Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud-c. possibly other


  • This topic is locked This topic is locked
13 replies to this topic

#1 dlupin

dlupin

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 14 October 2008 - 12:04 PM

Hello,

My pc is infected with malware, spybot has detected smitfraud and others but I catnt get it working again.
symptoms are Windows automatic update can not be switched on and alert icon appears on bootom left bar at startuo;
as well as random windows popping up in explorer both about m is infected, scan etc. and advertisements

Thanks for your help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:59:04 PM, on 10/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA889] command /c del "C:\WINDOWS\FVProtect.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8948] command /c del "C:\WINDOWS\userconfig9x.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6415] cmd /c del "C:\WINDOWS\userconfig9x.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1962] command /c del "C:\WINDOWS\zip1.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingC271] cmd /c del "C:\WINDOWS\zip1.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1178] command /c del "C:\WINDOWS\zip2.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6221] cmd /c del "C:\WINDOWS\zip2.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1425] command /c del "C:\WINDOWS\zip3.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingC319] cmd /c del "C:\WINDOWS\zip3.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9409] command /c del "C:\WINDOWS\zipped.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5304] command /c del "C:\WINDOWS\iTunesMusic.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3703] cmd /c del "C:\WINDOWS\iTunesMusic.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9927] command /c del "C:\WINDOWS\winsystem.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC141] cmd /c del "C:\WINDOWS\winsystem.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9618] command /c del "C:\WINDOWS\a.bat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC997] cmd /c del "C:\WINDOWS\a.bat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2486] command /c del "C:\WINDOWS\base64.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4227] cmd /c del "C:\WINDOWS\base64.tmp"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8628] command /c del "C:\WINDOWS\userconfig9x.dll"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.antispyexpert.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.spyguardpro.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.antispyexpert.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.spyguardpro.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1223925902781
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15106/CTPID.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: qhxmnx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13797 bytes

BC AdBot (Login to Remove)

 


#2 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:09:21 PM

Posted 15 October 2008 - 08:55 AM

Hello dlupin,

My name is Mas_pogi(mark,mp) and I will be helping you with your Malware problem.
As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

If you still need help, please follow the instructions below;
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Post it, do not attach them.

With Regards,
mas_pogi

#3 dlupin

dlupin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 15 October 2008 - 02:17 PM

info.txt logfile of random's system information tool 1.04 2008-10-15 18:24:42

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1B8CBC-9118-11D7-86D3-00055DF3561E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83021AC3-086F-4B77-ACCD-1BD7C9AB211E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A99CB37-AEB0-492F-A85A-8A2536D22393}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ivx D4 4.5 (remove only)-->"C:\Program Files\3ivx\3ivx D4 4.5\uninstall.exe"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Agere Systems PCI Soft Modem-->agrsmdel
Citrix Presentation Server Client - Web Only-->MsiExec.exe /X{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}
Creative Media Lite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A99CB37-AEB0-492F-A85A-8A2536D22393}\setup.exe" -l0x9 /remove
Creative ZEN Stone Plus User's Guide-->"C:\Program Files\Creative\Creative ZEN Stone Plus\UGRemove.exe" /Product_Name:ZENStonePlusUG
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
eMule-->"C:\Program Files\eMule\Uninstall.exe"
EPSON CardMonitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\SETUP.EXE" -l0x9 uninst
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\Setup.exe" -l0x9 -UnInstall
EPSON PhotoQuicker3.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\SETUP.EXE" -l0x9 uninst
EPSON PhotoStarter3.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C48817E7-AA05-4151-A99D-1E1E550CE801}\SETUP.EXE" -l0x9 uninst
EPSON PRINT Image Framer Tool2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59ED4-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x9 anything
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Smart Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x9 Uninstall
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESPRX420 Reference Guide-->C:\Program Files\EPSON\TPMANUAL\ESPRX420\REF_G\DOCUNINS.EXE
ESPRX420 Software Guide-->C:\Program Files\EPSON\TPMANUAL\ESPRX420\PQU_G\DOCUNINS.EXE
FileASSASSIN-->C:\Program Files\FileASSASSIN\uninst.exe
Free FLV Converter V 5.6-->"C:\Program Files\Free FLV Converter\unins000.exe"
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Pinyin IME-->"C:\Program Files\Google\Google Pinyin\Uninstall.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_FE4264652A965D92.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
GrabPro - Toolbar-->regsvr32 /u /s "C:\Program Files\Orbitdownloader\GrabPro.dll"
Help and Support Additions-->WScript.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\eHelpSetup.jse eHelpUninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Image Zone 4.8.6-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.8.6-->C:\Program Files\HP\Digital Imaging\{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Photosmart Cameras 4.5-->C:\Program Files\HP\Digital Imaging\{ABA2B37F-AB88-486e-870A-52454A23FEE0}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
HPIZplus450-->MsiExec.exe /X{0E484A60-A429-49A8-982C-D6475F1E80A9}
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java™ 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
MotoGP 2007-->"C:\Program Files\THQ\MotoGP 2007\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenOffice.org 2.4-->MsiExec.exe /I{2CD2C0DB-81C3-416B-9FA6-589B9235359B}
Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"
PC-Doctor for Windows-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{19C989C4-50AE-43A4-B06E-8C70FFFF852F} /l1033
PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\SETUP.EXE" -l0x9
Photosmart 320,370,7400,8100,8400 Series-->C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
PIF DESIGNER2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}\SETUP.EXE" -l0x9 anything
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove Microsoft Works 8.0 installer-->c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Works_8\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\SETUP.EXE" ADDREMOVEDLG
SnagIt 7-->MsiExec.exe /I{4360BB46-507E-4361-8DCB-4FF9BDC9907B}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StreamerOne beta 0.5-->"C:\Program Files\StreamerOne\uninstall.exe"
UUSee 播放插件基础包 4.8.306.18-->C:\Program Files\Common Files\uusee\uninst.exe
UUSee 网络电视 [4.8.307.11]-->C:\Program Files\uusee\uninstuusee.exe
VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888239-->C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
ZipGenius 6 (6.0.3.1150)-->"C:\Program Files\ZipGenius 6\unins000.exe"
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall
FW: ZoneAlarm Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\;C:\Program Files\ZipGenius 6\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=2701
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"tvdumpflags"=8

-----------------EOF-----------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Owner at 2008-10-15 18:38:50
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 9 GB (4%) free of 232 GB
Total RAM: 1022 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:57 PM, on 10/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\HP_Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2CCA426D-09E3-4C33-AF24-AF6BD55348F4} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {9E91EF7B-6846-45C3-A8AB-67CF7C900783} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {E38BDF08-B44A-4273-88EA-8BFA8C1045D6} - C:\WINDOWS\system32\hgGxULcB.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA889] command /c del "C:\WINDOWS\FVProtect.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8948] command /c del "C:\WINDOWS\userconfig9x.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6415] cmd /c del "C:\WINDOWS\userconfig9x.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1962] command /c del "C:\WINDOWS\zip1.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingC271] cmd /c del "C:\WINDOWS\zip1.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1178] command /c del "C:\WINDOWS\zip2.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6221] cmd /c del "C:\WINDOWS\zip2.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1425] command /c del "C:\WINDOWS\zip3.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingC319] cmd /c del "C:\WINDOWS\zip3.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9409] command /c del "C:\WINDOWS\zipped.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5304] command /c del "C:\WINDOWS\iTunesMusic.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3703] cmd /c del "C:\WINDOWS\iTunesMusic.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9927] command /c del "C:\WINDOWS\winsystem.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC141] cmd /c del "C:\WINDOWS\winsystem.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9618] command /c del "C:\WINDOWS\a.bat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC997] cmd /c del "C:\WINDOWS\a.bat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2486] command /c del "C:\WINDOWS\base64.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4227] cmd /c del "C:\WINDOWS\base64.tmp"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8628] command /c del "C:\WINDOWS\userconfig9x.dll"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.antispyexpert.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.spyguardpro.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.antispyexpert.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.spyguardpro.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1223925902781
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15106/CTPID.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: qhxmnx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 15167 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\mkcbcoax.job
C:\WINDOWS\tasks\Norton Security Scan.job
C:\WINDOWS\tasks\oyxqygbo.job
C:\WINDOWS\tasks\reyfoftw.job
C:\WINDOWS\tasks\tdbiohew.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
HelperObject Class - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll [2005-10-14 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2CCA426D-09E3-4C33-AF24-AF6BD55348F4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E91EF7B-6846-45C3-A8AB-67CF7C900783}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-09-23 193136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll [2008-09-23 651760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38BDF08-B44A-4273-88EA-8BFA8C1045D6}]
C:\WINDOWS\system32\hgGxULcB.dll [2008-10-12 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP view - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21 98304]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-09-23 193136]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2008-09-17 433272]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll [2005-10-14 131072]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"HPHUPD06"=c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [2004-06-07 49152]
"HPHmon06"=C:\WINDOWS\system32\hphmon06.exe [2004-06-07 659456]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-01-02 180269]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2004-10-14 278528]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"PS2"=C:\WINDOWS\system32\ps2.exe [2004-10-25 90112]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2008-07-11 641208]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2008-06-13 1176808]
"McAfee Backup"=C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe [2008-07-10 5129504]
"EPSON Stylus Photo RX420 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE [2004-04-09 98304]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-01-02 98304]
"Google IME Autoupdater"=C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe [2008-08-05 308720]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA889"=command /c del C:\WINDOWS\FVProtect.exe []
"SpybotDeletingA8948"=command /c del C:\WINDOWS\userconfig9x.dll []
"SpybotDeletingC6415"=cmd /c del C:\WINDOWS\userconfig9x.dll []
"SpybotDeletingA1962"=command /c del C:\WINDOWS\zip1.tmp []
"SpybotDeletingC271"=cmd /c del C:\WINDOWS\zip1.tmp []
"SpybotDeletingA1178"=command /c del C:\WINDOWS\zip2.tmp []
"SpybotDeletingC6221"=cmd /c del C:\WINDOWS\zip2.tmp []
"SpybotDeletingA1425"=command /c del C:\WINDOWS\zip3.tmp []
"SpybotDeletingC319"=cmd /c del C:\WINDOWS\zip3.tmp []
"SpybotDeletingA9409"=command /c del C:\WINDOWS\zipped.tmp []
"SpybotDeletingA5304"=command /c del C:\WINDOWS\iTunesMusic.exe []
"SpybotDeletingC3703"=cmd /c del C:\WINDOWS\iTunesMusic.exe []
"SpybotDeletingA9927"=command /c del C:\WINDOWS\winsystem.exe []
"SpybotDeletingC141"=cmd /c del C:\WINDOWS\winsystem.exe []
"SpybotDeletingA9618"=command /c del C:\WINDOWS\a.bat []
"SpybotDeletingC997"=cmd /c del C:\WINDOWS\a.bat []
"SpybotDeletingA2486"=command /c del C:\WINDOWS\base64.tmp []
"SpybotDeletingC4227"=cmd /c del C:\WINDOWS\base64.tmp []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"CTZDetec.exe"=C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe [2007-12-18 401408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB8628"=command /c del C:\WINDOWS\userconfig9x.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UUSEE]
C:\Program Files\uusee\UUSeePlayer.exe [2008-03-20 976136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
C:\PROGRA~1\ORBITD~1\orbitdm.exe [2008-09-17 1707208]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="qhxmnx.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\hgGxULcB

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Program Files\uusee\UUSeePlayer.exe"="C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======List of files/folders created in the last 3 months======

2008-10-15 18:24:20 ----D---- C:\rsit
2008-10-14 17:54:32 ----ASH---- C:\WINDOWS\system32\pmnkIApo.dll
2008-10-14 17:41:32 ----A---- C:\WINDOWS\system32\qhxmnx.dll
2008-10-14 17:41:29 ----A---- C:\WINDOWS\system32\gmpotrfl.dll
2008-10-14 17:39:01 ----SH---- C:\WINDOWS\system32\pdmsfyad.ini
2008-10-14 17:38:55 ----A---- C:\WINDOWS\system32\dayfsmdp.dll
2008-10-14 16:50:32 ----ASH---- C:\WINDOWS\system32\opnmJCUo.dll
2008-10-14 00:02:19 ----ASH---- C:\WINDOWS\system32\khfFYRlm.dll
2008-10-13 23:23:50 ----ASH---- C:\WINDOWS\system32\urqOIxUk.dll
2008-10-13 23:08:46 ----A---- C:\WINDOWS\wininit.ini
2008-10-13 21:01:07 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-13 20:26:57 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-13 20:09:19 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-10-13 20:05:35 ----D---- C:\Program Files\FileASSASSIN
2008-10-13 20:03:41 ----D---- C:\Program Files\Trend Micro
2008-10-13 16:52:10 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-10-13 16:51:50 ----A---- C:\WINDOWS\zllsputility.exe
2008-10-13 16:51:49 ----A---- C:\WINDOWS\system32\SpOrder.dll
2008-10-13 16:51:27 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-10-13 16:51:27 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2008-10-13 16:51:24 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-10-13 16:51:24 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-10-13 16:51:17 ----A---- C:\WINDOWS\system32\vswmi.dll
2008-10-13 16:51:16 ----A---- C:\WINDOWS\system32\zpeng24.dll
2008-10-13 16:51:15 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-10-13 16:51:13 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-10-13 16:51:12 ----A---- C:\WINDOWS\system32\vspubapi.dll
2008-10-13 16:51:12 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2008-10-13 16:49:37 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-10-13 16:49:37 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-10-13 16:49:36 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-10-13 11:25:34 ----D---- C:\Program Files\Zone Labs
2008-10-12 01:22:37 ----A---- C:\WINDOWS\system32\fbf1810e-.txt
2008-10-12 01:21:39 ----ASH---- C:\WINDOWS\system32\BcLUxGgh.ini2
2008-10-12 01:21:38 ----ASH---- C:\WINDOWS\system32\BcLUxGgh.ini
2008-10-12 01:21:33 ----N---- C:\WINDOWS\system32\hgGxULcB.dll
2008-10-11 23:58:07 ----ASH---- C:\WINDOWS\system32\urqNFwTL.dll
2008-10-09 18:13:47 ----D---- C:\Documents and Settings\HP_Owner\Application Data\OpenOffice.org2
2008-10-09 17:04:21 ----D---- C:\Program Files\OpenOffice.org 2.4
2008-10-09 17:04:01 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-09 17:04:01 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-09 17:04:01 ----A---- C:\WINDOWS\system32\java.exe
2008-10-04 15:35:28 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Sun
2008-09-27 23:57:51 ----D---- C:\WINDOWS\system32\FxsTmp
2008-09-25 23:53:24 ----D---- C:\WINDOWS\Prefetch
2008-09-25 23:11:15 ----DC---- C:\WINDOWS\$NtUninstallKB938464$(2)
2008-09-25 23:07:33 ----D---- C:\WINDOWS\system32\en-us
2008-09-25 23:07:32 ----D---- C:\WINDOWS\system32\scripting
2008-09-25 22:43:42 ----A---- C:\WINDOWS\005387_.tmp
2008-09-25 22:20:15 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-09-25 22:20:15 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-09-25 22:20:14 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-09-25 22:20:14 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-09-25 20:26:56 ----D---- C:\Program Files\3ivx
2008-09-24 21:29:50 ----D---- C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2008-09-24 20:29:09 ----A---- C:\WINDOWS\struct~.ini
2008-09-24 20:18:02 ----D---- C:\Program Files\uusee
2008-09-24 19:30:37 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-09-24 19:30:37 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-09-24 19:30:37 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-09-24 19:30:33 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-09-24 19:30:33 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-09-24 19:30:33 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-09-24 19:30:32 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-09-24 19:30:32 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-09-24 19:30:32 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-09-24 19:30:32 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-09-24 19:30:32 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-09-24 19:30:31 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-09-24 19:30:31 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-09-24 19:30:31 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-09-24 19:30:22 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-09-24 19:30:21 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-09-24 19:30:21 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-09-24 19:30:21 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-09-24 19:30:20 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-09-24 19:30:20 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-09-24 19:30:20 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-09-24 19:30:19 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-09-24 19:30:19 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-09-24 19:30:17 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-09-24 19:02:38 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-09-24 19:02:37 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-09-24 17:54:04 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Adobe
2008-09-24 16:12:52 ----A---- C:\WINDOWS\system32\Epcmlib.dll
2008-09-24 16:10:16 ----A---- C:\WINDOWS\system32\epDPE.ini
2008-09-24 16:09:41 ----A---- C:\WINDOWS\system32\PICSDK.ini
2008-09-24 16:09:41 ----A---- C:\WINDOWS\system32\PICSDK.dll
2008-09-24 16:09:41 ----A---- C:\WINDOWS\system32\EpPicPrt.dll
2008-09-24 16:09:40 ----A---- C:\WINDOWS\system32\EPPicMgr.dll
2008-09-24 16:08:03 ----A---- C:\WINDOWS\system32\escwiadn.dll
2008-09-24 16:08:03 ----A---- C:\WINDOWS\system32\esccmd.dll
2008-09-24 16:08:02 ----A---- C:\WINDOWS\system32\escimgd.dll
2008-09-24 15:46:06 ----D---- C:\Program Files\TechSmith
2008-09-24 15:41:11 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-24 15:37:04 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Help
2008-09-24 15:34:53 ----D---- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-09-24 15:34:08 ----D---- C:\Documents and Settings\HP_Owner\Application Data\GRETECH
2008-09-24 15:33:55 ----D---- C:\Program Files\GRETECH
2008-09-24 14:18:10 ----A---- C:\WINDOWS\system32\TubeFinder.exe
2008-09-24 14:18:09 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
2008-09-24 14:18:09 ----A---- C:\WINDOWS\system32\VB6FR.DLL
2008-09-24 14:18:09 ----A---- C:\WINDOWS\system32\PCCLPFR.DLL
2008-09-24 14:18:08 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL
2008-09-24 14:18:08 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL
2008-09-24 14:18:07 ----D---- C:\Program Files\Free FLV Converter
2008-09-24 01:04:16 ----A---- C:\CTSUFile.txt
2008-09-23 23:38:56 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Creative
2008-09-23 23:12:40 ----D---- C:\Documents and Settings\HP_Owner\Application Data\ZipGenius
2008-09-23 22:49:15 ----D---- C:\Documents and Settings\HP_Owner\Application Data\GrabPro
2008-09-23 22:49:12 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Orbit
2008-09-23 22:49:09 ----D---- C:\Program Files\Orbitdownloader
2008-09-23 22:46:00 ----A---- C:\WINDOWS\system32\ftlx041e.dll
2008-09-23 22:34:29 ----D---- C:\Program Files\DAEMON Tools Lite
2008-09-23 22:30:01 ----D---- C:\Documents and Settings\HP_Owner\Application Data\DAEMON Tools
2008-09-23 17:22:04 ----D---- C:\Documents and Settings\All Users\Application Data\Creative
2008-09-23 17:22:03 ----N---- C:\WINDOWS\Ctregrun.exe
2008-09-23 17:21:57 ----A---- C:\WINDOWS\system32\CTSVCCTL.EXE
2008-09-23 17:21:57 ----A---- C:\WINDOWS\system32\CTSVCCDA.EXE
2008-09-23 17:21:53 ----D---- C:\Program Files\Creative
2008-09-23 17:13:28 ----D---- C:\Documents and Settings\HP_Owner\Application Data\ICAClient
2008-09-23 17:03:47 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Google
2008-09-23 15:33:51 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Sonic
2008-09-23 15:33:35 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Leadertech
2008-09-23 15:03:52 ----RSHD---- C:\cmdcons
2008-09-23 14:56:10 ----A---- C:\WINDOWS\system32\LuResult.txt
2008-09-23 14:33:02 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Macromedia
2008-09-23 14:24:54 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-09-23 14:24:07 ----ASH---- C:\Documents and Settings\HP_Owner\Application Data\desktop.ini
2008-09-23 14:24:04 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Identities
2008-09-23 14:24:04 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2008-09-23 14:24:03 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Symantec
2008-09-23 14:24:03 ----D---- C:\Documents and Settings\HP_Owner\Application Data\SampleView
2008-09-23 14:24:03 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Real
2008-09-23 14:24:03 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Microsoft
2008-09-22 22:34:23 ----D---- C:\Program Files\gblyerd
2008-09-10 11:16:42 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 11:15:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-07 18:38:03 ----DC---- C:\WINDOWS\$NtUninstallKB953838$(3)
2008-09-07 18:37:56 ----DC---- C:\WINDOWS\$NtUninstallKB952954$(3)
2008-09-07 18:37:50 ----DC---- C:\WINDOWS\$NtUninstallKB952287$(3)
2008-09-07 18:37:42 ----DC---- C:\WINDOWS\$NtUninstallKB951748$(3)
2008-09-07 18:37:34 ----DC---- C:\WINDOWS\$NtUninstallKB951698$(3)
2008-09-07 18:37:28 ----DC---- C:\WINDOWS\$NtUninstallKB951376-v2$(3)
2008-09-07 18:37:22 ----DC---- C:\WINDOWS\$NtUninstallKB951376$(3)
2008-09-07 18:37:14 ----DC---- C:\WINDOWS\$NtUninstallKB951066$(3)
2008-09-07 18:37:07 ----DC---- C:\WINDOWS\$NtUninstallKB950974$(3)
2008-09-07 18:37:01 ----DC---- C:\WINDOWS\$NtUninstallKB950762$(3)
2008-09-07 18:36:51 ----DC---- C:\WINDOWS\$NtUninstallKB950759$(3)
2008-09-07 18:36:45 ----DC---- C:\WINDOWS\$NtUninstallKB946648$(3)
2008-09-07 16:14:25 ----D---- C:\Runtime
2008-09-05 21:50:41 ----D---- C:\Program Files\VideoLAN
2008-09-05 21:50:37 ----D---- C:\Program Files\StreamerOne
2008-09-05 16:35:20 ----D---- C:\WINDOWS\pss
2008-09-03 16:03:43 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-03 15:15:36 ----DC---- C:\WINDOWS\$NtUninstallKB953838$(2)
2008-09-03 15:15:29 ----DC---- C:\WINDOWS\$NtUninstallKB952954$(2)
2008-09-03 15:15:21 ----DC---- C:\WINDOWS\$NtUninstallKB952287$(2)
2008-09-03 15:15:13 ----DC---- C:\WINDOWS\$NtUninstallKB951748$(2)
2008-09-03 15:15:07 ----DC---- C:\WINDOWS\$NtUninstallKB951698$(2)
2008-09-03 15:14:57 ----DC---- C:\WINDOWS\$NtUninstallKB951376-v2$(2)
2008-09-03 15:14:46 ----DC---- C:\WINDOWS\$NtUninstallKB951376$(2)
2008-09-03 15:14:37 ----DC---- C:\WINDOWS\$NtUninstallKB951066$(2)
2008-09-03 15:14:30 ----DC---- C:\WINDOWS\$NtUninstallKB950974$(2)
2008-09-03 15:14:23 ----DC---- C:\WINDOWS\$NtUninstallKB950762$(2)
2008-09-03 15:14:14 ----DC---- C:\WINDOWS\$NtUninstallKB950759$(2)
2008-09-03 15:14:06 ----DC---- C:\WINDOWS\$NtUninstallKB946648$(2)
2008-09-03 15:09:06 ----D---- C:\WINDOWS\l2schemas
2008-09-03 15:05:32 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-03 15:02:19 ----D---- C:\WINDOWS\network diagnostic
2008-09-03 14:54:42 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-03 14:43:46 ----A---- C:\WINDOWS\005603_.tmp
2008-09-03 14:43:46 ----A---- C:\WINDOWS\002819_.tmp
2008-09-03 00:14:10 ----D---- C:\Program Files\File Shredder
2008-09-01 03:10:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-01 03:10:13 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-01 03:10:06 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-01 03:09:57 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-01 03:08:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-09-01 03:08:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-01 03:08:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-01 03:06:48 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-09-01 03:06:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-31 17:14:15 ----A---- C:\WINDOWS\Cbplot.INI

======List of files/folders modified in the last 3 months======

2008-10-15 18:38:51 ----D---- C:\WINDOWS\Temp
2008-10-15 18:38:44 ----D---- C:\WINDOWS\Internet Logs
2008-10-15 18:35:42 ----D---- C:\WINDOWS
2008-10-15 18:30:30 ----D---- C:\WINDOWS\system32
2008-10-15 18:19:24 ----SHD---- C:\WINDOWS\Installer
2008-10-14 21:35:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-14 21:13:30 ----D---- C:\Downloads
2008-10-14 17:54:33 ----D---- C:\WINDOWS\Tasks
2008-10-14 17:52:38 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-14 17:04:34 ----D---- C:\WINDOWS\system32\dllcache
2008-10-13 23:07:06 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-13 22:15:08 ----D---- C:\Program Files
2008-10-13 20:27:10 ----HD---- C:\WINDOWS\inf
2008-10-13 20:25:26 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-13 20:25:23 ----D---- C:\WINDOWS\Downloaded Program Files
2008-10-13 20:19:53 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-13 16:58:23 ----D---- C:\WINDOWS\system32\drivers
2008-10-12 18:49:11 ----D---- C:\Program Files\Lavasoft
2008-10-12 18:49:10 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-11 23:51:52 ----D---- C:\WINDOWS\Registration
2008-10-11 19:17:55 ----D---- C:\Program Files\eMule
2008-10-09 17:04:24 ----RSD---- C:\WINDOWS\Fonts
2008-10-09 17:03:59 ----D---- C:\Program Files\Java
2008-10-08 21:42:26 ----A---- C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt
2008-09-30 17:42:57 ----D---- C:\Program Files\McAfee
2008-09-29 18:51:46 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-27 23:59:50 ----D---- C:\WINDOWS\system32\config
2008-09-27 23:59:35 ----D---- C:\WINDOWS\system32\wbem
2008-09-27 23:57:54 ----D---- C:\WINDOWS\Help
2008-09-27 23:57:53 ----D---- C:\Program Files\Windows NT
2008-09-27 23:40:39 ----D---- C:\WINDOWS\Cursors
2008-09-27 23:39:46 ----D---- C:\WINDOWS\addins
2008-09-27 23:34:29 ----D---- C:\Program Files\Google
2008-09-27 23:34:29 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-09-25 23:52:51 ----D---- C:\WINDOWS\WinSxS
2008-09-25 23:52:51 ----D---- C:\WINDOWS\AppPatch
2008-09-25 23:48:26 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-09-25 23:32:36 ----D---- C:\WINDOWS\system32\usmt
2008-09-25 23:32:36 ----D---- C:\WINDOWS\system
2008-09-25 23:32:32 ----D---- C:\WINDOWS\system32\oobe
2008-09-25 23:32:26 ----D---- C:\WINDOWS\system32\Setup
2008-09-25 23:31:57 ----D---- C:\Program Files\Common Files\System
2008-09-25 23:31:54 ----D---- C:\Program Files\Outlook Express
2008-09-25 23:31:44 ----D---- C:\Program Files\Windows Media Player
2008-09-25 23:31:40 ----D---- C:\WINDOWS\system32\Com
2008-09-25 23:31:40 ----D---- C:\Program Files\NetMeeting
2008-09-25 23:31:08 ----D---- C:\WINDOWS\ime
2008-09-25 23:31:03 ----D---- C:\WINDOWS\srchasst
2008-09-25 23:30:53 ----D---- C:\WINDOWS\msagent
2008-09-25 23:30:50 ----D---- C:\WINDOWS\system32\npp
2008-09-25 23:30:49 ----D---- C:\WINDOWS\system32\Restore
2008-09-25 23:30:49 ----D---- C:\Program Files\Internet Explorer
2008-09-25 23:30:41 ----D---- C:\Program Files\Movie Maker
2008-09-25 23:29:21 ----D---- C:\WINDOWS\PeerNet
2008-09-25 23:28:31 ----D---- C:\Program Files\Messenger
2008-09-25 23:21:02 ----A---- C:\WINDOWS\setuplog.txt
2008-09-25 23:16:02 ----D---- C:\WINDOWS\security
2008-09-25 23:11:19 ----A---- C:\WINDOWS\imsins.BAK
2008-09-25 23:07:31 ----AD---- C:\WINDOWS\system32\en
2008-09-25 21:41:19 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-25 20:26:59 ----D---- C:\WINDOWS\system32\QuickTime
2008-09-25 13:29:11 ----RASH---- C:\boot.ini
2008-09-25 13:29:11 ----A---- C:\WINDOWS\win.ini
2008-09-25 13:29:11 ----A---- C:\WINDOWS\system.ini
2008-09-24 21:48:21 ----D---- C:\Program Files\THQ
2008-09-24 21:38:28 ----D---- C:\Program Files\Common Files\uusee
2008-09-24 21:38:01 ----D---- C:\WINDOWS\nview
2008-09-24 21:35:11 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-24 19:30:38 ----D---- C:\WINDOWS\system32\DirectX
2008-09-24 16:13:14 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-24 16:11:46 ----D---- C:\Program Files\Smart Panel
2008-09-24 16:09:15 ----A---- C:\WINDOWS\EPSTPLOG.TXT
2008-09-24 16:06:57 ----AC---- C:\WINDOWS\epsswt_log.txt
2008-09-24 15:41:11 ----D---- C:\Program Files\Common Files
2008-09-24 14:09:15 ----A---- C:\WINDOWS\cdplayer.ini
2008-09-24 11:02:25 ----AC---- C:\WINDOWS\ODBC.INI
2008-09-24 11:01:11 ----D---- C:\WINDOWS\SHELLNEW
2008-09-23 23:14:56 ----D---- C:\Program Files\ZipGenius 6
2008-09-23 22:11:54 ----D---- C:\WINDOWS\I386
2008-09-23 22:10:01 ----D---- C:\Program Files\Common Files\Services
2008-09-23 22:09:46 ----D---- C:\WINDOWS\system32\ras
2008-09-23 22:09:27 ----D---- C:\WINDOWS\system32\icsxml
2008-09-23 22:09:27 ----D---- C:\WINDOWS\system32\ias
2008-09-23 22:08:02 ----RD---- C:\WINDOWS\Web
2008-09-23 22:07:55 ----D---- C:\WINDOWS\Media
2008-09-23 22:07:39 ----AHDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-09-23 22:07:39 ----AHDC---- C:\WINDOWS\$NtUninstallKB890175$
2008-09-23 22:07:39 ----AHDC---- C:\WINDOWS\$NtUninstallKB888239$
2008-09-23 22:07:39 ----AHDC---- C:\WINDOWS\$NtUninstallKB888113$
2008-09-23 22:07:39 ----AHDC---- C:\WINDOWS\$NtUninstallKB887742$
2008-09-23 22:07:39 ----AHDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-09-23 22:07:39 ----AHDC---- C:\WINDOWS\$NtUninstallKB885835$
2008-09-23 22:07:38 ----AHDC---- C:\WINDOWS\$NtUninstallKB885250$
2008-09-23 22:07:38 ----AHDC---- C:\WINDOWS\$NtUninstallKB883667$
2008-09-23 22:07:38 ----AHDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-09-23 22:07:38 ----AHDC---- C:\WINDOWS\$NtUninstallKB867282$
2008-09-23 22:07:25 ----RSD---- C:\WINDOWS\assembly
2008-09-23 15:24:01 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-23 15:03:52 ----AC---- C:\WINDOWS\UPGRADE.TXT
2008-09-23 15:03:49 ----D---- C:\WINDOWS\setup.pss
2008-09-23 15:02:24 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-09-23 15:02:24 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-23 15:00:15 ----SHD---- C:\RECYCLER
2008-09-23 14:29:18 ----D---- C:\Program Files\Easy Internet signup
2008-09-23 14:26:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-23 14:24:02 ----D---- C:\Documents and Settings
2008-09-23 14:22:37 ----D---- C:\sysprep
2008-09-23 14:22:32 ----HD---- C:\hp
2008-09-23 14:22:02 ----RASH---- C:\BOOT.BAK
2008-09-23 11:31:04 ----D---- C:\Program Files\SpeedBit Video Accelerator
2008-09-22 23:34:49 ----D---- C:\USERDATA
2008-09-22 23:20:51 ----SHD---- C:\System Volume Information
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-06-27 207656]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-06-02 120136]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-06-27 79240]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-06-27 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2008-06-27 40488]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S3 avqfwm5x;avqfwm5x; C:\WINDOWS\system32\drivers\avqfwm5x.sys []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2008-06-20 34152]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys [2005-01-19 12416]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-12 611664]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 CTDevice_Srv;CT Device Query service; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [2007-04-02 61440]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-06-21 792184]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-07-18 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2008-07-09 358736]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2008-06-20 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2008-07-09 884360]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2008-07-09 25416]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
R3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-10-14 327680]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2008-06-20 605512]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-23 156656]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2008-07-10 66848]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2008-06-20 361800]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

#4 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:09:21 PM

Posted 17 October 2008 - 02:09 AM

hi dlupin.

Please bear with me as we clean your machine. Please follow the steps below;
  • You have two firewalls working at the same time. This two might conflict with each other.
    Mcafee has an its own firewall. So i suggest to uninstall Zonealarm.

  • Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case Emule and Orbitdownloader). These programms allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

    It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

    It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

    Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

  • Please uninstall the following. Using windows ADD/REMOVE program at the control panel.

    eMule
    Orbitdownloader


    Outdated java runtimes:

    Java忖鈧劲 6 Update 4
    J2SE Runtime Environment 5.0


  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Mark

Edited by mas_pogi, 17 October 2008 - 02:10 AM.


#5 dlupin

dlupin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 17 October 2008 - 02:21 PM

ComboFix 08-10-16.08 - HP_Owner 2008-10-17 18:27:48.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.619 [GMT 1:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\struct~.ini
C:\WINDOWS\system32\BcLUxGgh.ini
C:\WINDOWS\system32\BcLUxGgh.ini2
C:\WINDOWS\system32\bqtlxjwn.ini
C:\WINDOWS\system32\dayfsmdp.dll
C:\WINDOWS\system32\dnidjosj.dll
C:\WINDOWS\system32\gmpotrfl.dll
C:\WINDOWS\system32\hgGxULcB.dll
C:\WINDOWS\system32\iodxbp.dll
C:\WINDOWS\system32\kevxssdt.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nwjxltqb.dll
C:\WINDOWS\system32\pdmsfyad.ini
C:\WINDOWS\system32\qhxmnx.dll
C:\WINDOWS\system32\rhiknywl.dll
C:\WINDOWS\system32\ydbwyf.dll
C:\WINDOWS\Tasks\mkcbcoax.job
C:\WINDOWS\Tasks\oyxqygbo.job
C:\WINDOWS\Tasks\reyfoftw.job
C:\WINDOWS\Tasks\tdbiohew.job
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://77.74.48.101
.
((((((((((((((((((((((((( Files Created from 2008-09-17 to 2008-10-17 )))))))))))))))))))))))))))))))
.

2008-10-16 22:06 . 2008-10-16 22:06 120 --ahs---- C:\WINDOWS\system32\jsojdind.ini
2008-10-15 18:24 . 2008-10-15 18:24 <DIR> d-------- C:\rsit
2008-10-14 17:54 . 2008-10-14 17:54 60,928 --ahs---- C:\WINDOWS\system32\pmnkIApo.dll
2008-10-14 16:50 . 2008-10-14 16:50 60,928 --ahs---- C:\WINDOWS\system32\opnmJCUo.dll
2008-10-14 00:02 . 2008-10-14 00:02 60,928 --ahs---- C:\WINDOWS\system32\khfFYRlm.dll
2008-10-13 23:23 . 2008-10-13 23:23 60,928 --ahs---- C:\WINDOWS\system32\urqOIxUk.dll
2008-10-13 23:08 . 2008-10-13 23:16 1,073 --a------ C:\WINDOWS\wininit.ini
2008-10-13 21:01 . 2008-10-13 21:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-13 20:26 . 2008-07-18 22:10 45,768 --a------ C:\WINDOWS\system32\wups2.dll
2008-10-13 20:05 . 2008-10-13 20:05 <DIR> d-------- C:\Program Files\FileASSASSIN
2008-10-13 20:03 . 2008-10-13 20:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-13 16:52 . 2008-10-13 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-10-13 16:52 . 2008-10-13 16:55 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-10-13 16:51 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-10-11 23:58 . 2008-10-11 23:58 60,928 --ahs---- C:\WINDOWS\system32\urqNFwTL.dll
2008-10-09 18:13 . 2008-10-17 18:23 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\OpenOffice.org2
2008-10-09 17:04 . 2008-10-09 17:05 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-10-09 16:38 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-27 23:57 . 2008-09-27 23:57 <DIR> d-------- C:\WINDOWS\system32\FxsTmp
2008-09-27 14:51 . 2008-10-10 18:08 428 --a------ C:\WINDOWS\zipgenius.xml
2008-09-25 23:07 . 2008-09-25 23:07 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-25 22:44 . 2004-07-17 11:35 67,866 --a------ C:\WINDOWS\system32\drivers\netwlan5.img
2008-09-25 22:43 . 2004-07-17 11:36 64,352 --a------ C:\WINDOWS\system32\drivers\ativmc20.cod
2008-09-25 22:43 . 2006-12-28 20:01 19,569 --a------ C:\WINDOWS\005387_.tmp
2008-09-25 22:20 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-09-25 22:20 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-09-25 22:20 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-09-25 22:20 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-09-25 20:26 . 2008-09-25 20:26 <DIR> d-------- C:\Program Files\3ivx
2008-09-24 21:35 . 2008-05-19 18:16 186,407 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-09-24 21:29 . 2008-10-09 18:27 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2008-09-24 20:18 . 2008-09-24 20:37 <DIR> d-------- C:\Program Files\uusee
2008-09-24 19:02 . 2007-09-14 05:21 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-09-24 19:02 . 2007-09-14 05:21 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-09-24 16:12 . 2003-07-02 01:00 131,072 --a------ C:\WINDOWS\system32\Epcmlib.dll
2008-09-24 16:10 . 1999-08-09 23:50 72 --a------ C:\WINDOWS\system32\epDPE.ini
2008-09-24 16:09 . 2004-02-01 02:00 413,696 --a------ C:\WINDOWS\system32\PICSDK.dll
2008-09-24 16:09 . 2002-11-15 00:00 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll
2008-09-24 16:09 . 2002-11-15 00:00 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll
2008-09-24 16:09 . 2004-02-01 02:00 34,782 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-09-24 16:09 . 2004-02-01 02:00 27,030 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2008-09-24 16:09 . 2004-02-01 02:00 13,230 --a------ C:\WINDOWS\system32\EPPICLocal_EN.cfg
2008-09-24 16:09 . 2004-02-01 02:00 22 --a------ C:\WINDOWS\system32\PICSDK.ini
2008-09-24 16:08 . 2003-07-01 00:00 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
2008-09-24 16:08 . 2003-08-06 00:00 29,184 --a------ C:\WINDOWS\system32\escwiadn.dll
2008-09-24 16:08 . 2003-07-01 00:00 22,528 --a------ C:\WINDOWS\system32\esccmd.dll
2008-09-24 16:06 . 2004-06-04 07:50 4,805 -ra------ C:\WINDOWS\system32\EPIIFEDC.EIF
2008-09-24 16:04 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-09-24 16:04 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-09-24 16:03 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-09-24 16:03 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-09-24 15:46 . 2008-09-24 15:46 <DIR> d-------- C:\Program Files\TechSmith
2008-09-24 15:46 . 2008-09-24 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application DataTechSmith
2008-09-24 15:41 . 2008-10-12 18:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-24 15:34 . 2008-09-24 15:34 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\GRETECH
2008-09-24 15:34 . 2008-09-24 15:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-09-24 15:33 . 2008-09-24 15:33 <DIR> d-------- C:\Program Files\GRETECH
2008-09-24 14:18 . 2008-09-27 21:59 <DIR> d-------- C:\Program Files\Free FLV Converter
2008-09-24 01:04 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
2008-09-23 23:38 . 2008-09-23 23:38 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Creative
2008-09-23 23:12 . 2008-09-25 20:14 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\ZipGenius
2008-09-23 22:49 . 2008-10-17 18:14 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Orbit
2008-09-23 22:49 . 2008-09-23 22:49 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\GrabPro
2008-09-23 22:46 . 2004-08-04 13:00 66,082 --a------ C:\WINDOWS\system32\dllcache\c_10021.nls
2008-09-23 22:46 . 2004-08-04 13:00 66,082 --a------ C:\WINDOWS\system32\c_10021.nls
2008-09-23 22:46 . 2004-08-04 13:00 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2008-09-23 22:46 . 2004-08-04 13:00 6,144 --a------ C:\WINDOWS\system32\dllcache\ftlx041e.dll
2008-09-23 22:34 . 2008-09-23 22:34 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-23 22:30 . 2008-09-23 22:30 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\DAEMON Tools
2008-09-23 22:30 . 2008-09-23 22:30 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-09-23 17:22 . 2008-09-23 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-09-23 17:22 . 2000-05-22 16:58 647,872 --a------ C:\WINDOWS\system32\Mscomct2.ocx
2008-09-23 17:22 . 2006-10-06 14:17 53,248 --------- C:\WINDOWS\Ctregrun.exe
2008-09-23 17:21 . 2008-09-24 01:03 <DIR> d-------- C:\Program Files\Creative
2008-09-23 17:21 . 1999-12-13 09:01 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
2008-09-23 17:21 . 1999-11-18 09:00 25,088 --a------ C:\WINDOWS\system32\CTSVCCTL.EXE
2008-09-23 17:13 . 2008-09-23 17:14 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\ICAClient
2008-09-23 15:52 . 2008-10-15 20:09 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SACore
2008-09-23 15:33 . 2008-09-23 15:33 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Sonic
2008-09-23 15:33 . 2008-09-23 15:33 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Leadertech
2008-09-23 15:24 . 2008-10-17 18:36 6,393 --a------ C:\WINDOWS\system32\Config.MPF
2008-09-23 15:19 . 2008-06-02 14:55 120,136 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-09-23 15:03 . 2008-06-20 05:41 34,152 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-09-23 14:37 . 2008-09-23 14:37 <DIR> d---s---- C:\Documents and Settings\HP_Owner\UserData
2008-09-23 14:24 . 2005-01-02 06:36 <DIR> d-------- C:\Documents and Settings\HP_Owner\WINDOWS
2008-09-23 14:24 . 2008-09-23 14:57 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Symantec
2008-09-23 14:24 . 2005-01-02 06:46 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\SampleView
2008-09-23 14:24 . 2005-01-02 06:36 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2008-09-23 14:24 . 2008-10-15 18:39 <DIR> d-------- C:\Documents and Settings\HP_Owner
2008-09-23 14:24 . 2004-08-04 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-23 14:24 . 2008-09-23 14:24 1,834 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_EC641AA-ABU t3145.uk_YC_0Pavi_QCZB540_E53GBheBLU4_47_IAMETHYST-M_SMSI_V1.0_B3.34_T050831_WXH2_L409_M1023_J250_7AMD_8Athlon 64_92.19_#051026_N10EC8139_Z11C1048C_G10DE0161_OLITE-ON DVDRW SOHW-1633S.MRK
2008-09-23 14:22 . 2005-01-02 06:36 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-09-23 14:22 . 2005-01-02 06:54 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-09-23 14:22 . 2005-01-02 06:46 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
2008-09-23 14:22 . 2005-01-02 06:36 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Apple Computer
2008-09-22 22:34 . 2008-09-22 22:34 <DIR> d-------- C:\Program Files\gblyerd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-17 17:17 --------- d-----w C:\Program Files\Java
2008-10-17 17:13 --------- d-----w C:\Program Files\eMule
2008-10-13 22:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-12 17:49 --------- d-----w C:\Program Files\Lavasoft
2008-10-12 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-30 19:38 --------- d-----w C:\Program Files\StreamerOne
2008-09-30 19:00 --------- d-----w C:\Program Files\VideoLAN
2008-09-30 16:42 --------- d-----w C:\Program Files\McAfee
2008-09-27 22:34 --------- d-----w C:\Program Files\Google
2008-09-24 20:48 --------- d-----w C:\Program Files\THQ
2008-09-24 20:38 --------- d-----w C:\Program Files\Common Files\uusee
2008-09-24 15:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-24 15:11 --------- d-----w C:\Program Files\Smart Panel
2008-09-23 22:14 --------- d-----w C:\Program Files\ZipGenius 6
2008-09-23 14:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-23 14:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-23 14:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-23 13:29 --------- d-----w C:\Program Files\Easy Internet signup
2008-09-23 10:31 --------- d-----w C:\Program Files\SpeedBit Video Accelerator
2008-09-02 23:14 --------- d-----w C:\Program Files\File Shredder
2007-02-18 20:12 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
2006-05-19 23:48 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"CTZDetec.exe"="C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 401408]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB8628"="command" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 61440]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-02 180269]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-14 278528]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 90112]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2008-07-10 5129504]
"EPSON Stylus Photo RX420 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-02 98304]
"Google IME Autoupdater"="C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe" [2008-08-05 308720]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 C:\WINDOWS\ALCXMNTR.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA889"="command" [X]
"SpybotDeletingA8948"="command" [X]
"SpybotDeletingC6415"="del" [X]
"SpybotDeletingA1962"="command" [X]
"SpybotDeletingC271"="del" [X]
"SpybotDeletingA1178"="command" [X]
"SpybotDeletingC6221"="del" [X]
"SpybotDeletingA1425"="command" [X]
"SpybotDeletingC319"="del" [X]
"SpybotDeletingA9409"="command" [X]
"SpybotDeletingA5304"="command" [X]
"SpybotDeletingC3703"="del" [X]
"SpybotDeletingA9927"="command" [X]
"SpybotDeletingC141"="del" [X]
"SpybotDeletingA9618"="command" [X]
"SpybotDeletingC997"="del" [X]
"SpybotDeletingA2486"="command" [X]
"SpybotDeletingC4227"="del" [X]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=qhxmnx.dll iodxbp.dll ydbwyf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"vidc.3IV2"= 3ivxVfWCodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UUSEE]
--a------ 2008-03-20 08:11 976136 C:\Program Files\uusee\UUSeePlayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder

2008-09-23 C:\WINDOWS\Tasks\Easy Internet Sign-up.job
- C:\Program Files\Easy Internet signup\HPSdpApp.exe [2005-03-03 19:04]

2008-09-16 C:\WINDOWS\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-09-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-10-10 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2007-04-19 22:42]

2008-09-18 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2007-06-16 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{29FB1EA9-34A2-40BD-8F2B-23A1EE8AC28E} - (no file)
BHO-{2CCA426D-09E3-4C33-AF24-AF6BD55348F4} - (no file)
BHO-{7358A4DF-E748-430B-8A99-4B4D2912BEEC} - (no file)
BHO-{9E91EF7B-6846-45C3-A8AB-67CF7C900783} - (no file)
BHO-{AD903BA3-BFA7-4E20-89CD-7DBB787DA435} - C:\WINDOWS\system32\hgGxULcB.dll
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.co.uk/
R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q305&bd=pavilion&pf=desktop
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q305&bd=pavilion&pf=desktop
R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q305&bd=pavilion&pf=desktop
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O15 -: Trusted Zone: *.antimalwareguard.com
O15 -: Trusted Zone: *.antispyexpert.com
O15 -: Trusted Zone: *.gomyhit.com
O15 -: Trusted Zone: *.imageservr.com
O15 -: Trusted Zone: *.imagesrvr.com
O15 -: Trusted Zone: *.spyguardpro.com
O15 -: Trusted Zone: *.storageguardsoft.com
O15 -: Trusted Zone: *.antimalwareguard.com
O15 -: Trusted Zone: *.antispyexpert.com
O15 -: Trusted Zone: *.gomyhit.com
O15 -: Trusted Zone: *.imageservr.com
O15 -: Trusted Zone: *.imagesrvr.com
O15 -: Trusted Zone: *.spyguardpro.com
O15 -: Trusted Zone: *.storageguardsoft.com
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-17 18:38:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
-> C:\Program Files\McAfee\SiteAdvisor\saHook.dll
-> ?:\WINDOWS\system32\ATL.DLL
-> ?:\WINDOWS\system32\DSOUND.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
.
**************************************************************************
.
Completion time: 2008-10-17 18:47:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-17 17:47:11

Pre-Run: 9,027,190,784 bytes free
Post-Run: 8,956,612,608 bytes free

326

#6 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:09:21 PM

Posted 18 October 2008 - 03:34 AM

hi.

Please follow the instructions below;
  • 1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:

    EXTRA::

    FILE::
    C:\WINDOWS\system32\jsojdind.ini
    C:\WINDOWS\system32\pmnkIApo.dll
    C:\WINDOWS\system32\pmnkIApo.dll
    C:\WINDOWS\system32\opnmJCUo.dll
    C:\WINDOWS\system32\khfFYRlm.dll
    C:\WINDOWS\system32\urqOIxUk.dll
    C:\WINDOWS\005387_.tmp
    C:\WINDOWS\system32\qhxmnx.dll
    C:\WINDOWS\system32\iodxbp.dll
    C:\WINDOWS\system32\ydbwyf.dll
    C:\WINDOWS\system32\Info.exe

    REGISTRY::
    O15 -: Trusted Zone: *.antimalwareguard.com
    O15 -: Trusted Zone: *.antispyexpert.com
    O15 -: Trusted Zone: *.gomyhit.com
    O15 -: Trusted Zone: *.imageservr.com
    O15 -: Trusted Zone: *.imagesrvr.com
    O15 -: Trusted Zone: *.spyguardpro.com
    O15 -: Trusted Zone: *.storageguardsoft.com
    O15 -: Trusted Zone: *.antimalwareguard.com
    O15 -: Trusted Zone: *.antispyexpert.com
    O15 -: Trusted Zone: *.gomyhit.com
    O15 -: Trusted Zone: *.imageservr.com
    O15 -: Trusted Zone: *.imagesrvr.com
    O15 -: Trusted Zone: *.spyguardpro.com
    O15 -: Trusted Zone: *.storageguardsoft.com
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotDeletingB8628"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AlcxMonitor"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotDeletingA889"=-
    "SpybotDeletingA8948"=-
    "SpybotDeletingC6415"=-
    "SpybotDeletingA1962"=-
    "SpybotDeletingC271"=-
    "SpybotDeletingA1178"=-
    "SpybotDeletingC6221"=-
    "SpybotDeletingA1425"=-
    "SpybotDeletingC319"=-
    "SpybotDeletingA9409"=-
    "SpybotDeletingA5304"=-
    "SpybotDeletingC3703"=-
    "SpybotDeletingA9927"=-
    "SpybotDeletingC141"=-
    "SpybotDeletingA9618"=-
    "SpybotDeletingC997"=-
    "SpybotDeletingA2486"=-
    "SpybotDeletingC4227"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""


    Save this as CFScript.txt, in the same location as ComboFix.exe


    Posted Image

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

  • We need to remove the Flash Drive infector
    • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
    • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    • Wait until it has finished scanning and then exit the program.
    • Reboot your computer when done.
    Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

  • Download ATF Cleaner to your Desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Click Select All found at the bottom of the list.
    • Click the Empty Selected button.
    If you use Firefox browser, do this also:
    • Click Firefox at the top and choose Select All from the list.
    • Click the Empty Selected button.
    • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser, do this also:
    • Click Opera at the top and choose Select All from the list.
    • Close ALL Internet browsers (very important).
    • Click the Empty Selected button.
    • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.

    Notes for Windows Vista users:
    On Windows Vista that "Windows Temp" is disabled, to empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator"
    Prefetch has been disabled on Windows Vista. As I'm not sure the effects that emptying prefetch on Windows Vista will have for the time being it I won't enable that function.


  • Run ESET Online Scan

    Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.
    • Check (tick) this box: YES, I accept the Terms of Use.
    • Click on the Start button next to it.
    • When prompted to run ActiveX. click Yes.
    • You will be asked to install an ActiveX. Click Install.
    • Once installed, the scanner will be initialized.
    • After the scanner is initialized, click Start.
    • Uncheck (untick) Remove found threats box.
    • Check (tick) Scan unwanted applications.
    • Click on Scan.
    • It will start scanning. Please be patient.
    • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
Please post the result of C:\ComboFix.txt and ESET scan.

Mark

#7 dlupin

dlupin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 18 October 2008 - 12:48 PM

ComboFix 08-10-16.08 - HP_Owner 2008-10-18 14:46:19.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.501 [GMT 1:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\005387_.tmp
C:\WINDOWS\system32\Info.exe
C:\WINDOWS\system32\iodxbp.dll
C:\WINDOWS\system32\jsojdind.ini
C:\WINDOWS\system32\khfFYRlm.dll
C:\WINDOWS\system32\opnmJCUo.dll
C:\WINDOWS\system32\pmnkIApo.dll
C:\WINDOWS\system32\qhxmnx.dll
C:\WINDOWS\system32\urqOIxUk.dll
C:\WINDOWS\system32\ydbwyf.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\005387_.tmp
C:\WINDOWS\system32\jsojdind.ini

.
((((((((((((((((((((((((( Files Created from 2008-09-18 to 2008-10-18 )))))))))))))))))))))))))))))))
.

2008-10-17 20:29 . 2008-08-14 11:00 2,180,352 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-17 20:29 . 2008-08-14 10:58 2,136,064 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-17 20:29 . 2008-08-14 10:22 2,057,728 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-17 20:29 . 2008-08-14 10:22 2,015,744 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-17 20:29 . 2008-06-13 14:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-10-17 20:29 . 2008-06-13 14:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-17 20:24 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-10-15 18:24 . 2008-10-15 18:24 <DIR> d-------- C:\rsit
2008-10-13 23:08 . 2008-10-13 23:16 1,073 --a------ C:\WINDOWS\wininit.ini
2008-10-13 21:01 . 2008-10-13 21:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-13 20:26 . 2008-07-18 22:10 45,768 --a------ C:\WINDOWS\system32\wups2.dll
2008-10-13 20:05 . 2008-10-13 20:05 <DIR> d-------- C:\Program Files\FileASSASSIN
2008-10-13 20:03 . 2008-10-13 20:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-13 16:52 . 2008-10-13 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-10-13 16:52 . 2008-10-13 16:55 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-10-13 16:51 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-10-09 18:13 . 2008-10-18 14:24 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\OpenOffice.org2
2008-10-09 17:04 . 2008-10-09 17:05 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-10-09 16:38 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-27 23:57 . 2008-09-27 23:57 <DIR> d-------- C:\WINDOWS\system32\FxsTmp
2008-09-27 14:51 . 2008-10-10 18:08 428 --a------ C:\WINDOWS\zipgenius.xml
2008-09-25 23:07 . 2008-09-25 23:07 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-25 22:44 . 2004-07-17 11:35 67,866 --a------ C:\WINDOWS\system32\drivers\netwlan5.img
2008-09-25 22:43 . 2004-07-17 11:36 64,352 --a------ C:\WINDOWS\system32\drivers\ativmc20.cod
2008-09-25 22:20 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-09-25 22:20 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-09-25 22:20 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-09-25 22:20 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-09-25 20:26 . 2008-09-25 20:26 <DIR> d-------- C:\Program Files\3ivx
2008-09-24 21:35 . 2008-05-19 18:16 186,407 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-09-24 21:29 . 2008-10-09 18:27 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2008-09-24 20:18 . 2008-09-24 20:37 <DIR> d-------- C:\Program Files\uusee
2008-09-24 19:02 . 2007-09-14 05:21 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-09-24 19:02 . 2007-09-14 05:21 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-09-24 16:12 . 2003-07-02 01:00 131,072 --a------ C:\WINDOWS\system32\Epcmlib.dll
2008-09-24 16:10 . 1999-08-09 23:50 72 --a------ C:\WINDOWS\system32\epDPE.ini
2008-09-24 16:09 . 2004-02-01 02:00 413,696 --a------ C:\WINDOWS\system32\PICSDK.dll
2008-09-24 16:09 . 2002-11-15 00:00 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll
2008-09-24 16:09 . 2002-11-15 00:00 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll
2008-09-24 16:09 . 2004-02-01 02:00 34,782 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-09-24 16:09 . 2004-02-01 02:00 27,030 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2008-09-24 16:09 . 2004-02-01 02:00 13,230 --a------ C:\WINDOWS\system32\EPPICLocal_EN.cfg
2008-09-24 16:09 . 2004-02-01 02:00 22 --a------ C:\WINDOWS\system32\PICSDK.ini
2008-09-24 16:08 . 2003-07-01 00:00 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
2008-09-24 16:08 . 2003-08-06 00:00 29,184 --a------ C:\WINDOWS\system32\escwiadn.dll
2008-09-24 16:08 . 2003-07-01 00:00 22,528 --a------ C:\WINDOWS\system32\esccmd.dll
2008-09-24 16:06 . 2004-06-04 07:50 4,805 -ra------ C:\WINDOWS\system32\EPIIFEDC.EIF
2008-09-24 16:04 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-09-24 16:04 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-09-24 16:03 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-09-24 16:03 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-09-24 15:46 . 2008-09-24 15:46 <DIR> d-------- C:\Program Files\TechSmith
2008-09-24 15:46 . 2008-09-24 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application DataTechSmith
2008-09-24 15:41 . 2008-10-12 18:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-24 15:34 . 2008-09-24 15:34 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\GRETECH
2008-09-24 15:34 . 2008-09-24 15:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-09-24 15:33 . 2008-09-24 15:33 <DIR> d-------- C:\Program Files\GRETECH
2008-09-24 14:18 . 2008-09-27 21:59 <DIR> d-------- C:\Program Files\Free FLV Converter
2008-09-24 01:04 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
2008-09-23 23:38 . 2008-09-23 23:38 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Creative
2008-09-23 23:12 . 2008-09-25 20:14 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\ZipGenius
2008-09-23 22:49 . 2008-10-17 18:14 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Orbit
2008-09-23 22:49 . 2008-09-23 22:49 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\GrabPro
2008-09-23 22:46 . 2004-08-04 13:00 66,082 --a------ C:\WINDOWS\system32\dllcache\c_10021.nls
2008-09-23 22:46 . 2004-08-04 13:00 66,082 --a------ C:\WINDOWS\system32\c_10021.nls
2008-09-23 22:46 . 2004-08-04 13:00 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2008-09-23 22:46 . 2004-08-04 13:00 6,144 --a------ C:\WINDOWS\system32\dllcache\ftlx041e.dll
2008-09-23 22:34 . 2008-09-23 22:34 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-23 22:30 . 2008-09-23 22:30 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\DAEMON Tools
2008-09-23 22:30 . 2008-09-23 22:30 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-09-23 17:22 . 2008-09-23 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-09-23 17:22 . 2000-05-22 16:58 647,872 --a------ C:\WINDOWS\system32\Mscomct2.ocx
2008-09-23 17:22 . 2006-10-06 14:17 53,248 --------- C:\WINDOWS\Ctregrun.exe
2008-09-23 17:21 . 2008-09-24 01:03 <DIR> d-------- C:\Program Files\Creative
2008-09-23 17:21 . 1999-12-13 09:01 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
2008-09-23 17:21 . 1999-11-18 09:00 25,088 --a------ C:\WINDOWS\system32\CTSVCCTL.EXE
2008-09-23 17:13 . 2008-09-23 17:14 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\ICAClient
2008-09-23 15:52 . 2008-10-15 20:09 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SACore
2008-09-23 15:33 . 2008-09-23 15:33 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Sonic
2008-09-23 15:33 . 2008-09-23 15:33 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Leadertech
2008-09-23 15:24 . 2008-10-18 14:24 7,049 --a------ C:\WINDOWS\system32\Config.MPF
2008-09-23 15:19 . 2008-06-02 14:55 120,136 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-09-23 15:03 . 2008-06-20 05:41 34,152 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-09-23 14:37 . 2008-09-23 14:37 <DIR> d---s---- C:\Documents and Settings\HP_Owner\UserData
2008-09-23 14:24 . 2005-01-02 06:36 <DIR> d-------- C:\Documents and Settings\HP_Owner\WINDOWS
2008-09-23 14:24 . 2008-09-23 14:57 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Symantec
2008-09-23 14:24 . 2005-01-02 06:46 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\SampleView
2008-09-23 14:24 . 2005-01-02 06:36 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2008-09-23 14:24 . 2008-10-15 18:39 <DIR> d-------- C:\Documents and Settings\HP_Owner
2008-09-23 14:24 . 2004-08-04 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-23 14:24 . 2008-09-23 14:24 1,834 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_EC641AA-ABU t3145.uk_YC_0Pavi_QCZB540_E53GBheBLU4_47_IAMETHYST-M_SMSI_V1.0_B3.34_T050831_WXH2_L409_M1023_J250_7AMD_8Athlon 64_92.19_#051026_N10EC8139_Z11C1048C_G10DE0161_OLITE-ON DVDRW SOHW-1633S.MRK
2008-09-23 14:22 . 2005-01-02 06:36 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-09-23 14:22 . 2005-01-02 06:54 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-09-23 14:22 . 2005-01-02 06:46 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
2008-09-23 14:22 . 2005-01-02 06:36 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Apple Computer
2008-09-22 22:34 . 2008-09-22 22:34 <DIR> d-------- C:\Program Files\gblyerd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-17 17:17 --------- d-----w C:\Program Files\Java
2008-10-17 17:13 --------- d-----w C:\Program Files\eMule
2008-10-14 17:00 56,202 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_10_14_17_51_04_small.dmp.zip
2008-10-14 17:00 55,542 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_10_14_17_51_15_small.dmp.zip
2008-10-14 16:59 48,826 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_10_14_17_50_46_small.dmp.zip
2008-10-13 22:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-12 17:49 --------- d-----w C:\Program Files\Lavasoft
2008-10-12 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-30 19:38 --------- d-----w C:\Program Files\StreamerOne
2008-09-30 19:00 --------- d-----w C:\Program Files\VideoLAN
2008-09-30 16:42 --------- d-----w C:\Program Files\McAfee
2008-09-27 22:34 --------- d-----w C:\Program Files\Google
2008-09-25 22:09 45,056 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-09-25 22:09 44,032 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-09-24 20:48 --------- d-----w C:\Program Files\THQ
2008-09-24 20:38 --------- d-----w C:\Program Files\Common Files\uusee
2008-09-24 15:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-24 15:11 --------- d-----w C:\Program Files\Smart Panel
2008-09-23 22:14 --------- d-----w C:\Program Files\ZipGenius 6
2008-09-23 14:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-23 14:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-23 14:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-23 13:29 --------- d-----w C:\Program Files\Easy Internet signup
2008-09-23 10:31 --------- d-----w C:\Program Files\SpeedBit Video Accelerator
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-09-13 03:30 266,240 ----a-w C:\WINDOWS\system32\TubeFinder.exe
2008-09-02 23:14 --------- d-----w C:\Program Files\File Shredder
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\dllcache\srv.sys
2008-08-19 09:30 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-08-14 10:00 2,180,352 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:51 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-08-14 09:22 2,057,728 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-02-18 20:12 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
2006-05-19 23:48 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"CTZDetec.exe"="C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 401408]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 61440]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-02 180269]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-14 278528]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 90112]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2008-07-10 5129504]
"EPSON Stylus Photo RX420 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-02 98304]
"Google IME Autoupdater"="C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe" [2008-08-05 308720]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"vidc.3IV2"= 3ivxVfWCodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UUSEE]
--a------ 2008-03-20 08:11 976136 C:\Program Files\uusee\UUSeePlayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
.
Contents of the 'Scheduled Tasks' folder

2008-09-23 C:\WINDOWS\Tasks\Easy Internet Sign-up.job
- C:\Program Files\Easy Internet signup\HPSdpApp.exe [2005-03-03 19:04]

2008-09-16 C:\WINDOWS\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-09-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-10-10 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2007-04-19 22:42]

2008-09-18 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2007-06-16 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.co.uk/
R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q305&bd=pavilion&pf=desktop
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q305&bd=pavilion&pf=desktop
R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q305&bd=pavilion&pf=desktop
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-18 14:52:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-10-18 14:56:24
ComboFix-quarantined-files.txt 2008-10-18 13:55:21
ComboFix2.txt 2008-10-17 17:47:20

Pre-Run: 8,172,134,400 bytes free
Post-Run: 8,407,056,384 bytes free

263 --- E O F --- 2008-10-17 19:38:29


ESET SCAN LOG:


# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3534 (20081018)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.060 (20070601)
# EOSSerial=fbcc16e93e9ad246aceb4bc4c33dde07
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-10-18 05:23:06
# local_time=2008-10-18 06:23:06 (+0000, GMT Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=824323
# found=0
# scan_time=11268

#8 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:09:21 PM

Posted 18 October 2008 - 07:21 PM

hi.

How's your computer now?

Mark

#9 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:09:21 PM

Posted 19 October 2008 - 03:40 AM

hi.


Lets continue. :thumbsup:
  • Copy and paste the following text into Notepad: ( if you have set these, ignore instruction #1 and #2)

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"="dword:00000000"
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"="dword:00000000"
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"="dword:00000000"


    Save this as "fixme.reg" . Choose to save as *all files and place it on your Desktop.
    Double-click fixme.reg

  • Reboot your computer in normal mode

  • Run again HijackThis and Click Do a system scan only. Then post your log in your next reply.

  • Please delete this file,

    C:\WINDOWS\Tasks\Norton Security Scan.job

  • Please download Malwarebytes Anti-Malware and save it to your desktop.
    • Make sure you are connected to the Internet.
    • Double-click on mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
In your reply, please post the result of MBAM and fresh hijackthis log.

Mark

Edited by mas_pogi, 19 October 2008 - 03:44 AM.


#10 dlupin

dlupin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 19 October 2008 - 08:54 AM

ComboFix 08-10-16.08 - HP_Owner 2008-10-18 14:46:19.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.501 [GMT 1:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\005387_.tmp
C:\WINDOWS\system32\Info.exe
C:\WINDOWS\system32\iodxbp.dll
C:\WINDOWS\system32\jsojdind.ini
C:\WINDOWS\system32\khfFYRlm.dll
C:\WINDOWS\system32\opnmJCUo.dll
C:\WINDOWS\system32\pmnkIApo.dll
C:\WINDOWS\system32\qhxmnx.dll
C:\WINDOWS\system32\urqOIxUk.dll
C:\WINDOWS\system32\ydbwyf.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\005387_.tmp
C:\WINDOWS\system32\jsojdind.ini

.
((((((((((((((((((((((((( Files Created from 2008-09-18 to 2008-10-18 )))))))))))))))))))))))))))))))
.

2008-10-17 20:29 . 2008-08-14 11:00 2,180,352 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-17 20:29 . 2008-08-14 10:58 2,136,064 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-17 20:29 . 2008-08-14 10:22 2,057,728 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-17 20:29 . 2008-08-14 10:22 2,015,744 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-17 20:29 . 2008-06-13 14:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-10-17 20:29 . 2008-06-13 14:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-17 20:24 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-10-15 18:24 . 2008-10-15 18:24 <DIR> d-------- C:\rsit
2008-10-13 23:08 . 2008-10-13 23:16 1,073 --a------ C:\WINDOWS\wininit.ini
2008-10-13 21:01 . 2008-10-13 21:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-13 20:26 . 2008-07-18 22:10 45,768 --a------ C:\WINDOWS\system32\wups2.dll
2008-10-13 20:05 . 2008-10-13 20:05 <DIR> d-------- C:\Program Files\FileASSASSIN
2008-10-13 20:03 . 2008-10-13 20:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-13 16:52 . 2008-10-13 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-10-13 16:52 . 2008-10-13 16:55 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-10-13 16:51 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-10-09 18:13 . 2008-10-18 14:24 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\OpenOffice.org2
2008-10-09 17:04 . 2008-10-09 17:05 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-10-09 16:38 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-27 23:57 . 2008-09-27 23:57 <DIR> d-------- C:\WINDOWS\system32\FxsTmp
2008-09-27 14:51 . 2008-10-10 18:08 428 --a------ C:\WINDOWS\zipgenius.xml
2008-09-25 23:07 . 2008-09-25 23:07 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-25 22:44 . 2004-07-17 11:35 67,866 --a------ C:\WINDOWS\system32\drivers\netwlan5.img
2008-09-25 22:43 . 2004-07-17 11:36 64,352 --a------ C:\WINDOWS\system32\drivers\ativmc20.cod
2008-09-25 22:20 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-09-25 22:20 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-09-25 22:20 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-09-25 22:20 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-09-25 20:26 . 2008-09-25 20:26 <DIR> d-------- C:\Program Files\3ivx
2008-09-24 21:35 . 2008-05-19 18:16 186,407 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-09-24 21:29 . 2008-10-09 18:27 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2008-09-24 20:18 . 2008-09-24 20:37 <DIR> d-------- C:\Program Files\uusee
2008-09-24 19:02 . 2007-09-14 05:21 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-09-24 19:02 . 2007-09-14 05:21 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-09-24 16:12 . 2003-07-02 01:00 131,072 --a------ C:\WINDOWS\system32\Epcmlib.dll
2008-09-24 16:10 . 1999-08-09 23:50 72 --a------ C:\WINDOWS\system32\epDPE.ini
2008-09-24 16:09 . 2004-02-01 02:00 413,696 --a------ C:\WINDOWS\system32\PICSDK.dll
2008-09-24 16:09 . 2002-11-15 00:00 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll
2008-09-24 16:09 . 2002-11-15 00:00 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll
2008-09-24 16:09 . 2004-02-01 02:00 34,782 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-09-24 16:09 . 2004-02-01 02:00 27,030 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2008-09-24 16:09 . 2004-02-01 02:00 13,230 --a------ C:\WINDOWS\system32\EPPICLocal_EN.cfg
2008-09-24 16:09 . 2004-02-01 02:00 22 --a------ C:\WINDOWS\system32\PICSDK.ini
2008-09-24 16:08 . 2003-07-01 00:00 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
2008-09-24 16:08 . 2003-08-06 00:00 29,184 --a------ C:\WINDOWS\system32\escwiadn.dll
2008-09-24 16:08 . 2003-07-01 00:00 22,528 --a------ C:\WINDOWS\system32\esccmd.dll
2008-09-24 16:06 . 2004-06-04 07:50 4,805 -ra------ C:\WINDOWS\system32\EPIIFEDC.EIF
2008-09-24 16:04 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-09-24 16:04 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-09-24 16:03 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-09-24 16:03 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-09-24 15:46 . 2008-09-24 15:46 <DIR> d-------- C:\Program Files\TechSmith
2008-09-24 15:46 . 2008-09-24 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application DataTechSmith
2008-09-24 15:41 . 2008-10-12 18:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-24 15:34 . 2008-09-24 15:34 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\GRETECH
2008-09-24 15:34 . 2008-09-24 15:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-09-24 15:33 . 2008-09-24 15:33 <DIR> d-------- C:\Program Files\GRETECH
2008-09-24 14:18 . 2008-09-27 21:59 <DIR> d-------- C:\Program Files\Free FLV Converter
2008-09-24 01:04 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
2008-09-23 23:38 . 2008-09-23 23:38 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Creative
2008-09-23 23:12 . 2008-09-25 20:14 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\ZipGenius
2008-09-23 22:49 . 2008-10-17 18:14 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Orbit
2008-09-23 22:49 . 2008-09-23 22:49 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\GrabPro
2008-09-23 22:46 . 2004-08-04 13:00 66,082 --a------ C:\WINDOWS\system32\dllcache\c_10021.nls
2008-09-23 22:46 . 2004-08-04 13:00 66,082 --a------ C:\WINDOWS\system32\c_10021.nls
2008-09-23 22:46 . 2004-08-04 13:00 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2008-09-23 22:46 . 2004-08-04 13:00 6,144 --a------ C:\WINDOWS\system32\dllcache\ftlx041e.dll
2008-09-23 22:34 . 2008-09-23 22:34 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-23 22:30 . 2008-09-23 22:30 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\DAEMON Tools
2008-09-23 22:30 . 2008-09-23 22:30 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-09-23 17:22 . 2008-09-23 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-09-23 17:22 . 2000-05-22 16:58 647,872 --a------ C:\WINDOWS\system32\Mscomct2.ocx
2008-09-23 17:22 . 2006-10-06 14:17 53,248 --------- C:\WINDOWS\Ctregrun.exe
2008-09-23 17:21 . 2008-09-24 01:03 <DIR> d-------- C:\Program Files\Creative
2008-09-23 17:21 . 1999-12-13 09:01 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
2008-09-23 17:21 . 1999-11-18 09:00 25,088 --a------ C:\WINDOWS\system32\CTSVCCTL.EXE
2008-09-23 17:13 . 2008-09-23 17:14 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\ICAClient
2008-09-23 15:52 . 2008-10-15 20:09 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SACore
2008-09-23 15:33 . 2008-09-23 15:33 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Sonic
2008-09-23 15:33 . 2008-09-23 15:33 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Leadertech
2008-09-23 15:24 . 2008-10-18 14:24 7,049 --a------ C:\WINDOWS\system32\Config.MPF
2008-09-23 15:19 . 2008-06-02 14:55 120,136 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-09-23 15:03 . 2008-06-20 05:41 34,152 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-09-23 14:37 . 2008-09-23 14:37 <DIR> d---s---- C:\Documents and Settings\HP_Owner\UserData
2008-09-23 14:24 . 2005-01-02 06:36 <DIR> d-------- C:\Documents and Settings\HP_Owner\WINDOWS
2008-09-23 14:24 . 2008-09-23 14:57 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Symantec
2008-09-23 14:24 . 2005-01-02 06:46 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\SampleView
2008-09-23 14:24 . 2005-01-02 06:36 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2008-09-23 14:24 . 2008-10-15 18:39 <DIR> d-------- C:\Documents and Settings\HP_Owner
2008-09-23 14:24 . 2004-08-04 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-23 14:24 . 2008-09-23 14:24 1,834 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_EC641AA-ABU t3145.uk_YC_0Pavi_QCZB540_E53GBheBLU4_47_IAMETHYST-M_SMSI_V1.0_B3.34_T050831_WXH2_L409_M1023_J250_7AMD_8Athlon 64_92.19_#051026_N10EC8139_Z11C1048C_G10DE0161_OLITE-ON DVDRW SOHW-1633S.MRK
2008-09-23 14:22 . 2005-01-02 06:36 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-09-23 14:22 . 2005-01-02 06:54 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-09-23 14:22 . 2005-01-02 06:46 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
2008-09-23 14:22 . 2005-01-02 06:36 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Apple Computer
2008-09-22 22:34 . 2008-09-22 22:34 <DIR> d-------- C:\Program Files\gblyerd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-17 17:17 --------- d-----w C:\Program Files\Java
2008-10-17 17:13 --------- d-----w C:\Program Files\eMule
2008-10-14 17:00 56,202 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_10_14_17_51_04_small.dmp.zip
2008-10-14 17:00 55,542 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_10_14_17_51_15_small.dmp.zip
2008-10-14 16:59 48,826 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_10_14_17_50_46_small.dmp.zip
2008-10-13 22:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-12 17:49 --------- d-----w C:\Program Files\Lavasoft
2008-10-12 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-30 19:38 --------- d-----w C:\Program Files\StreamerOne
2008-09-30 19:00 --------- d-----w C:\Program Files\VideoLAN
2008-09-30 16:42 --------- d-----w C:\Program Files\McAfee
2008-09-27 22:34 --------- d-----w C:\Program Files\Google
2008-09-25 22:09 45,056 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-09-25 22:09 44,032 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-09-24 20:48 --------- d-----w C:\Program Files\THQ
2008-09-24 20:38 --------- d-----w C:\Program Files\Common Files\uusee
2008-09-24 15:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-24 15:11 --------- d-----w C:\Program Files\Smart Panel
2008-09-23 22:14 --------- d-----w C:\Program Files\ZipGenius 6
2008-09-23 14:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-23 14:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-23 14:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-23 13:29 --------- d-----w C:\Program Files\Easy Internet signup
2008-09-23 10:31 --------- d-----w C:\Program Files\SpeedBit Video Accelerator
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-09-13 03:30 266,240 ----a-w C:\WINDOWS\system32\TubeFinder.exe
2008-09-02 23:14 --------- d-----w C:\Program Files\File Shredder
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\dllcache\srv.sys
2008-08-19 09:30 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-08-14 10:00 2,180,352 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:51 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-08-14 09:22 2,057,728 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-02-18 20:12 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
2006-05-19 23:48 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"CTZDetec.exe"="C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 401408]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 61440]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-02 180269]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-14 278528]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 90112]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2008-07-10 5129504]
"EPSON Stylus Photo RX420 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-02 98304]
"Google IME Autoupdater"="C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe" [2008-08-05 308720]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"vidc.3IV2"= 3ivxVfWCodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UUSEE]
--a------ 2008-03-20 08:11 976136 C:\Program Files\uusee\UUSeePlayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
.
Contents of the 'Scheduled Tasks' folder

2008-09-23 C:\WINDOWS\Tasks\Easy Internet Sign-up.job
- C:\Program Files\Easy Internet signup\HPSdpApp.exe [2005-03-03 19:04]

2008-09-16 C:\WINDOWS\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-09-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-10-10 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2007-04-19 22:42]

2008-09-18 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2007-06-16 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.co.uk/
R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q305&bd=pavilion&pf=desktop
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q305&bd=pavilion&pf=desktop
R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q305&bd=pavilion&pf=desktop
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-18 14:52:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-10-18 14:56:24
ComboFix-quarantined-files.txt 2008-10-18 13:55:21
ComboFix2.txt 2008-10-17 17:47:20

Pre-Run: 8,172,134,400 bytes free
Post-Run: 8,407,056,384 bytes free

263 --- E O F --- 2008-10-17 19:38:29



**********************************************************************************************************************************

Malwarebytes' Anti-Malware 1.29
Database version: 1288
Windows 5.1.2600 Service Pack 2

10/19/2008 2:50:55 PM
mbam-log-2008-10-19 (14-50-55).txt

Scan type: Quick Scan
Objects scanned: 56085
Time elapsed: 7 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#11 dlupin

dlupin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 19 October 2008 - 08:57 AM

Sorry, in previous reply I added Combo fix log instead of hijack...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:56:10 PM, on 10/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\windows\system\hpsysdrv.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA889] command /c del "C:\WINDOWS\FVProtect.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8948] command /c del "C:\WINDOWS\userconfig9x.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6415] cmd /c del "C:\WINDOWS\userconfig9x.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1962] command /c del "C:\WINDOWS\zip1.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingC271] cmd /c del "C:\WINDOWS\zip1.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1178] command /c del "C:\WINDOWS\zip2.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6221] cmd /c del "C:\WINDOWS\zip2.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1425] command /c del "C:\WINDOWS\zip3.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingC319] cmd /c del "C:\WINDOWS\zip3.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9409] command /c del "C:\WINDOWS\zipped.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5304] command /c del "C:\WINDOWS\iTunesMusic.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3703] cmd /c del "C:\WINDOWS\iTunesMusic.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9927] command /c del "C:\WINDOWS\winsystem.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC141] cmd /c del "C:\WINDOWS\winsystem.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9618] command /c del "C:\WINDOWS\a.bat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC997] cmd /c del "C:\WINDOWS\a.bat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2486] command /c del "C:\WINDOWS\base64.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4227] cmd /c del "C:\WINDOWS\base64.tmp"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8628] command /c del "C:\WINDOWS\userconfig9x.dll"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1223925902781
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 13035 bytes

#12 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:09:21 PM

Posted 19 October 2008 - 09:02 AM

hi.


NP :thumbsup:


How's you computer right now?
Any other issues? For sure...I think your computer is reinfected. :)

Mark

--edit

Edited by mas_pogi, 19 October 2008 - 09:06 AM.


#13 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:09:21 PM

Posted 19 October 2008 - 09:25 AM

-----------------------

Edited by mas_pogi, 19 October 2008 - 11:58 PM.


#14 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:09:21 PM

Posted 19 October 2008 - 11:10 AM

hi.

Let clean it again. I want to warn you that the infection you have now came from peer to peer networking.
Programs and related to it might be the cause of problem.


Please follow the instructions below;
  • Please download Stinger from here.
    Then save it to your desktop.
    • Locate Posted Image Double click it.
    • The Stinger interface will be displayed.
    • If necessary, click the Add or Browse button to add additional drives/directories to scan. By default the C: drive will be scanned
    • Click the Scan Now button to begin scanning the specified drives/directories
    • Let stinger repair your system
    After it is finished,
    Goto FILE>Save report to a file
    It will show you where it save the log StingerXXXXXXX.txt. Open the log from there, then post it back here.

  • Disable running Teatimer.
    I suggest you to disable it because it can interfere with the changes you'll make on your system.
    When everything is done and your log is clean again, you can enable it again.
    If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

    How to disable TeaTimer <== click me for instructions.
    After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").
    Doubleclick ResetTeaTimer.bat and let it run.
    This will only take a few seconds.

  • Run HijackThis icon in your desktop by double-clicking it.
    Then do press "Do a System Scan Only".

    When the scan is complete place a check mark next to the following entries:

    O4 - HKLM\..\RunOnce: [SpybotDeletingA889] command /c del "C:\WINDOWS\FVProtect.exe"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8948] command /c del "C:\WINDOWS\userconfig9x.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6415] cmd /c del "C:\WINDOWS\userconfig9x.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1962] command /c del "C:\WINDOWS\zip1.tmp"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC271] cmd /c del "C:\WINDOWS\zip1.tmp"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1178] command /c del "C:\WINDOWS\zip2.tmp"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6221] cmd /c del "C:\WINDOWS\zip2.tmp"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1425] command /c del "C:\WINDOWS\zip3.tmp"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC319] cmd /c del "C:\WINDOWS\zip3.tmp"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9409] command /c del "C:\WINDOWS\zipped.tmp"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5304] command /c del "C:\WINDOWS\iTunesMusic.exe"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3703] cmd /c del "C:\WINDOWS\iTunesMusic.exe"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9927] command /c del "C:\WINDOWS\winsystem.exe"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC141] cmd /c del "C:\WINDOWS\winsystem.exe"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9618] command /c del "C:\WINDOWS\a.bat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC997] cmd /c del "C:\WINDOWS\a.bat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2486] command /c del "C:\WINDOWS\base64.tmp"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4227] cmd /c del "C:\WINDOWS\base64.tmp"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8628] command /c del "C:\WINDOWS\userconfig9x.dll"

    After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked."

  • Reboot your computer in normal mode.

  • Run ESET Online Scan

    Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.
    • Check (tick) this box: YES, I accept the Terms of Use.
    • Click on the Start button next to it.
    • When prompted to run ActiveX. click Yes.
    • You will be asked to install an ActiveX. Click Install.
    • Once installed, the scanner will be initialized.
    • After the scanner is initialized, click Start.
    • Uncheck (untick) Remove found threats box.
    • Check (tick) Scan unwanted applications.
    • Click on Scan.
    • It will start scanning. Please be patient.
    • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
    • Run random's system information tool (RSIT) again from your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

In your reply, please post back the

result of ESET scanner
Stinger result
RSIT's log.txt and info.txt




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users