dll
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))
.

2008-07-25 13:03 . 2008-07-25 13:03 <DIR> d-------- C:\Temp\tn3
2008-07-25 13:03 . 2008-07-25 13:03 932 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-07-24 21:55 . 2008-07-24 21:55 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-07-24 21:00 . 2008-07-24 21:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-24 20:44 . 2008-07-24 20:44 86,144 --a------ C:\WINDOWS\system32\drivers\msteee.sys
2008-07-23 06:05 . 2008-07-23 06:05 <DIR> d-------- C:\Deckard
2008-07-18 16:18 . 2008-07-22 12:04 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-07-18 14:21 . 2008-07-18 14:21 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared
2008-07-18 14:20 . 2007-08-09 13:56 69,960 --a------ C:\WINDOWS\Unwash6.exe
2008-07-16 08:12 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-07-15 18:22 . 2008-07-15 18:22 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-15 14:16 . 2008-07-15 14:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Geek Squad
2008-07-15 13:51 . 2008-07-15 13:51 <DIR> d-------- C:\Program Files\Sun
2008-07-14 15:58 . 2008-07-14 15:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-14 15:58 . 2008-07-14 15:58 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-14 09:57 . 2008-07-14 09:57 164 --a------ C:\install.dat
2008-07-13 20:53 . 2008-07-18 14:21 <DIR> d-------- C:\Program Files\Webroot
2008-07-13 20:53 . 2008-07-18 14:21 <DIR> d-------- C:\Documents and Settings\user\Application Data\Webroot
2008-07-13 20:53 . 2008-07-13 20:53 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-13 20:53 . 2008-07-18 14:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-13 20:53 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-13 20:53 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-13 20:53 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-07-13 20:53 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-13 20:53 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-12 08:55 . 2008-07-13 08:02 <DIR> d-------- C:\Program Files\Exterminate It!
2008-07-08 12:11 . 2008-07-08 12:11 <DIR> d-------- C:\WINDOWS\wb
2008-07-08 12:11 . 1996-08-16 12:44 87,552 --a------ C:\WINDOWS\system\url.dll
2008-07-08 12:11 . 1996-09-30 11:32 9,728 --a------ C:\WINDOWS\system\rnaph.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-25 18:12 --------- d-----w C:\Documents and Settings\user\Application Data\mjusbsp
2008-07-25 04:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-16 01:22 --------- d-----w C:\Documents and Settings\user\Application Data\Lavasoft
2008-07-15 20:49 --------- d-----w C:\Program Files\Java
2008-07-10 16:42 --------- d-----w C:\Program Files\Common Files\Scanner
2008-07-10 16:41 --------- d-----w C:\Program Files\Yahoo!
2008-07-10 15:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 21:17 --------- d-----w C:\Program Files\DivX
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-29 01:01 --------- d-----w C:\Program Files\Windows Live
2008-05-27 21:58 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-27 21:57 --------- d-----w C:\Program Files\Windows Live Favorites
2008-05-27 21:53 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-27 21:45 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-27 21:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-26 18:09 --------- d-----w C:\Documents and Settings\user\Application Data\U3
2008-05-17 02:35 90,112 ----a-w C:\WINDOWS\DUMP93b4.tmp
2008-05-08 18:17 61,224 ----a-w C:\Documents and Settings\user\GoToAssistDownloadHelper.exe
2007-12-01 22:16 47,360 ----a-w C:\Documents and Settings\user\Application Data\pcouffin.sys
2005-02-14 17:23 184,680 ----a-w C:\Documents and Settings\user\Application Data\shb.dat
2006-05-05 17:56 152 --sh--r C:\WINDOWS\system32\4FA3CB7A5F.sys
2006-12-22 06:11 328 --sh--r C:\WINDOWS\system32\5F7ACBA34F.sys
2006-12-22 06:11 12,524 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-07-24_20.54.37.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-27 04:55:38 138,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-27 23:16:36 46,864 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
- 2008-07-15 02:22:12 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-07-25 04:03:30 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2008-07-15 02:22:12 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-07-25 04:03:32 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-07-15 02:22:12 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2008-07-25 04:03:31 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2008-07-15 02:22:12 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-07-25 04:03:32 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-07-15 02:22:13 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-07-25 04:03:32 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-07-15 02:22:12 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-07-25 04:03:31 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2008-07-15 02:22:12 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-07-25 04:03:31 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2008-07-15 02:22:12 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-07-25 04:03:31 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2008-07-15 02:22:12 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-07-25 04:03:32 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-07-15 02:22:12 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-07-25 04:03:30 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-07-25 00:21:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-25 18:17:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-25 00:21:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-25 18:17:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-04-01 05:18 160496 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2006-11-30 22:49 4662776]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Google Update"="C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-07-14 08:46 119280]
"cdloader"="C:\Documents and Settings\user\Application Data\mjusbsp\cdloader2.exe" [2008-06-12 12:37 50520]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2007-08-09 13:56 1261384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 00:19 4640768]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14 217088]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 18:34 86960]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
"HostManager"="C:\Program Files\Common Files\AOL\1203613709\ee\AOLSoftware.exe" [2006-09-25 17:52 50736]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-07 03:25 39792]
"YMailAdvisor"="C:\Program Files\Yahoo!\Common\YMailAdvisor.exe" [2008-02-26 09:26 132376]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
YouTube Uploader.lnk - C:\Documents and Settings\user\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [2007-11-09 14:33:08 71152]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 05:33:46 282624]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1203576117\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\AOL 9.0a\\waol.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\user\\Application Data\\mjusbsp\\magicJack.exe"=

R1 msteee;msteee;C:\WINDOWS\system32\drivers\msteee.sys [2008-07-24 20:44]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-08-09 13:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f56723c-e10a-11dc-a958-00038a000015}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-07-23 23:24:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-25 19:41:14 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-07-16 18:38:34 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16
"2008-05-06 04:12:11 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-05-06 04:12:10 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Windows Logon Applicationedc - C:\Documents and Settings\user\winlogon.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 13:04:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\gearsec.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-07-25 13:23:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-25 20:23:26
ComboFix2.txt 2008-07-25 03:56:51

Pre-Run: 114,313,527,296 bytes free
Post-Run: 114,395,308,032 bytes free

276 --- E O F --- 2008-07-25 04:04:11







Deckard's System Scanner v20071014.68
Run by user on 2008-07-25 13:35:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 82% (more than 75%).
Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:35:36 PM, on 7/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\gearsec.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\AOL\1203613709\ee\AOLSoftware.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\LVComsX.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Documents and Settings\user\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://phoenix.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;www.lazyboy.com;;www.msnusers.com;www.lazyboy.com;www.msnusers.com;pcs.adam.com;;localhost;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1203613709\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\user\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\user\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tmi: C:\Program Files\Internet Explorer\PLUGINS\NPTmiPlay.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/games/clients/y/cct0_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0DB0E34A-E2CA-4748-AC02-087E2662CBEA} (DirectPrint.PrintAXView) - http://www.fultonhomes.com/ContractDocs/DirectPrint.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - https://liverep.esignal.com/netagent/objects/custappx3.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {27EB254C-C724-43B1-8DD8-F3AC9ED761B2} (Wavexpress Cab Helper) - http://client2.tvtonic.com/Webservice/Publ...8/TVTStage1.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {40D230B5-7444-441A-9852-F71FB050FA8E} (MozillaPluginHostCtrl Class) - http://www.t-mobilepictures.com/photos/tmi/tmiplugin_ie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v44/bl...x/blockwerx.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132082332484
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast.com/hostClientIE.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://www.visitrenotahoe.com/plan_your_tr.../webcam/AMC.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.techsmith.com/codec/tsccinst.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX28.cab
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://www.webcamcancun.com/WinWebPush.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7C22D9BF-8917-496B-8F4C-BB52C88BF844} (Convergent.LocalAPI) - http://208.34.84.160/intro_volvo/Convergent/VolvoAPI.CAB
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://65.116.147.218/activex/AxisCamControl.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidO...PhotoOnline.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DE3F1566-A06D-11D0-ACD5-00A02417B281} (ApplicationXtender View Control) - http://www.fultonhomes.com/ContractDocs/aexview.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://camera1.jupiterfoundation.org/activex/AMC.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/bingame/rmcb/default/RumbleCube.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8EC24DC-3D6C-486C-873C-4538A9FB304D}: NameServer = 151.164.1.8,206.13.28.12
O18 - Protocol hijack: tv - {9E754710-6158-11D5-B6CE-0050DAAEA668}
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 19988 bytes

-- Files created between 2008-06-25 and 2008-07-25 -----------------------------

2008-07-24 21:55:54 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-07-24 21:55:52 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-07-24 21:55:16 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-07-24 21:55:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-07-24 21:00:17 0 d-------- C:\Program Files\Trend Micro
2008-07-24 20:44:12 86144 --a------ C:\WINDOWS\system32\drivers\msteee.sys
2008-07-24 20:23:52 0 d-------- C:\cmdcons
2008-07-24 20:18:27 68096 --a------ C:\WINDOWS\zip.exe
2008-07-24 20:18:27 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-24 20:18:27 98816 --a------ C:\WINDOWS\sed.exe
2008-07-24 20:18:27 80412 --a------ C:\WINDOWS\grep.exe
2008-07-24 20:18:26 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-24 20:18:26 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-24 20:18:26 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-24 20:18:25 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-18 16:18:36 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-07-18 14:21:28 0 d-------- C:\Program Files\Common Files\Webroot Shared
2008-07-15 18:22:16 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-15 14:16:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Geek Squad
2008-07-15 13:51:15 0 d-------- C:\Program Files\Sun
2008-07-14 12:37:25 0 d--h----- C:\Documents and Settings\LocalService\SendTo
2008-07-14 12:36:20 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-07-14 12:35:58 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-07-14 09:57:06 164 --a------ C:\install.dat
2008-07-13 20:53:37 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-13 20:53:03 0 d-------- C:\Program Files\Webroot
2008-07-13 20:53:03 0 d-------- C:\Documents and Settings\user\Application Data\Webroot
2008-07-13 20:53:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-12 08:55:13 0 d-------- C:\Program Files\Exterminate It!
2008-07-08 12:11:44 0 d-------- C:\WINDOWS\wb
2008-07-08 12:11:44 87552 --a------ C:\WINDOWS\system\url.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-07-08 12:11:44 9728 --a------ C:\WINDOWS\system\rnaph.dll <Not Verified; Microsoft Corporation; Microsoft® Windows™ Operating System>


-- Find3M Report ---------------------------------------------------------------

2008-07-25 13:10:01 116194 --a------ C:\logfile
2008-07-25 12:46:05 0 d-------- C:\Program Files\Common Files
2008-07-25 11:12:25 0 d-------- C:\Documents and Settings\user\Application Data\mjusbsp
2008-07-15 18:22:33 0 d-------- C:\Documents and Settings\user\Application Data\Lavasoft
2008-07-15 13:49:25 0 d-------- C:\Program Files\Java
2008-07-10 09:42:19 0 d-------- C:\Program Files\Common Files\Scanner
2008-07-10 09:41:58 0 d-------- C:\Program Files\Yahoo!
2008-07-10 08:17:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-09 13:45:14 110 --a------ C:\WINDOWS\Victoria
2008-06-25 14:17:31 0 d-------- C:\Program Files\DivX
2008-06-06 11:36:28 0 d-------- C:\Documents and Settings\user\Application Data\Google
2008-05-30 16:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 16:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-28 18:01:08 0 d-------- C:\Program Files\Windows Live
2008-05-27 14:58:20 0 d-------- C:\Program Files\Windows Live Toolbar
2008-05-27 14:57:14 0 d-------- C:\Program Files\Windows Live Favorites
2008-05-27 14:53:21 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-27 14:45:31 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-26 11:09:03 0 d-------- C:\Documents and Settings\user\Application Data\U3
2008-05-22 15:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 15:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 15:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 15:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
04/01/2008 05:18 AM 160496 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [08/04/2004 12:56 AM C:\WINDOWS\system32\rundll32.exe]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [06/08/2005 04:24 PM]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [06/08/2005 04:14 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 06:34 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/20/2006 06:34 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 06:34 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 07:05 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 11:56 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1203613709\ee\AOLSoftware.exe" [09/25/2006 05:52 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/07/2008 03:25 AM]
"YMailAdvisor"="C:\Program Files\Yahoo!\Common\YMailAdvisor.exe" [02/26/2008 09:26 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [11/30/2006 10:49 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"Google Update"="C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [07/14/2008 08:46 AM]
"cdloader"="C:\Documents and Settings\user\Application Data\mjusbsp\cdloader2.exe" [06/12/2008 12:37 PM]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [08/09/2007 01:56 PM]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 10:37 AM]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
YouTube Uploader.lnk - C:\Documents and Settings\user\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [11/9/2007 2:33:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [9/19/2007 5:33:46 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f56723c-e10a-11dc-a958-00038a000015}]
AutoRun\command- D:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-07-25 13:36:30 ------------



Thankyou........

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 25 July 2008 - 04:15 PM

Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.


-----------------------



1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
msteee

Rootkit::
C:\WINDOWS\system32\drivers\core.cache.dsk

File::
C:\WINDOWS\system32\drivers\msteee.sys

Folder::
C:\Temp\tn3

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 kykys

kykys
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 25 July 2008 - 05:39 PM

Thankyou... These are the reports...

ComboFix 08-07-24.1 - user 2008-07-25 14:54:48.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.194 [GMT -7:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\drivers\msteee.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\tn3
C:\WINDOWS\system32\byXNdcCT.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\msteee.sys
C:\WINDOWS\system32\QWwacccf.ini
C:\WINDOWS\system32\QWwacccf.ini2
C:\WINDOWS\system32\urqNEVPg.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSTEEE
-------\Service_msteee


((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))
.

2008-07-25 14:10 . 2008-07-25 14:10 314,880 --a------ C:\WINDOWS\system32\fcccawWQ.dll
2008-07-24 21:55 . 2008-07-24 21:55 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-07-24 21:00 . 2008-07-24 21:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-23 06:05 . 2008-07-23 06:05 <DIR> d-------- C:\Deckard
2008-07-18 16:18 . 2008-07-22 12:04 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-07-18 14:21 . 2008-07-18 14:21 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared
2008-07-18 14:20 . 2007-08-09 13:56 69,960 --a------ C:\WINDOWS\Unwash6.exe
2008-07-16 08:12 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-07-15 18:22 . 2008-07-15 18:22 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-15 14:16 . 2008-07-15 14:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Geek Squad
2008-07-15 13:51 . 2008-07-15 13:51 <DIR> d-------- C:\Program Files\Sun
2008-07-14 15:58 . 2008-07-14 15:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-14 15:58 . 2008-07-14 15:58 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-14 09:57 . 2008-07-14 09:57 164 --a------ C:\install.dat
2008-07-13 20:53 . 2008-07-18 14:21 <DIR> d-------- C:\Program Files\Webroot
2008-07-13 20:53 . 2008-07-18 14:21 <DIR> d-------- C:\Documents and Settings\user\Application Data\Webroot
2008-07-13 20:53 . 2008-07-13 20:53 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-13 20:53 . 2008-07-18 14:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-13 20:53 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-13 20:53 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-13 20:53 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-07-13 20:53 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-13 20:53 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-12 08:55 . 2008-07-13 08:02 <DIR> d-------- C:\Program Files\Exterminate It!
2008-07-08 12:11 . 2008-07-08 12:11 <DIR> d-------- C:\WINDOWS\wb
2008-07-08 12:11 . 1996-08-16 12:44 87,552 --a------ C:\WINDOWS\system\url.dll
2008-07-08 12:11 . 1996-09-30 11:32 9,728 --a------ C:\WINDOWS\system\rnaph.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-25 18:12 --------- d-----w C:\Documents and Settings\user\Application Data\mjusbsp
2008-07-25 04:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-16 01:22 --------- d-----w C:\Documents and Settings\user\Application Data\Lavasoft
2008-07-15 20:49 --------- d-----w C:\Program Files\Java
2008-07-10 16:42 --------- d-----w C:\Program Files\Common Files\Scanner
2008-07-10 16:41 --------- d-----w C:\Program Files\Yahoo!
2008-07-10 15:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 21:17 --------- d-----w C:\Program Files\DivX
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-29 01:01 --------- d-----w C:\Program Files\Windows Live
2008-05-27 21:58 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-27 21:57 --------- d-----w C:\Program Files\Windows Live Favorites
2008-05-27 21:53 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-27 21:45 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-27 21:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-26 18:09 --------- d-----w C:\Documents and Settings\user\Application Data\U3
2008-05-17 02:35 90,112 ----a-w C:\WINDOWS\DUMP93b4.tmp
2008-05-08 18:17 61,224 ----a-w C:\Documents and Settings\user\GoToAssistDownloadHelper.exe
2007-12-01 22:16 47,360 ----a-w C:\Documents and Settings\user\Application Data\pcouffin.sys
2005-02-14 17:23 184,680 ----a-w C:\Documents and Settings\user\Application Data\shb.dat
2006-05-05 17:56 152 --sh--r C:\WINDOWS\system32\4FA3CB7A5F.sys
2006-12-22 06:11 328 --sh--r C:\WINDOWS\system32\5F7ACBA34F.sys
2006-12-22 06:11 12,524 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-07-24_20.54.37.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-27 04:55:38 138,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-27 23:16:36 46,864 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
- 2008-07-15 02:22:12 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-07-25 04:03:30 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2008-07-15 02:22:12 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-07-25 04:03:32 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-07-15 02:22:12 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2008-07-25 04:03:31 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2008-07-15 02:22:12 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-07-25 04:03:32 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-07-15 02:22:13 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-07-25 04:03:32 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-07-15 02:22:12 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-07-25 04:03:31 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2008-07-15 02:22:12 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-07-25 04:03:31 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2008-07-15 02:22:12 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-07-25 04:03:31 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2008-07-15 02:22:12 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-07-25 04:03:32 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-07-15 02:22:12 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-07-25 04:03:30 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-07-25 00:21:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-25 18:17:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-25 00:21:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-25 18:17:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F93909E6-7CC6-4EF3-B494-2E3A793E348D}]
2008-07-25 14:10 314880 --a------ C:\WINDOWS\system32\fcccawWQ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-04-01 05:18 160496 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2006-11-30 22:49 4662776]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Google Update"="C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-07-14 08:46 119280]
"cdloader"="C:\Documents and Settings\user\Application Data\mjusbsp\cdloader2.exe" [2008-06-12 12:37 50520]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2007-08-09 13:56 1261384]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 00:19 4640768]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14 217088]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 18:34 86960]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
"HostManager"="C:\Program Files\Common Files\AOL\1203613709\ee\AOLSoftware.exe" [2006-09-25 17:52 50736]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-07 03:25 39792]
"YMailAdvisor"="C:\Program Files\Yahoo!\Common\YMailAdvisor.exe" [2008-02-26 09:26 132376]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
YouTube Uploader.lnk - C:\Documents and Settings\user\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [2007-11-09 14:33:08 71152]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 05:33:46 282624]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1203576117\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\AOL 9.0a\\waol.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\user\\Application Data\\mjusbsp\\magicJack.exe"=

R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-08-09 13:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f56723c-e10a-11dc-a958-00038a000015}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-07-23 23:24:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-25 21:41:03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-07-16 18:38:34 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16
"2008-05-06 04:12:11 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-05-06 04:12:10 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{7D8299B9-268D-42E9-9D08-54358E6982D4} - C:\WINDOWS\system32\urqNEVPg.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 15:06:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\gearsec.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
.
**************************************************************************
.
Completion time: 2008-07-25 15:30:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-25 22:29:59
ComboFix2.txt 2008-07-25 20:23:33
ComboFix3.txt 2008-07-25 03:56:51

Pre-Run: 114,356,137,984 bytes free
Post-Run: 114,313,687,040 bytes free

234 --- E O F --- 2008-07-25 04:04:11









Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:36:48 PM, on 7/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\AOL\1203613709\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\system32\gearsec.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Documents and Settings\user\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://phoenix.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;www.lazyboy.com;;www.msnusers.com;www.lazyboy.com;www.msnusers.com;pcs.adam.com;;localhost;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F93909E6-7CC6-4EF3-B494-2E3A793E348D} - C:\WINDOWS\system32\fcccawWQ.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1203613709\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\user\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\user\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tmi: C:\Program Files\Internet Explorer\PLUGINS\NPTmiPlay.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/games/clients/y/cct0_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0DB0E34A-E2CA-4748-AC02-087E2662CBEA} (DirectPrint.PrintAXView) - http://www.fultonhomes.com/ContractDocs/DirectPrint.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - https://liverep.esignal.com/netagent/objects/custappx3.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {27EB254C-C724-43B1-8DD8-F3AC9ED761B2} (Wavexpress Cab Helper) - http://client2.tvtonic.com/Webservice/Publ...8/TVTStage1.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {40D230B5-7444-441A-9852-F71FB050FA8E} (MozillaPluginHostCtrl Class) - http://www.t-mobilepictures.com/photos/tmi/tmiplugin_ie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v44/bl...x/blockwerx.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132082332484
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast.com/hostClientIE.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://www.visitrenotahoe.com/plan_your_tr.../webcam/AMC.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.techsmith.com/codec/tsccinst.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX28.cab
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://www.webcamcancun.com/WinWebPush.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7C22D9BF-8917-496B-8F4C-BB52C88BF844} (Convergent.LocalAPI) - http://208.34.84.160/intro_volvo/Convergent/VolvoAPI.CAB
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://65.116.147.218/activex/AxisCamControl.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidO...PhotoOnline.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DE3F1566-A06D-11D0-ACD5-00A02417B281} (ApplicationXtender View Control) - http://www.fultonhomes.com/ContractDocs/aexview.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://camera1.jupiterfoundation.org/activex/AMC.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/bingame/rmcb/default/RumbleCube.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8EC24DC-3D6C-486C-873C-4538A9FB304D}: NameServer = 151.164.1.8,206.13.28.12
O18 - Protocol hijack: tv - {9E754710-6158-11D5-B6CE-0050DAAEA668}
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 20089 bytes

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 25 July 2008 - 05:52 PM

Lets do this..


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




NEXT


Lets run F-Secure online scan for Viruses, Spyware and RootKits:
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
Notes:
  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take several hours, so please be patient




Please post the following logs in your next reply..

1. Malwarebytes'
2. F-Secure Online..
3. A fresh DSS log (after F-Secure Online step)


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 kykys

kykys
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 25 July 2008 - 10:47 PM

Thankyou...These are the results

Malwarebytes' Anti-Malware 1.23
Database version: 993
Windows 5.1.2600 Service Pack 2

5:47:50 PM 7/25/2008
mbam-log-7-25-2008 (17-47-50).txt

Scan type: Full Scan (A:\|C:\|F:\|G:\|H:\|I:\|K:\|L:\|M:\|)
Objects scanned: 132319
Time elapsed: 55 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 12
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 40

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\fcccawWQ.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f93909e6-7cc6-4ef3-b494-2e3a793e348d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f93909e6-7cc6-4ef3-b494-2e3a793e348d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\fcccawWQ.dll (Trojan.BHO) -> Delete on reboot.
C:\QooBox\Quarantine\C\WINDOWS\mrofinu1000106.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\mrofinu1188.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\byXQigGX.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\dultblyv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\geBtUmKc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hgmysuiu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvWpPGW.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vqqanrpzpdjshtgd.exe.vir (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wvUmliJb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\xxyxXPjJ.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\xxyyaWon.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\xxyyxyXP.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\yayvTmnk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\yayxyaxy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\cog1\GI410DNGU.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\kBin02\kBin022328.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\n32\netGRU667.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\revs\EPctver3.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BABF27AF-98B1-46AD-8AEE-3507E0DEE2FA}\RP1\A0001030.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BABF27AF-98B1-46AD-8AEE-3507E0DEE2FA}\RP1\A0001172.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BABF27AF-98B1-46AD-8AEE-3507E0DEE2FA}\RP1\A0001173.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BABF27AF-98B1-46AD-8AEE-3507E0DEE2FA}\RP3\A0001214.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BABF27AF-98B1-46AD-8AEE-3507E0DEE2FA}\RP3\A0001218.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BABF27AF-98B1-46AD-8AEE-3507E0DEE2FA}\RP3\A0001229.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BABF27AF-98B1-46AD-8AEE-3507E0DEE2FA}\RP3\A0001234.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BABF27AF-98B1-46AD-8AEE-3507E0DEE2FA}\RP3\A0001235.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BABF27AF-98B1-46AD-8AEE-3507E0DEE2FA}\RP3\A0001236.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BABF27AF-98B1-46AD-8AEE-3507E0DEE2FA}\RP3\A0001237.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BABF27AF-98B1-46AD-8AEE-3507E0DEE2FA}\RP4\A0001337.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BABF27AF-98B1-46AD-8AEE-3507E0DEE2FA}\RP4\A0001363.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BABF27AF-98B1-46AD-8AEE-3507E0DEE2FA}\RP5\A0001385.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BABF27AF-98B1-46AD-8AEE-3507E0DEE2FA}\RP5\A0001387.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BABF27AF-98B1-46AD-8AEE-3507E0DEE2FA}\RP5\A0001389.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BABF27AF-98B1-46AD-8AEE-3507E0DEE2FA}\RP5\A0001394.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BABF27AF-98B1-46AD-8AEE-3507E0DEE2FA}\RP5\A0001395.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BABF27AF-98B1-46AD-8AEE-3507E0DEE2FA}\RP5\A0001399.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BABF27AF-98B1-46AD-8AEE-3507E0DEE2FA}\RP5\A0001400.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BABF27AF-98B1-46AD-8AEE-3507E0DEE2FA}\RP5\A0001401.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BABF27AF-98B1-46AD-8AEE-3507E0DEE2FA}\RP5\A0001402.dll (Trojan.Vundo) -> Quarantined and deleted successfully.





Scanning Report
Friday, July 25, 2008 18:12:56 - 20:20:47
Computer name: YOUR-PD3MH0ABGS
Scanning type: Scan system for malware, rootkits
Target: C:\


--------------------------------------------------------------------------------

Result: 1 malware found
Tracking Cookie (spyware)
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 66870
System: 5436
Not scanned: 10
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 1
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\TEMP\MCAFEE_8SQIE69UCSMQGGH
C:\WINDOWS\TEMP\MCMSC_CTIUJIRUNMRXXAO
C:\WINDOWS\TEMP\MCMSC_HEM66ESYCP17WI9
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{5F132FE9-BC4A-46AA-87E9-8985C1AA54BA}.BIN

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Hydra: 2.8.8110, 2008-07-25
F-Secure AVP: 7.0.171, 2008-07-25
F-Secure Pegasus: 1.20.0, 2008-04-14
F-Secure Blacklight: 1.0.68
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.






Deckard's System Scanner v20071014.68
Run by user on 2008-07-25 20:22:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 86% (more than 75%).
Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:45 PM, on 7/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\AOL\1203613709\ee\AOLSoftware.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Documents and Settings\user\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\gearsec.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://phoenix.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;www.lazyboy.com;;www.msnusers.com;www.lazyboy.com;www.msnusers.com;pcs.adam.com;;localhost;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1203613709\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\user\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\user\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tmi: C:\Program Files\Internet Explorer\PLUGINS\NPTmiPlay.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/games/clients/y/cct0_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0DB0E34A-E2CA-4748-AC02-087E2662CBEA} (DirectPrint.PrintAXView) - http://www.fultonhomes.com/ContractDocs/DirectPrint.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - https://liverep.esignal.com/netagent/objects/custappx3.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {27EB254C-C724-43B1-8DD8-F3AC9ED761B2} (Wavexpress Cab Helper) - http://client2.tvtonic.com/Webservice/Publ...8/TVTStage1.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {40D230B5-7444-441A-9852-F71FB050FA8E} (MozillaPluginHostCtrl Class) - http://www.t-mobilepictures.com/photos/tmi/tmiplugin_ie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v44/bl...x/blockwerx.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132082332484
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast.com/hostClientIE.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://www.visitrenotahoe.com/plan_your_tr.../webcam/AMC.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.techsmith.com/codec/tsccinst.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX28.cab
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://www.webcamcancun.com/WinWebPush.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7C22D9BF-8917-496B-8F4C-BB52C88BF844} (Convergent.LocalAPI) - http://208.34.84.160/intro_volvo/Convergent/VolvoAPI.CAB
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://65.116.147.218/activex/AxisCamControl.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidO...PhotoOnline.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DE3F1566-A06D-11D0-ACD5-00A02417B281} (ApplicationXtender View Control) - http://www.fultonhomes.com/ContractDocs/aexview.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://camera1.jupiterfoundation.org/activex/AMC.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/bingame/rmcb/default/RumbleCube.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8EC24DC-3D6C-486C-873C-4538A9FB304D}: NameServer = 151.164.1.8,206.13.28.12
O18 - Protocol hijack: tv - {9E754710-6158-11D5-B6CE-0050DAAEA668}
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 20186 bytes

-- Files created between 2008-06-25 and 2008-07-25 -----------------------------

2008-07-25 18:08:40 0 d-------- C:\fsaua.data
2008-07-25 16:29:13 0 d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-07-25 16:28:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-25 16:28:56 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-24 21:55:54 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-07-24 21:55:52 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-07-24 21:55:16 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-07-24 21:55:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-07-24 21:00:17 0 d-------- C:\Program Files\Trend Micro
2008-07-24 20:23:52 0 d-------- C:\cmdcons
2008-07-24 20:18:27 68096 --a------ C:\WINDOWS\zip.exe
2008-07-24 20:18:27 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-24 20:18:27 98816 --a------ C:\WINDOWS\sed.exe
2008-07-24 20:18:27 80412 --a------ C:\WINDOWS\grep.exe
2008-07-24 20:18:26 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-24 20:18:26 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-24 20:18:26 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-24 20:18:25 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-18 16:18:36 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-07-18 14:21:28 0 d-------- C:\Program Files\Common Files\Webroot Shared
2008-07-15 18:22:16 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-15 14:16:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Geek Squad
2008-07-15 13:51:15 0 d-------- C:\Program Files\Sun
2008-07-14 12:37:25 0 d--h----- C:\Documents and Settings\LocalService\SendTo
2008-07-14 12:36:20 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-07-14 12:35:58 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-07-14 09:57:06 164 --a------ C:\install.dat
2008-07-13 20:53:37 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-13 20:53:03 0 d-------- C:\Program Files\Webroot
2008-07-13 20:53:03 0 d-------- C:\Documents and Settings\user\Application Data\Webroot
2008-07-13 20:53:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-12 08:55:13 0 d-------- C:\Program Files\Exterminate It!
2008-07-08 12:11:44 0 d-------- C:\WINDOWS\wb
2008-07-08 12:11:44 87552 --a------ C:\WINDOWS\system\url.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-07-08 12:11:44 9728 --a------ C:\WINDOWS\system\rnaph.dll <Not Verified; Microsoft Corporation; Microsoft® Windows™ Operating System>


-- Find3M Report ---------------------------------------------------------------

2008-07-25 17:52:57 116498 --a------ C:\logfile
2008-07-25 14:58:58 0 d-------- C:\Program Files\Common Files
2008-07-25 11:12:25 0 d-------- C:\Documents and Settings\user\Application Data\mjusbsp
2008-07-15 18:22:33 0 d-------- C:\Documents and Settings\user\Application Data\Lavasoft
2008-07-15 13:49:25 0 d-------- C:\Program Files\Java
2008-07-10 09:42:19 0 d-------- C:\Program Files\Common Files\Scanner
2008-07-10 09:41:58 0 d-------- C:\Program Files\Yahoo!
2008-07-10 08:17:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-09 13:45:14 110 --a------ C:\WINDOWS\Victoria
2008-06-25 14:17:31 0 d-------- C:\Program Files\DivX
2008-06-06 11:36:28 0 d-------- C:\Documents and Settings\user\Application Data\Google
2008-05-30 16:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 16:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-28 18:01:08 0 d-------- C:\Program Files\Windows Live
2008-05-27 14:58:20 0 d-------- C:\Program Files\Windows Live Toolbar
2008-05-27 14:57:14 0 d-------- C:\Program Files\Windows Live Favorites
2008-05-27 14:53:21 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-27 14:45:31 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-26 11:09:03 0 d-------- C:\Documents and Settings\user\Application Data\U3
2008-05-22 15:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 15:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 15:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 15:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
04/01/2008 05:18 AM 160496 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [08/04/2004 12:56 AM C:\WINDOWS\system32\rundll32.exe]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [06/08/2005 04:24 PM]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [06/08/2005 04:14 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 06:34 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/20/2006 06:34 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 06:34 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 07:05 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 11:56 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1203613709\ee\AOLSoftware.exe" [09/25/2006 05:52 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/07/2008 03:25 AM]
"YMailAdvisor"="C:\Program Files\Yahoo!\Common\YMailAdvisor.exe" [02/26/2008 09:26 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [11/30/2006 10:49 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"Google Update"="C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [07/14/2008 08:46 AM]
"cdloader"="C:\Documents and Settings\user\Application Data\mjusbsp\cdloader2.exe" [06/12/2008 12:37 PM]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [08/09/2007 01:56 PM]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 10:37 AM]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
YouTube Uploader.lnk - C:\Documents and Settings\user\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [11/9/2007 2:33:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [9/19/2007 5:33:46 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f56723c-e10a-11dc-a958-00038a000015}]
AutoRun\command- D:\LaunchU3.exe -a

*Newly Created Service* - F-SECURE_STANDALONE_MINIFILTER



-- End of Deckard's System Scanner: finished at 2008-07-25 20:23:37 ------------

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 26 July 2008 - 07:58 AM

Good news.. Your log looks clean to my eyes...


Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Please note that the space between x and / is needed

    Posted Image



NEXT


You already have McAfee SecurityCenter consisting of your Antivirus and Firewall.. Also you have Malwarebytes' as your Antispyware :thumbsup:



To learn more about how to protect yourself while on the internet read this excellent article by Grinler: How did I get infected?, With steps so it does not happen again!

Please also read an excellent article by miekiemoes :Help! My computer is slow!

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 kykys

kykys
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 26 July 2008 - 12:07 PM

Thankyou very much!!! You know I ran Yahoo Anty-Spy the one in the toolbar and it said that there is a Bifrost (Backdoor) I did Delete but in the next scan it came out againg... Do you know what this is? and is this a virus? well I ran malwarebytes and it didn't find anything..... The computer seems to be working fine... Thankyou , Have a nice day!

Edited by kykys, 26 July 2008 - 12:33 PM.


#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 26 July 2008 - 12:37 PM

Thankyou very much!!! You know I ran Yahoo Anty-Spy the one in the toolbar and it said that there is a Bifrost (Backdoor) I did Delete but in the next scan it came out againg... Do you know what this is? and is this a virus? well I ran malwarebytes and it didn't find anything..... The computer seems to be working fine... Thankyou , Have a nice day!



Where is the exact location of the Bitfrost?

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 kykys

kykys
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 26 July 2008 - 01:28 PM

hkey_current_user \software\wget

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 26 July 2008 - 06:47 PM

Please go to Start >> Run >> Copy/Paste command below >> Press Enter

REGEDIT /E "%USERPROFILE%\Desktop\result.txt" "hkey_current_user\software\wget"

A new textfile result.txt will be created on your Desktop. Please post its content in your next reply..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 kykys

kykys
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 26 July 2008 - 11:57 PM

Thankyou this is the result.....



Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\software\wget]




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users